I have an old vCenter that was running a general maintenance (GM) version of 7.0. It had a PSC VM for authentication at some point, but it is now “gone.” This is a development lab machine, so I upgraded it to 7.0.3 before planning to move to version 8. The 7.0.3 upgrade went smoothly until I discovered there was a PSC replication partner that had been deleted about two years ago. Naturally, I panicked a bit, but then I realized I could log in with the PSC administrator@ account, indicating that authentication was still functioning.
Step 1: Confirm Embedded PSC Mode
SSH into the VCSA and run:/usr/lib/vmware-vmafd/bin/vmafd-cli get-ls-location --server-name localhost
This should return the local vCenter as the lookup service—confirming it’s not relying on the old PSC.
Step 2: Remove the Stale PSC Entry
Since the PSC is long gone, you can clean up its reference using the vdcrepadmin tool:
a. List current replication partners:/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartners -h localhost -u [email protected] -w 'your_password'
b. Remove the stale PSC:cmsso-util unregister --node-pnid old-psc.example.local --username [email protected] --passwd 'VMware1!'
Optional: Clean Up Certificates
If the old PSC was ever part of the certificate authority chain, you might want to check:
/usr/lib/vmware-vmca/bin/certool –getrootca
If you see any certs referencing the dead PSC, you can regenerate the root chain or just leave it if it’s not causing issues.
