vSphere 5.5 Install Pt. 13: Install Inventory Svc

10-12-2013 11-53-39 AM The vCenter inventory service has two primary purposes in life. First, it’s a cache of objects which the web client accesses. This cache enables the offloading of retrieving objects from the vCenter core service (vpxd). This can also lessen the load on your back-end database if the vCenter service isn’t constantly doing queries (most of which are reads). The legacy Windows VI client does not use the inventory service, which is why it can get pokey in very large environments. It also has an effect of reducing vCenter CPU utilization, allowing more client sessions.

Following VMware’s new guidance for vCenter 5.5, we are installing the inventory service on the same VM as vCenter. You should KISS your vCenter folks. In this post we will install the inventory service and secure it with a trusted SSL certificate.

Blog Series

SQL 2012 AlwaysOn Failover Cluster for vCenter
vSphere 5.5 Install Pt. 1: Introduction 
vSphere 5.5 Install Pt. 2: SSO 5.5 Reborn 

vSphere 5.5 Install Pt. 3: vCenter Upgrade Best Practices and Tips
vSphere 5.5 Install Pt. 4: ESXi 5.5 Upgrade Best Practices and Tips 
vSphere 5.5 Install Pt. 5: SSL Deep Dive
vSphere 5.5 Install Pt. 6: SSL Certificate Template
vSphere 5.5 Install Pt. 7: Install SSO
vSphere 5.5 Install Pt. 8: Online SSL Minting
vSphere 5.5 Install Pt. 9: Offline SSL Minting 
vSphere 5.5 Install Pt. 10: Update SSO Certificate
vSphere 5.5 Install Pt. 11: Install Web Client
vSphere 5.5 Install Pt. 12: Configure SSO
vSphere 5.5 Install Pt. 13: Install Inventory Service
vSphere 5.5 Install Pt. 14: Create Databases
vSphere 5.5 Install Pt. 15: Install vCenter
vSphere 5.5 Install Pt. 16: vCenter SSL
vSphere 5.5 Install Pt. 17: Install VUM
vSphere 5.5 Install Pt. 18: VUM SSL
vSphere 5.5 Install Pt. 19: ESXi SSL Certificate

Permalink to this series: vexpert.me/Derek55
Permalink to the Toolkit script: vexpert.me/toolkit55

Install Inventory Service

1. Mount the vCenter ISO if it’s not still mounted from the previous installs. Start the installer and select the vCenter Inventory Service.

10-12-2013 11-58-27 AM

2. Click through the wizard until you get to the Destination Folder. Because the web client only works on the C drive, I’ve resigned myself to putting everything on the C drive. So I left this the default.

10-12-2013 12-06-33 PM

3. Validate that the FQDN of the local server is correct.

10-12-2013 12-12-37 PM

4. I’d leave all the default port numbers.

10-12-2013 12-13-48 PM

5. The JVM memory will greatly depend on your environment. Do not skimp here, as memory is critical for performance. Remember to possibly adjust your vCenter VM’s memory here if you select medium or large. vCenter 5.5 all-in-one servers LOVE memory.

10-12-2013 12-15-17 PM

6. Enter your vCenter SSO password and validate the lookup service URL is correct.

10-12-2013 12-16-50 PM

7. Just like the web client it presents the thumbprint of your SSO SSL certificate. That’s the same value as before, so I’m not going to cover how to look it up again.

10-12-2013 12-19-21 PM

8. At this point a Ready to Install box should appear. Click Install and wait a few minutes.

Automated Inventory Service SSL

Note: I’m assuming here you are following this guide to the letter and replacing SSL certificates as we go. By doing this we can skip some steps in the VMware tool that are needed if doing SSL replacement post-full installs. If you are replacing certs at the end of a complete vCenter install, you must follow the planner steps in the VMware tool.

1. Open elevated command prompt (not PowerShell) and launch the VMware SSL replacement tool. Select Option 4 from the main menu.

10-12-2013 12-42-45 PM

2. All we need to do here is update the SSL certificate.

10-12-2013 12-44-44 PM

3. If everything goes well, it will successfully replace the certificate.

10-12-2013 12-49-47 PM

4. To validate the certificate has been updated you can go to https://YourvCenterServer:10443. You will see a ‘HTTP status 400 – Bad Request” but that’s normal since we didn’t pass it any data. What counts is that it responds, and that the cert is trusted. If you get some other error or the certificate is wrong, then something went terribly, terribly wrong.

10-12-2013 12-58-03 PM

Summary

The inventory service is easy to install, and easy to secure with custom SSL certificates. You can also quickly check the health with a simple web browser. So this is one of the easiest services to install and configure. Next up in Part 14 is configuring your SQL databases and DSNs so we can finally get to installing vCenter.

Print Friendly, PDF & Email

Related Posts

Subscribe
Notify of
13 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
DSvmwareguy
October 17, 2013 7:58 am

Thanks!

Thomas Le
October 17, 2013 10:16 am

Thanks for great posting. Looking forward to your Chapter 14.

Nick
December 9, 2013 6:21 am

Hi Derek
in relation to my last post this is the log file from the ssl-updater for the inventory service:

[09/12/2013 – 13:07:48.21]: The Inventory Service is installed at "D:Program FilesVMwareInfrastructureInventory Service"
[09/12/2013 – 13:07:48.25]: Rollback path is "D:ssl-certificate-updater-tool-1308332backup"
[09/12/2013 – 13:07:48.26]: Rollback path is "D:ssl-certificate-updater-tool-1308332backupIS"
[09/12/2013 – 13:07:50.90]: Determining whether Inventory Service is registered with Single Sign-On …
Intializing registration provider…
Getting SSL certificates for https://vcentre.domain.locall:7444/lookupservice/
A local user with name InventoryService_2013.12.09_121405 is already registered in SSO
Return code is: AlreadyRegistered
7
[09/12/2013 – 13:08:01.91]: Unregistering Inventory Service from Single Sign-On …
< was unexpected at this time.

Mike
January 30, 2014 4:52 am
Reply to  Nick

Nick any resolution to this issue?

minshall
February 15, 2014 4:08 am
Reply to  Mike

i'm suffering same issue, any information would be great. i also have a case open with Vmware

Michael
February 27, 2014 2:48 pm

I got the same issue, and I opened the case with VMWare. It was the password of ad***********@vs*****.local contained a special character. I follow all the step on Derek's article and used none of the characters listed by Derek. I used the "=". The Solution was go the vSphere Web Client change the password to simple. Re-ran the ssl-update.bat, and it fixed the issue. Here the logs: _______________________________ [Thu 02/27/2014 – 16:31:54.09]: The Inventory Service is installed at "C:Program FilesVMwareInfrastructureInventory Service" [Thu 02/27/2014 – 16:31:54.17]: Rollback path is "D:ssl-certificate-updater-tool-1308332backup" [Thu 02/27/2014 – 16:31:54.17]: Rollback path is "D:ssl-certificate-updater-tool-1308332backupIS" [Thu 02/27/2014 –… Read more »

Yostie
March 11, 2014 11:03 am

For the life of me I can't seem to get past getting the SSL certificate installed for the Inventory Service. Installing the cert for SSO goes fine as does telling the Inventory Service to trust the SSO certificate but when I go to install the Inventory Service cert, the automatic tool fails indicating it can't talk to the lookup service. If I roll back the SSO cert, it works again. I've tried going the manual route with no success either. I get the SSO certificate replaced just fine and move onto the next step which is unregistering the Inventory Service.… Read more »

Will
March 13, 2014 8:06 am

Like many you you I have this issue. even with 5.5 U1. I am not surprised as the certificate toolkit is unchanged from the earlier releases.

I worked around this like Michael and changed the ad***********@vs*****.local to a simple password (upper, lower and numbers only) and re-ran the script. I changed the password back after replacing the certificate. A pain but that worked for me….

p.s. thanks for the hint regarding the Web Client install on D: being fixed. great news