Listing Services registered with Single Sign-On (SSO) in vSphere 6
Listing SSO Services
Listing services in Single Sign-On is much different in vSphere 6 than it was in vSphere 5.5 or 5.1. Previously, you would run the ssolscli.cmd but now, you will need to run a Python script called lstool.py. The command to list all of the services registered with SSO 6 is below, you will need to open a cmd prompt and run this from the Platform Services Controller (PSC).
"C:\Program Files\VMware\vCenter Server\python\python.exe" "C:\Program Files\VMware\vCenter Server\VMware Identity Services\lstool\scripts\lstool.py" list --url http://localhost:7080/lookupservice/sdk
Once that is complete you should see output similar to the following:
Name: The group check interface of the SSO server Description: The group check interface of the SSO server Service Product: com.vmware.cis Service Type: sso:groupcheck Service ID: default-first-site:6761b0d0-affc-42ec-b18f-e9c26b35fb1c Site ID: default-first-site Owner ID: psc1.vcloud.local@vsphere.local Version: 2.0 Endpoints: Type: com.vmware.cis.cs.identity.groupcheck Protocol: vmomi URL: https://PSC1.vcloud.local/sso-adminserver/sdk/vsphere.local SSL trust: MIIDZTCCAk2gAwIBAgIJANsSYK5nnv94MA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAMMAkNBMRcwFQYKCZImiZPyLGQBGRYHdnNwaGVyZTEVMBMGCgmSJomT8ixkARkWBWxvY2FsMQswCQYDVQQGEwJVUzENMAsGA1UECgwEUFNDMTAeFw0xNTAzMTIxNTQwNDNaFw0yNTAzMDYxNTQwNDNaMCkxGjAYBgNVBAMMEVBTQzEudmNsb3VkLmxvY2FsMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKp/XA1iFfqQxqWia3XKypWwF12n2YEEMhrbfIHgj0GGAjCVDYWljXCcBPsGtnenvtuQNRpuHtu1PYOaEcDIrZ4m4+1sChOjwQeIjyH3KVZbIQUFyL4+RbYgBIYW5NBdN94QeEP2brRgN13lPprk87Y6CEhneoMXOGX+5g+rznt6zPm4ecNKM5XxUfDnRl9Ehwu5RTowsuDkb2De2iLX5H5/kxy31KwK4e1BvCgTmmCeIto7hz5rgKf4jH+t7t/nzsVnxv3s29kcGOBDrrbpvR3Nagu208jONkhizCSvGXqFoQkaYEQpsWoQ+q6yOoVpT1hJQR33pQ6s419VFXylWqECAwEAAaNgMF4wHAYDVR0RBBUwE4IRUFNDMS52Y2xvdWQubG9jYWwwHQYDVR0OBBYEFGK0eV4iTBW455rtIwggu/vI3SoWMB8GA1UdIwQYMBaAFIVzGKz62YWFcy9TEO+GX3G/QIk1MA0GCSqGSIb3DQEBCwUAA4IBAQCoOlPsCUPjj4fswAWKrOH8JkPByhNjW2KrA5mUo1/tv+AozmInL0uutLF/U2hg8z7qBJgI9x4qJL7lHTcGiReOI/EzJxTo6j3R87RYSm3ZTWF9OsRfaXACWIbwQ5yUMvwadiGp6wdmqjj/GfwRRJY4rG48zEzCC5r6rbU+l7QHdRkLXagOv4uqnYuMK9g6Ut631e6xJwS6JzqReFqg5+UqTtlB2Rpe3cNi5nHx6ybZ96jdskxe/PjSqtQtf64OQqiettWwg5X8pajO4On7kWWcIzPs+VqtwOm22ae2ltAiTp6NoDVfi/QqS++dPs4R72F4eoo3DajeSHRVc/V54uUl -------------------------------------------------------
As in 5.5. or 5.1, listing services registered to Single-Sign On is a great troubleshooting step to ensure that the lookup service is actually responding appropriately and is not having any issues. You can also use any of the arguments below like unregister services, register services, manage vSphere 5.5 services, or get service identifier information. I have provided an output of the possible syntax commands below.
list - List service registrations using specified search filter --url URL - URL of lookup service [--no-check-cert] - Don't validate the server SSL certificate. [--as-spec] - Print service in spec file format. [--id-only] - Output service ID(s) only. [--product PRODUCT] - Service product value of search filter [--type TYPE] - Service type value of search filter [--node NODE] - Node identifier value of search filter [--site SITE] - Site identifier value of search filter [--ep-proto EP-PROTO] - Endpoint protocol value of search filter [--ep-type EP-TYPE] - Endpoint type value of search filter list55 - List VC55 service registrations using specified search criteria --url URL - URL of lookup service [--no-check-cert] - Don't validate the server SSL certificate. [--as-spec] - Print service in spec file format. [--id-only] - Output service ID(s) only. [--type TYPE] - Service type value of search criteria register - Register service --url URL - URL of lookup service --user USER - SSO user name --password PASSWORD - SSO user password --spec SPEC - Service spec file path --id ID - Service identifier [--no-check-cert] - Don't validate the server SSL certificate. register55 - Register VC55 service; return service ID --url URL - URL of lookup service --user USER - SSO user name --password PASSWORD - SSO user password --spec SPEC - Service spec file path [--no-check-cert] - Don't validate the server SSL certificate. unregister - Delete service registration --url URL - URL of lookup service --user USER - SSO user name --password PASSWORD - SSO user password --id ID - Service identifier [--no-check-cert] - Don't validate the server SSL certificate. reregister - Update service registration --url URL - URL of lookup service --user USER - SSO user name --password PASSWORD - SSO user password --spec SPEC - Service spec file path --id ID - Service identifier [--no-check-cert] - Don't validate the server SSL certificate. reregister55 - Update VC55 service registration --url URL - URL of lookup service --user USER - SSO user name --password PASSWORD - SSO user password --spec SPEC - Service spec file path --id ID - Service identifier [--no-check-cert] - Don't validate the server SSL certificate. get - Get service by its identifier --url URL - URL of lookup service --id ID - Service identifier [--as-spec] - Print service in spec file format. [--no-check-cert] - Don't validate the server SSL certificate. get55 - Get VC55 service by its identifier --url URL - URL of lookup service --id ID - Service identifier [--as-spec] - Print service in spec file format. [--no-check-cert] - Don't validate the server SSL certificate. get-site-id - Get lookup service site identifier --url URL - URL of lookup service [--no-check-cert] - Don't validate the server SSL certificate.
Please let me know if you have any questions or comments!

6 Comments
hey,
Thanks for the article , great info!
my question is how you list the services with VCSA ,
Thanks
Any information on how to do this with the vCenter Appliance?
Same as windows. The lstool.py script is located in /usr/lib/vmidentity/tools/scripts/ though.
How about on the new 6.5 VCSA? Please
To update service registration, what should I use for –spec SPEC – Service spec file path???
Thanks,
thank you! […….making the comment long enough to post it…..]