It is very small blog but it made lot of sense when I actually figured it out while troubleshooting SSO. Here is the order of installation
1. SSO Installation ( NO Dependencies)
2. vCenter Inventory Service (Dependency on SSO)
3. vCenter (Need both vCenter Inventory Service & SSO installation)
4. vSphere Web Client (Dependency on SSO)
Keep in mind vSphere web Client has no dependencies on vCenter
One of the problem which is very common is that SSO doesn’t detect Domain and fails to add identity source. If it cannot add identity source you have to manually add it.
We only realize this when we are upgrading or installing vCenter. While installing/Upgrading vCenter you get an error, unable to detect identity source and Wizard will provide you option to add default administrators group.
Copied from vSphere Security Guide
NB: In high availability and multisite Single Sign-On modes, there is no local operating system identity source. Therefore, it will not work if you enter Administrators or Administrator in the text box vCenter Server administrator recognized by vCenter Single Sign-On. Administrators is treated as the local operating system group Administrators, and Administrator is treated me as local operating system user Administrator.
For example, to grant a group of domain administrators permission to log in to vCenter Server, type of name of the domain administrators group, such as Domain Admins@VCADSSO.LOCAL
It means that when you select high availability mode administrators group should be in groupname@activedirectorydomainame format
But in spite of that it may not work. So here is this trick that has worked for me.
1. Install Web Client
2. Login with admin@system-admin account
3. Add identity source as explain in Previous Post
4. Start installation/Upgrade wizard again, it works like a charm
Hope it helps you all !!!