Caught ssh exec error event
WARNING: Your password has expired
login as: root
Pre-authentication banner message from server:
|
| VMware vCenter Server 8.0.2.00200
|
| Type: vCenter Server with an embedded Platform Services Controller
|
End of banner message from server
Keyboard-interactive authentication prompts from server:
| Password:
End of keyboard-interactive prompts from server
Last login: Fri Sep 27 22:53:21 2024 from x.x.x.x
sudo: Account or password is expired, reset your password and try again
Changing password for root.
Current password:
On boot, the SDDC tries to establish an SSH connection to the Management Domain vCenter. If the root password on the Management Domain vCenter has expired this connection will fail.
Even if the root password is changed on the Management Domain vCenter side, the UI will still not launch correctly as SDDC Manager is unaware of the new root password on the vCenter side and will continue to try to connect using the old password.
This in turn will lock the new, valid Management Domain vCenter root password due to an excessive number of failed logins.
psql -h localhost -U postgres -d platform -c "select vm_hostname,id,status from vcenter"
Sample output
vm_hostname | id | status
---------------------+--------------------------------------+--------
vcsa01.example.com | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx602f | ACTIVE
curl 'localhost/credentials-service/credentials?entityType=VCENTER&credentialType=SSH' | json_pp
curl localhost/credentials-service/credentials/<id from Step # 5> -X PUT -H "Content-type:application/json" -d "<new password>" | json_pp
curl 'localhost/credentials-service/credentials?entityType=VCENTER&credentialType=SSH' | json_pp
chsh -s /bin/bash root
TOKEN=$(curl -d '{"username" : "<sso username>", "password" : "<sso password>"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')
curl -X GET 'localhost/v1/system/credentials?entityType=VCENTER&credentialType=SSH' -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN"
curl -X PUT 'localhost/v1/system/credentials/<id from Step # 5>' -d "<new password>" -H "Content-type:application/json" -H "Authorization: Bearer $TOKEN"| json_pp