The 'About' page and 'System Details' pages show some blanks in place of actual values after upgrading to 8.x
search cancel

The 'About' page and 'System Details' pages show some blanks in place of actual values after upgrading to 8.x

book

Article ID: 312244

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms

  • Aria Suite Lifecycle Upgrade from 8.x to 8.x fails with "Failed to fetch auth token for CAP".
  • The About page and System Details pages show some blanks in place of actual values.
  • The error details as seen Aria Suite Lifecycle log:
2023-09-29 05:38:14.081 ERROR [pool-3-thread-14] c.v.v.l.l.u.LcmCapUtil - – Response status code: 401
2023-09-29 05:38:14.081 ERROR [pool-3-thread-14] c.v.v.l.l.u.LcmCapUtil - – Failed to fetch auth token for CAP.
2023-09-29 05:38:14.081 INFO [pool-3-thread-14] c.v.v.l.p.d.l.u.LcmVaDetailsUtil - – REST call to get system settings unsuccessful: com.vmware.vrealize.lcm.lcops.common.exception.CAPException: Failed to fetch auth token for CAP.

Environment

VMware Aria Suite Lifecycle 8.x

Cause

  • Wrong user password data recorded within the product
  • You have set a custom password length restriction on your Aria Suite Lifecycle appliance
    • Default password length is 10 for the internal cap user.

Resolution

This issue is resolved in VMware Aria Suite Lifecycle 8.14 and above. The default password length is now 16 characters.

Workaround

Prerequisites

  • You have valid snapshots or backups of the Aria Suite Lifecycle 8.x appliance.

Procedure

1. Type out the new password in a notepad (This is needed for later steps). It is absolutely essential to have the correct password noted down for the below steps to work.

TIP: you can use the below command to generate a new password
uuidgen

2. Go to appliance SSH, and change the password for 'cap user' to the above password using the command:

passwd capuser
# Supply the above password here.

3. DELETE the current 'cap user' password in the Aria Suite Lifecycle locker using the command:

psql -h localhost --username=postgres -d vrlcm -c "DELETE FROM public.vm_locker_password WHERE alias='capuser';"

4. Add the `capuser` password to the Aria Suite Lifecycle locker. For this first, we need to authenticate to Aria Suite Lifecycle and get the JSESSION-ID: Use this curl command to get the JSESSIONID:

curl -s -I -k --location --request POST 'https://<lcm-ip>/lcm/authzn/api/login' --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'Authorization: Basic <base64encode_value_of_admin@local:password>'

NOTE: The Authorization header above is of the format: Basic<space>Base64(<admin@local>:<password>)
Use a tool like: https://www.base64encode.org to get the base64 encoded format for the above Authorization header for the value: `admin@local:<password>`.

As an example, using Password123 for demonstration, when going to https://www.base64encode.org, select the ENCODE option and place admin@local:Password123 up in the top box then hit encode to get the encoded output in the lower box. Once the encoded value is created you would add at the end of the curl command: Basic YWRtaW5AbG9jYWw6UGFzc3dvcmQxMjM='

5. Note down the JSESSION-ID in the output of the curl command from step 4. Use it to call the API to CREATE the 'cap user' password in the Aria Suite Lifecycle locker:

curl -k --location 'https://<lcm-ip>/lcm/locker/api/v2/passwords' --header 'Content-Type: application/json' --header 'Cookie: JSESSIONID=<session_id>' --data '{"alias": "capuser","password": "<PASSWORD****>","passwordDescription": "password for capuser","referenced": true,"userName": "capuser"}'

6. It is highly likely that the pam_tally incorrect login count for the user would exceed the threshold by now (because of repeated loading of the about screen to debug the issue)

Reset the failed login count and unlocked the user:

pam_tally2 -r -u capuser

The above steps should update the cap user password in both the appliance and the Aria Suite Lifecycle application.

Additional Information

 

Upgrades may fail with the following error in /var/log/vrslcm/vmware_vrlcm.log:

Exception while getting upgrade status for vRLCM. com.vmware.vrealize.lcm.lcops.common.exception.CAPException: REST call to get CAP token unsuccessful.
ERROR [http-nio-8080-exec-3] c.v.v.l.l.c.LcmManagementController -  -- Exception occurred while checking upgrade status.
com.vmware.vrealize.lcm.lcops.common.exception.CAPException: REST call to get CAP token unsuccessful.

To resolve this issue, consider the following:

  • Revert to a Previous Snapshot
  • Apply the Latest PSPack
  • Enable FIPS(if not enabled)
  • Reattempt the Upgrade
Powered by Wolken Software