Unable to add Local Administrator user to vCenter Server Appliance with error "Error in executing command: 8002"
search cancel

Unable to add Local Administrator user to vCenter Server Appliance with error "Error in executing command: 8002"

book

Article ID: 313867

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
Command> localaccounts.user.add --role admin --username Administrator --password
Enter password:
Reenter password:
Error in executing command: 8002
  • The applmgmt.log contains entries similar to: 
Note: appmgmt.log can be found in /var/log/vmware/applmgmt/applmgmt.log

 
2018-12-27T00:42:45.696 [15590]DEBUG:vmware.appliance.localaccounts.impl:Executing operation /usr/sbin/useradd ['Administrator', '-m', '-c', 'Administrator', '-G', 'admin']
2018-12-27T00:42:45.723 [15590]DEBUG:vmware.appliance.localaccounts.impl:Operation output = b'', error = b"useradd: user 'Administrator' already exists\n" returncode = 9
2018-12-27T00:42:45.724 [15590]ERROR:vmware.appliance.localaccounts.impl:User add failed: [Failure instance: Traceback: : pint.Error('com.vmware.applmgmt.err_operation_failed', 'Operation Failed.', **{})


or 


2020-12-02T15:31:22.470 [10663]ERROR:vmware.appliance.localaccounts.impl:GenericErrorBack: pint.Error('com.vmware.applmgmt.err_add_user_failed', 'Failed to add user.', **{})
2020-12-02T15:31:22.480 [10663]CRITICAL:twisted:Unhandled Error
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/twisted/internet/_baseprocess.py", line 64, in maybeCallProcessEnded
    proto.processEnded(Failure(reason))
  File "/usr/lib/python3.5/site-packages/twisted/internet/utils.py", line 163, in processEnded
    self.deferred.callback((out, err, code))
  File "/usr/lib/python3.5/site-packages/twisted/internet/defer.py", line 459, in callback
    self._startRunCallbacks(result)
  File "/usr/lib/python3.5/site-packages/twisted/internet/defer.py", line 567, in _startRunCallbacks
    self._runCallbacks()
--- <exception caught here> ---
  File "/usr/lib/python3.5/site-packages/twisted/internet/defer.py", line 653, in _runCallbacks
    current.result = callback(current.result, *args, **kw)
  File "/usr/lib/applmgmt/transport/py/vmware/vherd/transport/xmlrpc.py", line 233, in unauthorized_cb
    failure.trap(authorization.AuthorizationError)
  File "/usr/lib/python3.5/site-packages/twisted/python/failure.py", line 346, in trap
    self.raiseException()

 
Note:The preceding log excerpt are only examples. Date, time and environmental variables may vary depending on your environment.


Environment

VMware vCenter Server Appliance 6.5.x
VMware vCenter Server Appliance 6.7.x

Cause

Adding Administrator user may fail because of two reasons:
  1. root password is expired
  2. A Local Administrator Account "lsass" is added to nsswitch.conf file.

Resolution

If the failure is because root password is expired:
The applmgmt.log shall include the below:

2020-12-02T15:31:22.480 [10663]CRITICAL:twisted:Unhandled Error
Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/twisted/internet/_baseprocess.py", line 64, in maybeCallProcessEnded
    proto.processEnded(Failure(reason))
  File "/usr/lib/python3.5/site-packages/twisted/internet/utils.py", line 163, in processEnded
    self.deferred.callback((out, err, code))
  File "/usr/lib/python3.5/site-packages/twisted/internet/defer.py", line 459, in callback
    self._startRunCallbacks(result)
  File "/usr/lib/python3.5/site-packages/twisted/internet/defer.py", line 567, in _startRunCallbacks
    self._runCallbacks()
--- <exception caught here> ---
  File "/usr/lib/python3.5/site-packages/twisted/internet/defer.py", line 653, in _runCallbacks
    current.result = callback(current.result, *args, **kw)
  File "/usr/lib/applmgmt/transport/py/vmware/vherd/transport/xmlrpc.py", line 233, in unauthorized_cb
    failure.trap(authorization.AuthorizationError)

  File "/usr/lib/python3.5/site-packages/twisted/python/failure.py", line 346, in trap
    self.raiseException()

 
  • To verify root password expiry, run the below command:
# chage -l root
 
  • If you got the below output, then the password expired
root_password.jpg
  • To reset the rood password from Shell , run the below command
# passwd

root_change.PNG
  • Now try the command again, it will work.

If the failure is because a Local Administrator Account "lsass" is added to nsswitch.conf file.
  • The applmgmt.log shall include the below:
2018-12-27T00:42:45.696 [15590]DEBUG:vmware.appliance.localaccounts.impl:Executing operation /usr/sbin/useradd ['Administrator', '-m', '-c', 'Administrator', '-G', 'admin']
2018-12-27T00:42:45.723 [15590]DEBUG:vmware.appliance.localaccounts.impl:Operation output = b'', error = b"useradd: user 'Administrator' already exists\n" returncode = 9
2018-12-27T00:42:45.724 [15590]ERROR:vmware.appliance.localaccounts.impl:User add failed: [Failure instance: Traceback: : pint.Error('com.vmware.applmgmt.err_operation_failed', 'Operation Failed.', **{})

 
  • To verify that there is Administrator Account "lsass" is already added, run the below commands:
1-
# getent passwd | grep "Administrator"
You should get the below output
Hostname\Administrator:x:1500:1800::/:/bin/sh

2-
# grep lsass /etc/nsswitch.conf
You should get the below output
passwd: files ato lsass
group: files lsass
  • Now you need to remove the  lsass from the nsswitch.conf file as below:
  • Navigate to the file directory using cd command
# cd /etc/
Important: Take a backup from the the nsswitch.conf file before doing any changes.
# cp nsswitch.conf nsswitch.con.old
  • Using a Text Editor  vi , remove the lsass from the  nsswitch.conf file
Before:
passwd: files ato lsass
group: files lsass


After:
passwd: files ato
group: files

 
  • Save and close 
  • Now try the command again, it will work.