lookup_password utility fails to pull passwords
search cancel

lookup_password utility fails to pull passwords

book

Article ID: 316096

calendar_today

Updated On:

Products

VMware Cloud Foundation VMware SDDC Manager

Issue/Introduction

When attempting to use the lookup_password utility, you may run into an error while not able to log into SDDC manager

In /var/log/vmware/vcf/sddc--manager-ui-app/sddcManagerServer.log you may also see errors similar to this:

 

Environment

VMware Cloud Foundation 4.x

VMware Cloud Foundation 5.x

Cause

The lookup_password is failing due to a token creation failure. 

  • This issue can occur with one or more of these issues occur
    • root password on the vCenter is expired
    • Certificates are expired on the vCenter
    • The SSO password has changed.

Resolution

The following steps are applicable only in cases when the local account has not yet been set up and user cannot generate a token using the regular SSO credentials. 

  1. SSH to SDDC Manager using vcf credentials and then switch to root account, and run the below commands

    mkdir -p /etc/security/local
    chown root:vcf_services /etc/security/local
    chmod 650 /etc/security/local
    echo -n "" > /etc/security/local/.localuserpasswd
    chown root:vcf_services /etc/security/local/.localuserpasswd
    chmod 660 /etc/security/local/.localuserpasswd

    # Set the password
    echo -n "UpdatethePassword" | openssl dgst -sha512 -binary | openssl enc -base64 | tr -d '\n' > /etc/security/local/.localuserpasswd

  2. Once the local account is set up, run the lookup_password utility using the local account (use the same password as set in Step #1).

    lookup_passwords

    Password lookup operation requires ADMIN user credentials. Please refer VMware Cloud Foundation Administration Guide for setting up ADMIN user.

    Supported entity types: ESXI VCENTER PSC NSX_MANAGER NSX_CONTROLLER NSXT_MANAGER NSX_ALB NSXT_EDGE VRSLCM VRLI VROPS VRA WSA BACKUP VXRAIL_MANAGER AD
    Enter an entity type from above list: PSC
    Enter page number (optional):
    Enter page size (optional, default=50):
    Enter Username: admin@local
    Enter Password:
            PSC
            identifiers: ###.###.###.###,###.####.###
            workload: ###-###-###
                    username: [email protected]
                    password: xxxxxxxx
                    type: SSO
                    account type: SYSTEM

      Page : 1/1, displaying 1 of total 1 entities in a page.

 

Note: If there is a need to change the local account password once the environment is recovered (for instance, after fetching credentials), you can do so by following the steps mentioned in VMware Cloud Foundation documentation.

Powered by Wolken Software