How to reset SDDC Manager vcf and root user accounts
search cancel

How to reset SDDC Manager vcf and root user accounts

book

Article ID: 323984

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

This article provides instructions on how to reset the vcf and root user accounts for SDDC manager.

Environment

VMware Cloud Foundation 4.x
VMware Cloud Foundation 5.x

Resolution

  1. Login to the vCenter/vSphere UI and find the SDDC Manager VM.
  2. Click on the SDDC Manager VM, under the IP address should be the host FQDN for which ESXi the VM is sitting on.
  3. Open a new tab and paste the ESXi host FQDN into a browser and login to the host UI via root
  4. Click on Virtual Machines, then click on the SDDC Manager VM > Edit > VM Options > Boot Options
  5. Set the Boot Delay to 10000 milliseconds.
  6. Open the VM console and On the right-hand side of the console is a button that says Actions. Click on Actions Power > Reset.
  7. At the Photon screen, hit the 'e' key to get into the GRUB.
  8. Use the arrow keys to navigate to the line beginning with linux and add the following to the end of the line:

    rw init=/bin/bash

  9. Press the F10 key to continue booting the VM. 
  10. Run the following commands to unlock the vcf and root accounts:
    • For VCF versions 4.3.0.0 up till 5.0.0.1, use:
    •  


    • /usr/sbin/pam_tally2 -u root -r
      /usr/sbin/pam_tally2 -u vcf -r

    • For VCF versions starting from VCF 5.1.0.0, use:

      /usr/sbin/faillock --user root --reset
      /usr/sbin/faillock --user vcf --reset

    • Note: If there are any failures, use the up arrow key to re-run the command until the failures column shows 0.
  11. Run the following commands to set the accounts to a temporary password: 

    passwd vcf
    passwd root

  12. Then reboot SDDC by running the following: 

    reboot -f

  13. After a few minutes, SSH into the SDDC Manager with the vcf user and temp password and then su root and enter the temp password for root. 
  14. Then run the following command to clear the passwords:

    echo "" >/etc/security/opasswd

  15. Now reset the accounts to new passwords or a password previously used by using commands mentioned in Step 11. Note: Make a note of what the vcf and root passwords were changed to.
  16. Here is the below command to change the age of the VCF and Root:

VCF: chage -M 999 vcf
Root: chage -M 999 root

   17. Make sure that the vCenter's root password is not set to 'never expire' or '-1': 'chage -l root' (or check the password status within the vCenter's VAMI page).

         Root: chage -M 999 root

Additional Information

Powered by Wolken Software