"Incorrect User name/Password" error during Admin and Product UI login in VMware Aria Operations
search cancel

"Incorrect User name/Password" error during Admin and Product UI login in VMware Aria Operations

book

Article ID: 326396

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Logging into the Admin or Product UI of VMware Aria Operations fails with the following error:
    Incorrect User name/Password

  • Direct SSH logins to the nodes using the root credentials complete successfully.

  • The /storage/vcops/log/analytics-####.log file contains error entries similar to the following:

    ERROR [ServerConnection on port 10000 Thread 13594 ] [TfdVMiEzxqkl4sVzfycK6wkqY4ajbvqW] com.vmware.vcops.auth.server.authN.LocalAuthNStrategy.authenticateLocalUser - Super admin user locked out. Cannot login currently
    ERROR [ServerConnection on port 10000 Thread 13282 ] [uaDSNvXTPmRDg5pc1rnJZHuTLc2h4zMH] com.vmware.vcops.platform.gemfire.GemfireFunction.execute - Exception occurred when executing function - topFunction - com.vmware.vcops.platform.gemfire.GemfireFunction$MethodInvocationException: AccountLockedException: Admin user account locked

 
 



Environment

VMware Aria Operations 8.x

Cause

An adapter or integrated application configured with an incorrect password continuously attempts to authenticate. These repeated failed login attempts lock the admin account.

Resolution

Method 1 (Preferred):

  1. Open an SSH session to the Primary node and log in as the `root` user
  2. Run the following command to unlock the account by resetting the failed attempts to zero:
    $VMWARE_PYTHON_BIN $VCOPS_BASE/../vmware-vcopssuite/utilities/sliceConfiguration/bin/vcopsSetAdminPassword.py --unlock
    $VMWARE_PYTHON_BIN $VCOPS_BASE/../vmware-vcopssuite/utilities/sliceConfiguration/bin/vcopsSetAdminPassword.py --sync

The first command will unlock the admin account by setting failed_attempts to 0 in adminuser.properties, the second command will synchronize that change with the other nodes in the cluster. If single node deployment, the sync command is not required.

If the admin account continues to lock after these changes, an external system or service account is likely repeatedly failing authentication with an incorrect password. For further investigation, refer to Aria Operations admin account getting locked even after password reset (346009)

Method 2 (Manual):

  1. Open an SSH session to the Primary node and log in as the `root` user.
  2. Open the configuration file in a text editor:
    vi /storage/vcops/user/conf/adminuser.properties
  1. Delete the line containing failed_attempts=x.

  2. Save and close the file:
    :wq!

  1. Repeat steps 1–4 on all Primary Replica and Data nodes in the cluster.

 

Unlock the OS Admin Account The OS admin account utilizes a separate lockout mechanism from the Product UI.

  1. Open an SSH session to the affected node and log in as the root user.

  2. Reset the OS account lockout based on the VMware Aria Operations version:

    • For Aria Operations 8.14 and later:
      /usr/sbin/faillock --user admin --reset

    • For Aria Operations 8.13 and earlier
      pam_tally2 --user admin --reset

Additional Information

For information on resetting the Admin password, see How to reset the admin password in VMware Aria Operations(326391).

Create a local Aria Operations service account for adapter instances or other application authentication and integration.

Create a local service account

To create a local service account user for adapter configurations and integrations, follow the steps below.

  1. Log into the vRealize/Aria Operations Product UI as the local admin user.
  2. Navigate to Administration > Access > Access Control.
  3. Click Add, to add a new local user.
  4. Enter the required information for the user, and click Next.
  5. Click the Objects tab, set the Select Role drop box to Administrator and check the Assign the role to the user box.
  6. Check the Allow access to all objects in the system box, and click Finish.  Click Yes if prompted.


Update adapter credentials

To use the newly created credentials on any required adapter instances, follow the steps below.

  1. Navigate to Administration > Solutions > Other Accounts.
  2. Next to the adapter instance > change the credentials on, click the vertical ellipsis, then click Edit.
  3. For vRealize/Aria Operations credentials, click Add New (plus icon) to create new Credentials.
Note: This does not apply for credentials used to connect to a destination.
  1. Enter the newly created local user information.
  2. Click OK, then click Save to save the adapter instance.



Impact/Risks:
Update the credentials on the responsible adapter or external application before unlocking the account. Failing to update these sources causes the admin account to lock again immediately. As a best practice, utilize dedicated service accounts for all integrations.

Note: If the failed login attempts originate from an adapter running within Aria Operations, and logging into the Product UI with an alternative administrative account is not possible, perform the following actions:

  1. Execute the account unlock steps detailed above.

  2. Immediately log into the Aria Operations Product UI as the local admin user to update the adapter's saved credentials before the account triggers another lockout.

  3. Repeat the account unlock steps to clear any additional failed login attempts that may have occurred during the credential update process.

 

Powered by Wolken Software