Product UI admin account lockout:After updating the admin credentials on any sources, admin account may be locked out. To resolve this issue in vRealize/Aria Operations, reset the failed login attempts on each Analytics node in the vRealize/Aria Operations cluster.
Method 1 (Preferred):
- Log into the Primary node as root via SSH or Console, pressing ENTER in a Console to log in.
- Issue the following commands to reset admin account lockout:
$VMWARE_PYTHON_BIN $VCOPS_BASE/../vmware-vcopssuite/utilities/sliceConfiguration/bin/vcopsSetAdminPassword.py --unlock
$VMWARE_PYTHON_BIN $VCOPS_BASE/../vmware-vcopssuite/utilities/sliceConfiguration/bin/vcopsSetAdminPassword.py --sync
The first command will unlock the admin account by setting failed_attempts to 0 in adminuser.properties, the second command will synchronize that change with the other nodes in the cluster. If single node deployment, the sync command is not required.
Method 2 (Manual):
- Log into the Primary node as root via SSH or Console, pressing ENTER in a Console to log in.
- Open /storage/vcops/user/conf/adminuser.properties using a text editor:
vi /storage/vcops/user/conf/adminuser.properties
- Delete the failed_attempts=x line.
- Save and close the file:
:wq!
- Repeat steps 1-4 on all Primary Replica (if applicable) and Data nodes (if applicable) in the cluster.
OS admin account lockout:The OS admin account may be locked out, but not for the same reasons as above, as it's only used internally, or by logging in through SSH or Console. Lockout for the OS account is handled though the OS internal lockout procedure.
Run this command for the local OS version of the admin account:
pam_tally2 --user admin --reset
Starting from Aria Operations 8.14 please use below command instead:
/usr/sbin/faillock --user admin --reset
The OS account for admin is in some ways separate from the Product UI admin account, changes made to the OS account, such as setting the password using passwd command, or resetting lockout using pam_tally2 or faillock command, will not be reflected on the Product UI account.
However, if password is changed for the Product UI account from Admin UI, that change is automatically propagated to the OS account.