If you cannot upgrade, you can work around this issue by updating the encrypted host passwords in the database.
To update the encrypted host passwords:
- Identify that the length of the encrypted password for any host does not meet the 2048-bit key length:
For SQL Server:
SQL query: SELECT ID, LEN(PASSWORD), PASSWORD FROM VPX_HOST;
For Oracle:
SQL query: SELECT ID, LENGTH(PASSWORD), PASSWORD FROM VPX_HOST;
Password lengths of 173 represent encryption with a 1024-bit key, and lengths of 345 represent encryption with a 2048-bit key.
If any lengths are found to be less than 345, continue to step 2.
If all lengths are 0 or 345, no further action is required.
- Clear out the stored encrypted passwords.
SQL query: UPDATE VPX_HOST SET PASSWORD='';
Note: To limit the scope of the update statement:
SQL query: UPDATE VPX_HOST SET PASSWORD='' where ID = <where ID value from Step1 = 173>;
- Restart vCenter Server.
- Connect to vCenter Server and reconnect all disconnected hosts.
As hosts are reconnected, their encrypted passwords will be repopulated into the database with the new key length.
Note: You may have to re-enter the root password when reconnecting the host to vCenter Server.