Symptoms:

• You have forgotten or lost the password to the local admin account and need to reset it.
• You are unable to log in to the Aria Operations for Logs (Formerly vRealize Log Insight) with the local admin account, even after changing the password using the li-reset-admin-passwd.sh script. This indicates the account may need to be unlocked.
• Aria Operations for Logs admin account keeps getting locked out even after unlocking it. 
• See in the api_audit.log logs that the IP address right before the lockout message is coming from a monitoring .  Example of an extract below shows xx.xxx.xx.xx where the monitoring tool ip address is usually included.

[2024-09-23 09:33:10.976+0000] ["application-akka.actor.default-dispatcher-20"/123.45.67.891 INFO] [controllers.AuthenticationController.api_audit] [xx.xxx.xx.xx - POST /api/v1/sessions]
[2024-09-23 09:33:11.118+0000] ["application-akka.actor.default-dispatcher-20"/123.45.67.891 INFO] [controllers.AuthenticationController.api_audit] [Authentication failed. Invalid credentials or account is lo
cked.] 

• VMware vRealize Log Insight 8.1.1 to 8.10.2
• Aria Operations for Logs 8.12 and later

If the api_audit.log is showing that a monitoring tool is locking out the account please check the monitoring tool and remove any test jobs that connect to Aria Operations for Logs. Then proceed to unlock the account following the appropriate steps below.

To reset and/or unlock the admin password/account in Aria Operations for Logs, follow the steps below:

• Aria operations for Logs 8.12 and later
• vRealize Log Insight 8.1.1- 8.6.2

Aria operations for Logs 8.12 and later (formerly vRealize Log Insight 8.8 to 8.10.2):

Reset the admin password

If you have forgotten or lost the credentials to the local admin account, follow the steps below to reset the password.  Aria operations for Logs 8.12 and later contains the updated script by default, which will allow you to reset the password directly to your preferred password.

1. SSH to any node in the Aria Operations for Logs cluster as root
2. Run the following command to reset the admin password:

Unlock the admin account

If are unable to log in to the vRealize Log Insight UI with the local admin account, even after changing the password using the li-reset-admin-passwd.sh script mentioned above, proceed to the following to unlock the account:

1. SSH to any node in the Aria Operations for Logs as root
2. Run the following command to observe whether the admin account is locked:

3. If the returned value shows that the admin account is locked, unlock it with the following command:

4. Run the command from step 3 again to ensure the status is showing unlocked

vRealize Log Insight 8.1.1- 8.6.2:

Reset the admin password

If you have forgotten or lost the credentials to the local admin account, follow the steps below to reset the password.

Option 1

1. SSH to any node in the vRealize Log Insight cluster as root
2. Run the following command

Note: This command will reset your admin password to a random generated password

3. Login to the vRealize Log Insight UI as admin with the password output from step 2
4. Click the Admin username in the top right, and then My Settings
5. Enter the Existing Password from step 2, then your new desired password, and click Save

Option 2

1. SSH to any node in the vRealize Log Insight cluster as root
2. Rename the original script to preserve it

3. Download the attached li-reset-admin-passwd.sh script, and using a utility like WinSCP, copy it to  the/usr/lib/loginsight/application/sbin/ directory on the same node as chosen for step 1
4. Run the following command to set permissions on the script:

5. Run the following command to reset the admin password:

Note: Using the resetAdminPassword parameter will automatically generate a random password, which you can then change in the UI under the user's preferences in the top right.  Alternatively, you can use the following command to directly supply your desired password

Note: Replace NewPassword in the above command with your desired password.

Unlock the admin account

If are unable to log in to the Aria Operations for Logs (Log Insight) with the local admin account, even after changing the password using the li-reset-admin-passwd.sh script mentioned above, proceed to choose from one of the following options to unlock the account.

Option 1

1. SSH to any node in the Aria Operations for Logs as root
2. Connect to the Cassandra database by following the steps described in this article.
3. Enable vertical query results by running the following commands:

4. Determine the admin user status and ID

5. If the returned value of status for the admin account is 2, reset it back to one with the following command

6. Run the command from step 4 again to ensure the status value was set to 1

Option 2

1. SSH to any node in the Aria Operations for Logs cluster as root
2. Rename the original script to preserve it

3. Download the attached li-reset-admin-passwd.sh script, and using a utility like WinSCP, copy it to  the/usr/lib/loginsight/application/sbin/ directory on the same node as chosen for step 1
4. Run the following command to set permissions on the script:

5. Run the following command to observe whether the admin account is locked:

6. If the returned value shows that the admin account is locked, unlock it with the following command:

7. Run the command from step 3 again to ensure the status is showing unlocked