• Error message: "Invalid credentials or account is locked".

• Forgotten or lost local admin credentials necessitate a password reset.

• Login to Aria Operations for Logs (formerly vRealize Log Insight) via the local admin account fails even after utilizing the li-reset-admin-passwd.sh script. This behavior indicates the account may require unlocking

• Aria Operations for Logs admin account keeps getting locked out even after unlocking it.
• In version 8.18.x, the product certificate expiration caused Cassandra to go down, resulting in the inability to reset the admin account.
• See in the api_audit.log logs that the IP address right before the lockout message is coming from a monitoring tool. Example of an extract below shows ###.###.###.### where the monitoring tool IP address is usually included.
  
  [YYYY-MM-DD HH:MM:SS.976+0000] ["application-akka.actor.default-dispatcher-20"/###.###.###.### INFO] [controllers.AuthenticationController.api_audit] [###.###.###.### - POST /api/v1/sessions] [YYYY-MM-DD HH:MM:SS.118+0000] ["application-akka.actor.default-dispatcher-20"/###.###.###.### INFO] [controllers.AuthenticationController.api_audit] [Authentication failed. Invalid credentials or account is locked.]
  
  
• SDDC manager may show Aria Operations for Logs disconnected.
• Triggering an inventory sync in Life Cycle Manager the task fails with authentication error.
• Aria Operations for Logs Integration in Aria Operations is failing.

• VMware vRealize Log Insight 8.1.1 to 8.10.2
• Aria Operations for Logs 8.12 and later
• VMware Cloud Foundation 5.x and later

The issue has multiple contributing causes:

1. Product Certificate Expiration: The expiration of the product certificate in version 8.18.x caused Cassandra to go down, leading to the admin account reset process failing.
2. Multiple Invalid Login Attempts: Repeated incorrect login attempts with the local admin credentials resulted in the admin account being locked out.

If api_audit.log indicates that a monitoring tool is causing the account lockout, verify the tool configuration and remove any test jobs connecting to Aria Operations for Logs. If the lockout originates from within Aria Operations, update the integration credentials to match the current password. Proceed to unlock the account by following the steps outlined below.

To reset and/or unlock the admin password/account in Aria Operations for Logs, follow the steps below:

Aria Operations for Logs 8.12 and later (formerly vRealize Log Insight 8.8 to 8.10.2):

Reset the admin password

In the event of forgotten or lost local admin credentials, follow the steps below to reset the password. Aria Operations for Logs 8.12 and later includes an updated script by default, which facilitates a direct password reset to a preferred value.

1. SSH to any node in the Aria Operations for Logs cluster as root.
   
   
2. Run the following command to reset the admin password:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword
   
   

   Note: Utilizing the resetAdminPassword parameter automatically generates a random password. This password can subsequently be updated within the UI by navigating to the user preferences in the top right corner.

   
   
3. Alternatively, Can use the following command to directly supply the desired password:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword NewPassword
   

   Note: Replace NewPassword in the command above with the desired password. If special characters are used, encapsulate the password in single quotes (e.g., 'Password1!').
    

   Note: Review Unable to login into Aria Operations for logs using a local or AD user, Error: Username/Password invalid error received on the UI even when the credentials are valid In the event of an 'Unable to get salt' or 'unable to get user data' error during command execution, proceed with the troubleshooting steps.

Unlock the admin account

If login to the vRealize Log Insight UI via the local admin account remains unsuccessful following a password change with the li-reset-admin-passwd.sh script, proceed with the following steps to unlock the account:

1. SSH to any node in the Aria Operations for Logs as root.
   
   
2. Run the following command to observe whether the admin account is locked:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus
   
   
3. If the returned value shows that the admin account is locked, unlock it with the following command:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --unlockAdmin
   
   
4. Run the command from step 2 again to ensure the status is showing unlocked:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus
   
   

vRealize Log Insight 8.1.1 - 8.6.2:

Reset the admin password

In the event of forgotten or lost local admin credentials, follow the steps below to perform a password reset.

Option 1

1. SSH to any node in the vRealize Log Insight cluster as root.
2. Run the following command:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh
   Note: This command will reset admin password to a randomly generated password.
   
   
3. Log in to the vRealize Log Insight UI as admin with the password output from step 2.
4. Click the Admin username in the top right, and then My Settings.
5. Enter the Existing Password from step 2, then new desired password, and click Save.

Option 2

1. SSH to any node in the vRealize Log Insight cluster as root.
2. Rename the original script to preserve it:
   mv /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh.orig
   
   
3. Download the attached li-reset-admin-passwd.sh script, and using a utility like WinSCP, copy it to the /usr/lib/loginsight/application/sbin/ directory on the same node as chosen for step 1.
   
   
4. Run the following command to set permissions on the script:
   chmod 755 /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh

5. Run the following command to reset the admin password:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword

   

   Note: Utilizing the resetAdminPassword parameter automatically generates a random password. This password can subsequently be updated within the UI by navigating to the user preferences menu in the top right. Alternatively, the following command allows for a direct reset to a preferred password:

   
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword NewPassword
   

   Note: Replace NewPassword in the command above with the desired password.

   
   
   
   

Unlock the admin account

Should login to Aria Operations for Logs (Log Insight) via the local admin account remain unsuccessful following a password change with the li-reset-admin-passwd.sh script, utilize one of the following options to unlock the account.

Option 1

1. SSH to any node in the Aria Operations for Logs as root.
2. Connect to the Cassandra database by following the steps described in Accessing the Cassandra Database in Aria Operations for Logs.
3. Enable vertical query results by running the following commands:
   expand on;
use logdb;
   
   
4. Determine the admin user status and ID:
   select id,status from user where user_name='admin' allow filtering;
   
   
5. If the returned value of status for the admin account is 2, reset it back to 1 with the following command:
   update user set status=1 where id=adminUserID;
   Note: Replace adminUserID with the ID of the admin user observed in the output from step 4.
   
   
6. Run the command from step 4 again to ensure the status value was set to 1:
   select id,status from user where user_name='admin' allow filtering;

Option 2

1. SSH to any node in the Aria Operations for Logs cluster as root.
2. Rename the original script to preserve it:
   mv /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh.orig


3. Download the attached li-reset-admin-passwd.sh script, and using a utility like WinSCP, copy it to the /usr/lib/loginsight/application/sbin/ directory on the same node as chosen for step 1.
4. Run the following command to set permissions on the script:
   chmod 755 /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh


5. Run the following command to observe whether the admin account is locked:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus


6. If the returned value shows that the admin account is locked, unlock it with the following command:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --unlockAdmin


7. Run the command from step 5 again to ensure the status is showing unlocked:
   /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus


If do not have the root password to open an SSH session, please follow KB Reset and unlock the local admin account in VCF Operations for Logs.

VMware Cloud Foundation Installations

If the API is disconnected within SDDC Manager on VMware Cloud Foundation and the admin password has been reset outside of SDDC Manager:

• Aria Operations for Logs Admin/API is disconnected in SDDC Manager.
• Password rotation, upgrade, or remediation could not previously be performed from the SDDC.
• Password is now known and Web UI access is possible.
• Make sure that there are no special characters in the Admin password for Log Insight: Remediate password task in SDDC Manager UI fails if the password has specific special characters
• Once none of the known bad special characters are in the password, please use the guide to Remediate the password in SDDC Manager: Remediate Passwords.