Reset and unlock the local admin account in VCF Operations for Logs
search cancel

Reset and unlock the local admin account in VCF Operations for Logs

book

Article ID: 339878

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Error message: "Invalid credentials or account is locked".
  • You have forgotten or lost the password to the local admin account and need to reset it.
  • You are unable to log in to the Aria Operations for Logs (Formerly vRealize Log Insight) with the local admin account, even after changing the password using the li-reset-admin-passwd.sh script. This indicates the account may need to be unlocked.
  • Aria Operations for Logs admin account keeps getting locked out even after unlocking it.
  • In version 8.18.x, the product certificate expiration caused Cassandra to go down, resulting in the inability to reset the admin account.
  • See in the api_audit.log logs that the IP address right before the lockout message is coming from a monitoring tool. Example of an extract below shows ###.###.###.### where the monitoring tool IP address is usually included. 
    [2024-09-23 09:33:10.976+0000] ["application-akka.actor.default-dispatcher-20"/###.###.###.### INFO] [controllers.AuthenticationController.api_audit] [###.###.###.### - POST /api/v1/sessions]
[2024-09-23 09:33:11.118+0000] ["application-akka.actor.default-dispatcher-20"/###.###.###.### INFO] [controllers.AuthenticationController.api_audit] [Authentication failed. Invalid credentials or account is locked.]
  • SDDC manager may show Aria Operations for Logs disconnected.
  • When triggering an inventory sync in Life Cycle Manager the task fails with authentication error.
  • Aria Operations for Logs Integration in Aria Operations is failing.

Environment

  • VMware vRealize Log Insight 8.1.1 to 8.10.2
  • Aria Operations for Logs 8.12 and later
  • VMware Cloud Foundation 5.x and later

Cause

The issue has multiple contributing causes:

  1. Product Certificate Expiration: The expiration of the product certificate in version 8.18.x caused Cassandra to go down, leading to the admin account reset process failing.
  2. Multiple Invalid Login Attempts: Repeated incorrect login attempts with the local admin credentials resulted in the admin account being locked out.

Resolution

Table of Contents

If the api_audit.log is showing that a monitoring tool is locking out the account, please check the monitoring tool and remove any test jobs that connect to Aria Operations for Logs. If you see that Aria Operations is locking out the account, please update the password in the integrations to the current password used. Then proceed to unlock the account following the appropriate steps below.

To reset and/or unlock the admin password/account in Aria Operations for Logs, follow the steps below:

Aria Operations for Logs 8.12 and later (formerly vRealize Log Insight 8.8 to 8.10.2):

Reset the admin password

If you have forgotten or lost the credentials to the local admin account, follow the steps below to reset the password. Aria Operations for Logs 8.12 and later contains the updated script by default, which will allow you to reset the password directly to your preferred password.

  1. SSH to any node in the Aria Operations for Logs cluster as root.
  2. Run the following command to reset the admin password: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword

    Note: Using the resetAdminPassword parameter will automatically generate a random password, which you can then change in the UI under the user's preferences in the top right.

  3. Alternatively, you can use the following command to directly supply your desired password: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword NewPassword

    Note: Replace NewPassword in the above command with your desired password. If you are using special characters, please encapsulate the password with single quotes, for example 'Password1!'.

    Note: Review Unable to login into Aria Operations for logs using a local or AD user, Error: Username/Password invalid error received on the UI even when the credentials are valid if you receive an 'Unable to get salt' or 'unable to get user data' error when running the above commands.

Unlock the admin account

If you are unable to log in to the vRealize Log Insight UI with the local admin account, even after changing the password using the li-reset-admin-passwd.sh script mentioned above, proceed to the following to unlock the account:

  1. SSH to any node in the Aria Operations for Logs as root.
  2. Run the following command to observe whether the admin account is locked: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus
  3. If the returned value shows that the admin account is locked, unlock it with the following command: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --unlockAdmin
  4. Run the command from step 2 again to ensure the status is showing unlocked: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus

vRealize Log Insight 8.1.1 - 8.6.2:

Reset the admin password

If you have forgotten or lost the credentials to the local admin account, follow the steps below to reset the password.

Option 1

  1. SSH to any node in the vRealize Log Insight cluster as root.
  2. Run the following command: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh

    Note: This command will reset your admin password to a randomly generated password.

  3. Log in to the vRealize Log Insight UI as admin with the password output from step 2.
  4. Click the Admin username in the top right, and then My Settings.
  5. Enter the Existing Password from step 2, then your new desired password, and click Save.

Option 2

  1. SSH to any node in the vRealize Log Insight cluster as root.
  2. Rename the original script to preserve it: 
    mv /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh.orig
  3. Download the attached li-reset-admin-passwd.sh script, and using a utility like WinSCP, copy it to the /usr/lib/loginsight/application/sbin/ directory on the same node as chosen for step 1.
  4. Run the following command to set permissions on the script: 
    chmod 755 /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh
  5. Run the following command to reset the admin password: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword

    Note: Using the resetAdminPassword parameter will automatically generate a random password, which you can then change in the UI under the user's preferences in the top right. Alternatively, you can use the following command to directly supply your desired password:

    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --resetAdminPassword NewPassword

    Note: Replace NewPassword in the above command with your desired password.

Unlock the admin account

If you are unable to log in to the Aria Operations for Logs (Log Insight) with the local admin account, even after changing the password using the li-reset-admin-passwd.sh script mentioned above, proceed to choose from one of the following options to unlock the account.

Option 1

  1. SSH to any node in the Aria Operations for Logs as root.
  2. Connect to the Cassandra database by following the steps described in Accessing the Cassandra Database in Aria Operations for Logs.
  3. Enable vertical query results by running the following commands: 
    expand on;
use logdb;
  4. Determine the admin user status and ID: 
    select id,status from user where user_name='admin' allow filtering;
  5. If the returned value of status for the admin account is 2, reset it back to 1 with the following command: 
    update user set status=1 where id=adminUserID;

    Note: Replace adminUserID with the ID of the admin user observed in the output from step 4.

  6. Run the command from step 4 again to ensure the status value was set to 1: 
    select id,status from user where user_name='admin' allow filtering;

Option 2

  1. SSH to any node in the Aria Operations for Logs cluster as root.
  2. Rename the original script to preserve it: 
    mv /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh.orig
  3. Download the attached li-reset-admin-passwd.sh script, and using a utility like WinSCP, copy it to the /usr/lib/loginsight/application/sbin/ directory on the same node as chosen for step 1.
  4. Run the following command to set permissions on the script: 
    chmod 755 /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh
  5. Run the following command to observe whether the admin account is locked: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus
  6. If the returned value shows that the admin account is locked, unlock it with the following command: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --unlockAdmin
  7. Run the command from step 5 again to ensure the status is showing unlocked: 
    /usr/lib/loginsight/application/sbin/li-reset-admin-passwd.sh --checkAdminStatus

Additional Information

If you do not have the root password to open an SSH session, please follow KB Reset and unlock the local admin account in VCF Operations for Logs.

VMware Cloud Foundation Installations

If the API is disconnected within SDDC Manager on VMware Cloud Foundation and the admin password has been reset outside of SDDC Manager:

Attachments

li-reset-admin-passwd get_app
Powered by Wolken Software