Operator or admin group user fails to log in vCenter Server Appliance (VCSA)
search cancel

Operator or admin group user fails to log in vCenter Server Appliance (VCSA)

book

Article ID: 380090

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Operator or admin group user fails to log in vCenter Server Appliance (VCSA) using SSH with the following error:

   [sudo] password for [USER ID]
   Traceback (most recent call last):
     File "/usr/lib/applmgmt/base/py/vmware/vherd/base/utils.py", line 153, in getUserPasswordExpiryStatus
       userPasswordStruct = spwd.getspnam(username)
   PermissionError: [Errno 13] Permission denied

   During handling of the above exception, another exception occurred:

   Traceback (most recent call last):
     File "/usr/lib/applmgmt/base/bin/vherdrunner", line 8, in <module>
       vherdrunner.start(vherdrunner.directories)
     File "/usr/lib/applmgmt/base/bin/vherdrunner.py", line 120, in start
       exec(code, childGlobals)
     File "/usr/lib/applmgmt/linux_cli/bin/main-shell", line 11, in <module>
       sys.exit(cli.main(sys.argv, products=('vherd', 'appliance')))
     File "/usr/lib/applmgmt/linux_cli/py/vmware/vherd/linux_cli/cli.py", line 1457, in main
       cliObject.connect(username, password,
     File "/usr/lib/applmgmt/linux_cli/py/vmware/vherd/linux_cli/cli.py", line 326, in connect
       expiry_status = getUserPasswordExpiryStatus(username)
     File "/usr/lib/applmgmt/base/py/vmware/vherd/base/utils.py", line 168, in getUserPasswordExpiryStatus
       raise Exception("Failed to execute password status script : "
   Exception: Failed to execute password status script : Sorry, user test1 is not allowed to execute '/usr/lib/applmgmt/support/scripts/get_user_password_status.py' as root on [VCSA NAME].

Environment

VMware vCenter Server 8.0 Update 2d or later

Resolution

The engineering team is working on the fix to address this in future patch.

To work around the issue, log in vCSA as root user and edit the following file using vim:

    /usr/lib/applmgmt/base/py/vmware/vherd/base/utils.py

   Change the line:

    proc = subprocess.Popen(['sudo', support_script],
                            stdout=subprocess.PIPE, stderr=subprocess.PIPE)

   to

    proc = subprocess.Popen(['sudo', '/bin/sudo_py_vmw_path_pp_wrapper.sh', support_script],
                            stdout=subprocess.PIPE, stderr=subprocess.PIPE)

   then, restart the appliance management service.

         service-control --restart applmgmt