Aria Operations for Logs admin account keeps getting locked out even after unlocking it.
search cancel

Aria Operations for Logs admin account keeps getting locked out even after unlocking it.

book

Article ID: 401155

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Running the nodetool-no-pass status command on both primary and worker nodes will show that all nodes are up and running.
  • Admin account keeps getting locked even after unlocking it after following the KB 

    Reviewing the runtime and Cassandra logs at /var/log/vmware/loginsight/ will reveal certificate-related errors, as illustrated below.

    runtime.log
    [2025-06-12 09:15:57.626+0000] ["netty-event-loop-67"/##.###.###.# ERROR] [play.core.server.netty.PlayRequestHandler] [Exception caught in Netty]
    io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown ca

    cassandra.log
    2025-06-12T09:28:40,252 AbstractChannelHandlerContext.java:311 - An exception 'java.lang.NullPointerException' [enable DEBUG level for full stacktrace] was thrown by a user handler's exceptionCaught() method while handling the following
    io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: java.lang.Unknown_ca

Environment

Aria Operations for logs 8.18.x

Cause

This can cause if the admin account password is changed and when it's integrated to any other Endpoints end up locking it
This can occur be due to anomalies in the custom certificates.

Resolution

Note: Ensure that snapshots of all nodes (both primary and worker nodes) are securely taken before making any changes.

To resolve the issue, please refer to the following Knowledge Base (KB) articles to unlock the account:

If the above steps does not resolve the issue, please proceed with the following steps to switch to self-signed certificates:

  1. Generate a self-signed certificate and install it by following the instructions in this KB article.

  2. Once the self-signed certificate is successfully applied, the admin account will be unlocked.

If you wish to revert to using custom (CA-signed) certificates afterward:

  1. Generate a new Certificate Signing Request (CSR) using this documentation.

  2. Submit the CSR to a trusted Certificate Authority (CA), and request that the signed certificate be encoded in PEM format.

  3. Once you receive the signed certificate, upload and install it by following this documentation.

Powered by Wolken Software