Unable to log into the tunnel with the root account after upgrading VMware Cloud Director Availability
search cancel

Unable to log into the tunnel with the root account after upgrading VMware Cloud Director Availability

book

Article ID: 407591

calendar_today

Updated On:

Products

VMware Live Recovery

Issue/Introduction

  • After performing an upgrade to VMware Cloud Director Availability, attempts to log into the tunnel appliance UI or command line interface with the root account fail even if the credentials are known to be correct.
  • Attempts to run the passwd command result in an error similar to the following:

    module is unknown

  • tcpdump had been previously installed on the appliance.
  • In the upgrade.log, it can be seen that tcpdump was removed and/or that the photon_vasecurity was installed during the upgrade process.

Environment

VMware Cloud Director Availability 4.7.3

Cause

Installation of tcpdump on the appliance requires the explicit removal of the existing photon_vasecurity rpm, which is unsupported. During the upgrade, photon_vasecurity is reinstalled since it is no longer present, which reapplies configuration settings (including the PAM configuration) that were appropriate when it was first introduced to the system, but have changed significantly in later versions of VMware Cloud Director Availability (VCDA). This damages the system authentication layer, which prevents successful authentication and management of the authentication configuration.

Resolution

In order to remediate the issue, redeploy the tunnel appliance, as detailed in the following:

Replace a Tunnel Appliance instance

Additional Information

Alternatively, if there is a valid backup for the appliance, a new appliance can be deployed and the backup restored to address the issue:

Restore the appliances in the cloud

Please note: It is required that backups are restored to the same version of the appliance that was used at the time of backup. Backups taken before the upgrade will require the deployment of an appliance of that version and a subsequent upgrade to align it with the current environment. Individual appliance restorations are not recommended with other appliances (replication manager and replicators) for this behavior since it may create a misalignment in the replication information between the devices.

Powered by Wolken Software