List of vCenter Server user accounts created during VCSA installation
search cancel

List of vCenter Server user accounts created during VCSA installation

book

Article ID: 407968

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • The VMware vCenter Server Appliance (VCSA) has numerous service accounts in order to isolate services. These accounts are required by the product and not removable. 

  • These accounts should not be modified and are not considered as normal user accounts for which credentials can't be rotated or managed.

The following list of user accounts are automatically created on an vCenter server at the time of installation.

 
perfcharts-UID Default  internal service accounts used by vCenter services 
topologysvc-UID Default  internal service accounts used by vCenter services 
vmware-vsm-UID Default  internal service accounts used by vCenter services 
vsphere-ui-UID Default solution user accounts in the vCenter server used for internal communication between components.
vsphere-webclient-UID Default solution user accounts in the vCenter server used for internal communication between components.
vpxd-UID Default solution user accounts in the vCenter server used for internal communication between components.
vpxd-extension-UID Default solution user accounts in the vCenter server used for internal communication between components.
vpxd-svc-acct-UID Default  internal service accounts used by vCenter services 
vpxd-svcs-user-UID Default  internal service accounts used by vCenter services 
observability-vapi-UID Default  internal service accounts used by vCenter services 
applmgmtSvcUsers Internal group in the SSO domain
AutoUpdate Default  internal service accounts used by vCenter services in SSO domain
SyncUsers Default  internal service accounts used by vCenter services in SSO domain
vSphereClientSolutionUsers Internal group in the SSO domain
vStatsGroup Internal group in the SSO domain
TrustedAdmins Internal group in the SSO domain
WorkloadStorage Internal group in the SSO domain

 

Command to list the default service accounts in the vCenter Server:

# /usr/lib/vmware-vmafd/bin/dir-cli svcaccount list


Enter password for administrator@<local sso_domain>:


1. serviceaccountmgmt-<vCenter Server Node ID>
2. sts-<vCenter Server Node ID>
3. vpxd-svcs-user-<vCenter Server Node ID>
4. certificateauthority-<vCenter Server Node ID>
5. observability-vapi-<vCenter Server Node ID>
6. trustmanagement-<vCenter Server Node ID>
7. vpxd-svc-acct-<vCenter Server Node ID>
8. vsphere-ui-<vCenter Server Node ID>
9. cms-<vCenter Server Node ID>
10. vmware-scaservice-<vCenter Server Node ID>
11. sps-<vCenter Server Node ID>
12. topologysvc-<vCenter Server Node ID>
13. vmware-vsm-<vCenter Server Node ID>
14. vmware-applmgmtservice-<vCenter Server Node ID>
15. hvc-svc-<vCenter Server Node ID>
16. content-library-user-<vCenter Server Node ID>
17. perfcharts-<vCenter Server Node ID>

 

In an environment using Enhanced Linked Mode entries will be visible for each linked vCenter.

The following command will allow you to identify the <vCenter Server Node ID> for each individual vCenter

/usr/lib/vmware-vmafd/bin/vmafd-cli get-machine-id --server-name localhost

 

Environment

VMware vCenter Server

Resolution

Not Applicable -This is informational KB.

Powered by Wolken Software