Getting an error when trying to trigger inventory sync for identity manager from life cycle manager. Error Code: LCMVIDMIMPORT0018 Unable to verify SSH user's password. Ensure the password is not already expired and retry after providing valid crede..
Article ID: 410175
Updated On:
Products
Issue/Introduction
Getting an error when trying to trigger inventory sync for identity manager from life cycle manager.
The /var/log/vrlcm/vmware_vrlcm.log file shows:
1. the above error info all over in it:
2025-09-08T20:01:03.292Z INFO vrlcm[1257] [http-nio-8080-exec-2] [c.v.v.l.r.c.RequestController] -- Retry error cause data : [ { "messageId" : "LCMVIDMIMPORT0018", "message" : "Unable to verify SSH user's password. YXYXYXYX the password YXYXYXYX already expired and retry after providing valid credentials.", "eventId"............, "exceptionMessage" : "Cannot execute ssh commands. Exception encountered : Session.connect: java.security.spec.InvalidKeySpecException: key spec not recognized"
2. and it shows the error messages in the log file:
Sep 08 21:32:55 <FQDN of IDM node> sshd[12690]: error: Received disconnect from <LCM-IP> port Deprecated option RhostsRSAAuthentication
Sep 08 21:32:55 <FQDN of IDM node> sshd[12690]: error: Received disconnect from <LCM-IP> port 60324:3:java.security.spec.InvalidKeySpecException: key spec not recognized [preauth]
Sep 08 21:32:55 <FQDN of IDM node> sshd[12690]: Disconnected from <LCM-IP> port 60324 [preauth]
Environment
1. It is confirmed that SSH user password has not expired, by running the commands pam_tally2 --user=sshuser and chage -l sshuser.
2. Also confirmed that the deprecated SSH cryptographic settings from VIDM Appliance and Aria Suite Lifecycle appliance was removed in the earlier version using the KB document https://knowledge.broadcom.com/external/article?articleNumber=327325
It was working for long time until the recent certificate update process was ran.
During the certificate replacement process it runs the inventory sync as part of the certificate replacement procedure.
Cause
Corruption in the /etc/ssh/sshd_config file on Aria Suite Lifecycle and/or IDM machine
Resolution
ssh into the LCM and IDM nodes with root account.
Open /etc/ssh/sshd_config file in both Aria Suite Lifecycle node and IDM nodes.
In both the machines there are 3 lines in this file that starts with
1. Ciphers
2. MACs
3. KexAlgorithms
Make sure the entires in the lines starting with Ciphers, MACs and KexAlgorithms are exatly same in this file in the LCM and IDM nodes
3. After matching the lines in the sshd_config files on both machine, retry the inventory sync.
Additional Information
1. if commands
pam_tally2 --user=sshuser and
chage -l sshuser
outpur shows that the sshuser password has expired, reset the sshuser password by following the procedure in the steps in the KB doc https://knowledge.broadcom.com/external/article/396337/inventory-sync-failure-for-vidm-with-err.html
2. If the customer did not remove the deprecated SSH cryptographic settings from VIDM Appliance, that was recommend from Aria Suite Lifecycle 8.14 and later versions, follow the procedures explained in KB document https://knowledge.broadcom.com/external/article?articleNumber=327325 ro remove it.
Feedback
