Remediation of vSphere Configuration Profile fails with "Apply plugin SET:esx:system:snmp failed"

Products

VMware vCenter Server VMware vCenter Server 8.0

Issue/Introduction

Attempting a remediation of vSphere Configuration Profile (VCP) fails with "Apply plugin 'SET:esx:system:snmp' failed"

/var/run/log/syslog.log (on ESXi host):

YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: Using VMware ESXi syslog APIs
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: info [ConfigStore:<>] CPP plugin runner invoked.
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: [PluginContext]: Plugin task context created @0x5d864b0070, count=1 for task <Task ID>
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: info [ConfigStore:<>] dlopen(module=libesx_system_snmp.so) succeeded.
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: info [ConfigStore:<>] Executing function{SetConfig}, on module{libesx_system_snmp.so} of version{2}
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: SnmpAgentConfigImpl: Remediating SNMP desired configuration {"port":161,"enabled":true,"v3_traps":[{"type":"TRAP","username":"<snmp user name>","trap_dest":"<snmp server>@161","security_level":"PRIVACY"},{"type":"TRAP","username":"<snmp user name>","trap_dest":"<snmp server>@161","security_level":"PRIVACY"}],"v3_users":[{"username":"<snmp user name>","security_level":"PRIVACY"},{"username":"<snmp user name>","security_level":"PRIVACY"}],"log_level":"WARNING","use_sensors":false,"privacy_protocol":"AES###",
"support_large_storage":true,"authentication_protocol":"<SHA###>","engine_id":"<engine ID>"}
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: SnmpAgentConfigImpl: trap filters are size 0s
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: SnmpAgentConfigImpl: Updated snmp.xml during bootup
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: SnmpAgentConfigImpl: PokeFWPort: allowed access to port 161
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: SnmpAgentConfigImpl: PokeFWPort: allowed access to port 161
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: SnmpAgentConfigImpl: UpdateFirewall: 2 out of 2 ports updated
YYYY-MM-DDTHH:MM:SS snmpd[PID]: Secret must be at least eight(8) characters in length, got ''
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: SnmpAgentConfigImpl:RectifyEngineIdAndV3UsersConfig: Unable to generate hashes for user [<snmp user name>]: Child process failed, returned exit code=1
YYYY-MM-DDTHH:MM:SS ConfigStore[PID]: Exception in snmp set config Unable to generate hashes for user [snmp user name]: Child process failed, returned exit code=1

Cause

The issue is caused due to "#" symbol in the "authentication_secret" and "privacy_secret" value of snmp configuration. Any text following a "#" on a line is ignored by the Python interpreter and is not considered part of the executable code.

Resolution

Log in to vCenter Server using vSphere Client
Click on the Hamburger icon and click Inventory
Under Inventory, select the cluster that requires remediation for VCP
On the right pane, click on Configure
Navigate to Desired State -> Configuration
Click on Draft -> Import from host (select one host as reference)
Post Import, navigate to Draft -> system -> snmp
Proceed to edit snmp
On the popup window, expand users and update the value for "authentication_secret" and "privacy_secret"

Note: This value must not include "#" as a character

Click SAVE and proceed with the remediation

Additional Information

In case of configuring using json, the user section should be as below:

"v3_users": [
{
"username": "<user name>",
"privacy_secret": "<secret>",
"security_level": "PRIVACY",
"authentication_secret": "<secret>"
},
{
"username": "<user name>",
"privacy_secret": "<secret>",
"security_level": "PRIVACY",
"authentication_secret": "<secret>"
}
],
"log_level": "WARNING",
"use_sensors": false,
"privacy_protocol": "<AES###>",
"support_large_storage": true,
"authentication_protocol": "<SHA#>"