vCenter Upgrade via SDDC manager Failing During Pre-Checks: "vCenter Root Account is Locked or Has Expired" Error
search cancel

vCenter Upgrade via SDDC manager Failing During Pre-Checks: "vCenter Root Account is Locked or Has Expired" Error

book

Article ID: 414317

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

 During an upgrade of the vCenter via SDDC Manager, the upgrade process fails during the pre-checks with the following error message:
"vCenter root account is locked or has expired."

 

Cause

SDDC manager does not support RSA algorithm & it supports ecdsa & ed25519 algorithms. 

In the sshd_config files of the vCenter the below host keys are commented out(disabled).

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

The algorithms are also missing in the known_hosts files. 

/etc/vmware/vcf/commonsvcs/known_hosts

/root/.ssh/known_hosts

/home/vcf/.ssh/known_hosts

 

 

Resolution

1.  Enable ECDSA and ED25519 keys on the vCenter by uncommenting the lines in the sshd_config file of the vCenter.

2. Performed ssh-keyscan and added the RCA, ECDSA, and ED25519 keys to all three known_hosts files.

For SSH Key scan, run the command below:

ssh-keyscan <vc-fqdn> 2> /dev/null >> /etc/vmware/vcf/commonsvcs/known_hosts

ssh-keyscan <vc-fqdn> 2> /dev/null >> /root/.ssh/known_hosts

ssh-keyscan <vc-fqdn> 2> /dev/null >> /home/vcf/.ssh/known_hosts

 

 

Powered by Wolken Software