The password manager integrated within SDDC manager reports that the vCenter Server root account is currently in a disconnected state
search cancel

The password manager integrated within SDDC manager reports that the vCenter Server root account is currently in a disconnected state

book

Article ID: 415961

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

The vCenter Server root account remains in a disconnected state within the SDDC manager, despite successful completion of password remediation or update procedures.

 

Environment

VMware Cloud Foundation 4.x

VMware Cloud Foundation 5.x 

VMware Cloud Foundation 9.x 

Cause

The SDDC manager database was updated with an incorrect expiration date for the vCenter Server root password.

As a result, the vCenter root account shows disconnected in the password manager.

Resolution

To verify and correct the vCenter root account expiration date in the SDDC Manager database, follow these steps outlined below:

  1. Confirm Account Expiration date:
    • Access SDDC Manager Appliance:
      • SSH into the SDDC Manager Appliance using the vcf user.
      • Switch to the root user: su -

    • Access SDDC Manager Database:
      • Connect to the database:
         psql -h localhost -U postgres

      • Connect to the operationsmanager database:
         \c operationsmanager

      • Run the following query to check vCenter credential expiration date:
         select * from passwordmanager.credential_expiry where resource_type='VCENTER';

    • Sample Output:

      The output will display details including id, credential_id, resource_fqdn, username, expiry_date, fetch_time, resource_type, domain_name, fetch_status, fetch_error, credential_type, and validity_status.

    • An errorMessage such as "Unauthenticated..." or "PASSWORD_MANAGER_RETRIEVE_PASSWORD_EXPIRY_FAILED" in the fetch_error column, along with validity_status as INVALID, indicates an authentication failure or an expired password.

        id | credential_id          | resource_fqdn | username | expiry_date | fetch_time | resource_type | domain_name | fetch_status | fetch_error | credential_type | validity_status

       ## | ####-####-####-####-####| FQDN of VC    | root     | YYYY-MM-DD HH:MM:SS | YYYY-MM-DD HH:MM:SS | VCENTER | DOMAIN | FAILED | {"errorCode":"PASSWORD_MANAGER_RETRIEVE_PASSWORD_EXPIRY_FAILED","arguments":["FQDN of VC"],"errorMessage":"Unauthenticated..."} | PASSWORD | INVALID

  2. Update the expiration date for the affected vCenter root account to a valid timestamp, set fetch_status value to SUCCEEDED using the id (##) captured from the previous output:

    update passwordmanager.credential_expiry set expiry_date='YYYY-MM-DD HH:MM:SS', fetch_status='SUCCEEDED' where id=##;

  3. Validate the status of the vCenter root account in password manager by refreshing the SDDC manager UI. The vCenter root account status should now appear as Active under password manager.
Powered by Wolken Software