Health Check operations in SDDC Manager fails at: "Password-check: Perform Password expiry status checks on SDDC components
search cancel

Health Check operations in SDDC Manager fails at: "Password-check: Perform Password expiry status checks on SDDC components

book

Article ID: 423148

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • Health Check operations in SDDC Manager fails at the sub-task: Password-check Perform Password expiry status checks on SDDC components

  • While checking sos.log located at (/var/log/vmware/vcf/sddc-support/vcf_sos.log) we can notice the following entry: 
    YYYY-MM-DDTHH:MM:SS.483+0000 INFO [vcf_sos] [util.py::log_password_check::2247::get_passsword_expirationThread0] Expiration information for user vcf on : sddc.example.com :{'user': 'vcf', 'host': 'sddc.example.com', 'component': 'SDDC', 'cmd': 'chage -l vcf', 'last_change': 'Month Day, YYYY', 'expiry': 'Month Day, YYYY', 'expires_in': -1}
  • To identify which components are failing the validation check, log in to the SDDC Manager VM console as root and run a manual password health check. Components marked in RED indicate passwords that are either already expired or will expire within 7 days: 
    /opt/vmware/sddc-support/sos --password-health --domain-name ALL
    Example output showing Expiry date less than current date:

Environment

VMware Cloud Foundation 5.x

Cause

Expired password of vcf user account for SDDC Manager Appliance

Resolution

Extend the expiration date for the vcf account on the SDDC Manager appliance using the chage command while logged in to the Console for the VM using root credentials, steps to achieve the same is mentioned below:

  1. Log in to the vSphere Client for the management domain.

  2. Locate the SDDC Manager VM in the inventory.

  3. Right-click the VM and select Open Console (or Launch Web Console).

  4. At the login prompt, enter root.

  5. Provide the current root password.

  6. Before making changes, it is good practice to see the current settings for the vcf user: 
    chage -l vcf
    This will display the "Maximum number of days between password change" and the "Password expires" date.

  7. You can use the chage command to modify the expiration parameters. Choose the option that fits your requirement:

  8. To set the password to expire every 90 days use the command: 
    chage -M 90 vcf
  9. To set the password to expire every 999 days use the command: 
    chage -M 999 vcf
  10. Run the list command again to ensure the "Password expires" field reflects your changes: 
    chage -l vcf

If you have forgotten the current root and vcf password then you would need to follow the steps mentioned in KB here to reset it: How to reset SDDC Manager vcf and root user accounts

 

Powered by Wolken Software