Password Management on SDDC Manager UI displays the status as "--" for all resource types
search cancel

Password Management on SDDC Manager UI displays the status as "--" for all resource types

book

Article ID: 427536

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • The expiry status column on Password Management in SDDC Manage UI displays "--" for the resource type

  • Attempting the validate the password expiration for resource VCENTER using API explorer returns "Status: 404, Not Found"

    • Log in to SDDC UI
    • Navigate to Developer Center -> API Explorer -> Credentials -> POST /vi/credentials/expirations
    • Under the Value for body enter the below
      {
    "credentialIds": [ "" ],
    "domainName": "",
    "resourceType": "VCENTER"
}
    • Click Execute

  • /var/log/vmware/vcf/operationsmanager/operationsmanager.log (on SDDC Manager)

YYYY-MM-DDTHH:MMM:SS WARN  [vcf_om,<>,####] [c.v.v.f.i.FeatureInterceptor,http-nio-127.0.0.1-7300-exec-7] Feature feature.vcf.passwordmanagement.notification.expiry is disabled
YYYY-MM-DDTHH:MMM:SS WARN  [vcf_om,<>,####] [c.v.v.f.i.FeatureInterceptor,http-nio-127.0.0.1-7300-exec-6] Feature feature.vcf.passwordmanagement.notification.expiry is disabled

Cause

SDDC Manager proactively monitors the Time-to-Live (TTL) of system account passwords. The core of the issue lies in the configuration of the VMware Cloud Foundation (VCF) feature flags.

The parameter "feature.vcf.passwordmanagement.notification.expiry" controlling password expiry notifications has been altered from its default state.

Resolution

Proceed to remove the non-default paramter on SDDC Manager

  1. Log in to SDDC Manager via ssh
  2. Switch user to root using the command:

    su root

  3. Execute the below command to validate the parameter "feature.vcf.passwordmanagement.notification.expiry"

    grep "feature.vcf.passwordmanagement.notification.expiry" /home/vcf/feature.properties /etc/vmware/vcf/operationsmanager/application.properties

  4. As per the output from Step 3, remove the specific line from the file using vi editor
  5. Restart VMware Cloud Foundation Operations Manager service using

systemctl restart operationsmanager

Additional Information

To validate the credential expiration using API command

  1. Log in to SDDC using ssh and switch user to root
  2. Generate a token

    TOKEN=$(curl -s -k -d '{"username":"<SSO Username@Domain>","password":"<SSO_Password"}' -H "Content-Type: application/json" -X POST https://<SDDC Manager FQDN>/v1/tokens | jq -r '.accessToken')

  3. Perform password expiration check

    curl -X POST https://<SDDC Manager FQDN>/v1/credentials/expirations -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" -d '{"resourceType": "VCENTER"}' -ik

Sample Output:

HTTP/1.1 404
Server: nginx
Date: Day, DD Jan YYYY HH:MM:SS <timezone>
Content-Length: 0
Connection: keep-alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

Powered by Wolken Software