VCF Operations upgrade fails with misleading "Invalid password" error due to blocked SSH service on Fleet/LCM node
search cancel

VCF Operations upgrade fails with misleading "Invalid password" error due to blocked SSH service on Fleet/LCM node

book

Article ID: 442350

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • During the VCF Operations upgrade, on the "Fleet Management v9.0 Node Data Migration to VCF Operations" wizard page, entering the correct root password for the Fleet Management node results in a red UI error: "Invalid password. Please try again."

  • Despite verifying that the root password is correct, the same error persists on subsequent attempts.

  • Opening the Browser Developer Tools (F12), navigating to the Network tab, and inspecting the solution.action request details reveals an HTTP 500 error with the following JSON response under Preview:

    {
      "success": false, 
      "errorType": "INVALID_PASSWORD",
      "clusterErrorMsg": "fleet.node.management.service.unavailable",
      "errorArguments": [
        "SSH service is not available on LCM node"
      ],
      "errorMessage": "Service unavailable - server may be down",
      "errorMessageKey": "fleet.node.management.service.unavailable",
      "responseCode": 500
    }

Environment

VMware Cloud Foundation 9.1

Cause

The "Invalid password" prompt displayed in the frontend UI is misleading.

The actual root cause revealed by the backend API payload is that the VCF Operations node cannot establish an SSH connection with the Fleet (LCM) node. This is typically caused by firewall restrictions in the environment blocking TCP port 22 traffic. Because the upgrade service cannot reach the destination (Service unavailable), the application handles this connection failure abnormally and incorrectly maps it to an INVALID_PASSWORD error type in the UI.

Resolution

To resolve this issue, the SSH communication between the VCF Operations node and the Fleet (LCM) node must be allowed:

  1. Verify Connectivity: Log in to the VCF Operations node CLI and manually run ssh root@<Fleet_Node_IP_or_FQDN> to confirm that the connection is being blocked (resulting in a Timeout or Connection Refused).

  2. Engage Network Team: Contact your Network/Security team to review the firewall rules between the two nodes.

  3. Update Firewall Rules: Ensure that TCP port 22 (SSH) traffic from the VCF Operations node to the Fleet Management (LCM) node is explicitly allowed.

  4. Retry Migration/Upgrade: Once SSH connectivity is verified from the CLI, return to the VCF Operations UI, re-enter the root password, and click OK to resume the migration and upgrade process.

Powered by Wolken Software