VMware Cloud Community
itmanager2002
Contributor
Contributor
Jump to solution

vcenter appliance root login denied

Hi,

facing a problem for the past 4 months.

i'm unable to login to the vcenter appliance root account.

via ssh or local console. both throw an access denied error.

i've tried to see if the password has expired per this article: http://www.virtuallyghetto.com/2013/09/how-to-recover-vcsa-55-from-expired.html

it was not.

while i was in there i decided to do try this: http://www.virtualpotholes.com/post/124746380849/how-to-reset-the-root-password-for-vcsa-60

confirmed that multiple articles said the same thing: http://www.settlersoman.com/how-to-reset-root-password-on-vcenter-appliance-vcsa-6-x/

saved the shadow file, unmounted the drive and rebooted.

i'm still unable to logon via ssh or local shell.

i'm stumped.

Reply
0 Kudos
1 Solution

Accepted Solutions
itmanager2002
Contributor
Contributor
Jump to solution

I found some detail into the reason's this was happening.

when i tried logging in via ssh i just woudl get access denied. the same when logging in via the console.

when i tried changing the console session (ALT-F1) and logging in there i got a telling message.

account locked due to 1342 failed logins

Capture.PNG

:smileyblush: like i said, it's been 4 months.

all the reset procedure's i've tried DID work. however the account was still LOCKED.

according to the shadow file it was not. but according to the tally2 pam addin it was!

following this article (http://www.sneaku.com/2015/06/12/vrealize-operations-manager-6-0-root-account-locked/) and skimming some general linux distro forums validated these findings.

i was able to use this to unlock the account.

View solution in original post

4 Replies
jpsider
Expert
Expert
Jump to solution

my god, 4 months!!!!

What do you need to connect with root for?  My best guess would be to cut your losses and setup a new appliance.

Are you able to get into it with a different account?

Reply
0 Kudos
itmanager2002
Contributor
Contributor
Jump to solution

i'm able to get in via the administrator account.

the reason i need root is to do patches on the appliance (unless i don't need root for that?)

the appliance was originally a vcenter server in 4.5 then migrated to 5.5 and then updated to 6.0. trying to get it up to date.

making a new appliance would be very time intensive and there are many vapps and such.

according to a few articles using a boot disk to change the shadow file works. i'm not sure why it hasn't in my case.

any insight?

thanks

Reply
0 Kudos
itmanager2002
Contributor
Contributor
Jump to solution

I found some detail into the reason's this was happening.

when i tried logging in via ssh i just woudl get access denied. the same when logging in via the console.

when i tried changing the console session (ALT-F1) and logging in there i got a telling message.

account locked due to 1342 failed logins

Capture.PNG

:smileyblush: like i said, it's been 4 months.

all the reset procedure's i've tried DID work. however the account was still LOCKED.

according to the shadow file it was not. but according to the tally2 pam addin it was!

following this article (http://www.sneaku.com/2015/06/12/vrealize-operations-manager-6-0-root-account-locked/) and skimming some general linux distro forums validated these findings.

i was able to use this to unlock the account.

sarikrizvi
Enthusiast
Enthusiast
Jump to solution

Issue:- Resetting Appliance (vCenter, vRA,etc.) password


Troubleshooting Steps #


1. Apply KB # 196 (VMware Knowledge Base) for Repeated characters when typing in remote console

2. Reboot appliance and Go to grub >>>Type e

3. Scroll to the second line displaying the kernel boot parameters >>>   Type e   >>>   Type init=/bin/bash  >>>   Enter   >>>    Type b

4. System boots to a shell    # >>>     Type passwd    >>>     change new password

5. Unlock root account  - pam_tally --user root --reset  or faillog -u root -r   >>>    Reboot .

Use above troubleshooting steps and issue will get resolve Smiley Happy

Regards,
SARIK (Infrastructure Architect)
vExpert 2018-2020 | vExpert - Pro | NSX | Security
vCAP-DCD 6.5 | vCP-DCV 5.0 | 5.5 | 6.0 | vCA-DCV 5 | vCA-Cloud 5 | RHCSA & RHCE 6 | A+ (HW & NW)
__________________
Please Mark "Helpful" or "Correct" if It'll help you
_____________________________________
@Follow:
Blog# https://vmwarevtech.com
vExpert# https://vexpert.vmware.com/directory/1997
Badge# https://www.youracclaim.com/users/sarik
Reply
0 Kudos