Hi,
facing a problem for the past 4 months.
i'm unable to login to the vcenter appliance root account.
via ssh or local console. both throw an access denied error.
i've tried to see if the password has expired per this article: http://www.virtuallyghetto.com/2013/09/how-to-recover-vcsa-55-from-expired.html
it was not.
while i was in there i decided to do try this: http://www.virtualpotholes.com/post/124746380849/how-to-reset-the-root-password-for-vcsa-60
confirmed that multiple articles said the same thing: http://www.settlersoman.com/how-to-reset-root-password-on-vcenter-appliance-vcsa-6-x/
saved the shadow file, unmounted the drive and rebooted.
i'm still unable to logon via ssh or local shell.
i'm stumped.
I found some detail into the reason's this was happening.
when i tried logging in via ssh i just woudl get access denied. the same when logging in via the console.
when i tried changing the console session (ALT-F1) and logging in there i got a telling message.
account locked due to 1342 failed logins
:smileyblush: like i said, it's been 4 months.
all the reset procedure's i've tried DID work. however the account was still LOCKED.
according to the shadow file it was not. but according to the tally2 pam addin it was!
following this article (http://www.sneaku.com/2015/06/12/vrealize-operations-manager-6-0-root-account-locked/) and skimming some general linux distro forums validated these findings.
i was able to use this to unlock the account.
my god, 4 months!!!!
What do you need to connect with root for? My best guess would be to cut your losses and setup a new appliance.
Are you able to get into it with a different account?
i'm able to get in via the administrator account.
the reason i need root is to do patches on the appliance (unless i don't need root for that?)
the appliance was originally a vcenter server in 4.5 then migrated to 5.5 and then updated to 6.0. trying to get it up to date.
making a new appliance would be very time intensive and there are many vapps and such.
according to a few articles using a boot disk to change the shadow file works. i'm not sure why it hasn't in my case.
any insight?
thanks
I found some detail into the reason's this was happening.
when i tried logging in via ssh i just woudl get access denied. the same when logging in via the console.
when i tried changing the console session (ALT-F1) and logging in there i got a telling message.
account locked due to 1342 failed logins
:smileyblush: like i said, it's been 4 months.
all the reset procedure's i've tried DID work. however the account was still LOCKED.
according to the shadow file it was not. but according to the tally2 pam addin it was!
following this article (http://www.sneaku.com/2015/06/12/vrealize-operations-manager-6-0-root-account-locked/) and skimming some general linux distro forums validated these findings.
i was able to use this to unlock the account.
1. Apply KB # 196 (VMware Knowledge Base) for Repeated characters when typing in remote console
2. Reboot appliance and Go to grub >>>Type e
3. Scroll to the second line displaying the kernel boot parameters >>> Type e >>> Type init=/bin/bash >>> Enter >>> Type b
4. System boots to a shell # >>> Type passwd >>> change new password
5. Unlock root account - pam_tally --user root --reset or faillog -u root -r >>> Reboot .
Use above troubleshooting steps and issue will get resolve