VMware Cloud Community
kunal_sdubey
Contributor
Contributor

SDDC Manager show High: Password has expired and upgrade will fail due to this.

I have upgrade vcf 3.10.2.2 to 3.11.0.0 after upgrading SDDC showing me error on precheck 

multiple component showing the password expiry error, while checking the appliance password expiry was set to never.

Password expiry for VC, PSC, VRLCM, Vrops

Reply
0 Kudos
6 Replies
padapa2022
Contributor
Contributor

Could you post a screenshot of the pre-check failing with errors? Also, this occurs due to two things, 

1. Either the passwords are expired and need to be updated using the SDDC Manager for the components

2. The password expiry option should NOT be set to Never Expire, At the max it should be set to 365 days according to the pre-check in SDDC Manager.

 

Hope this helps.

Pradeep Adapa

Pradeep Adapa
McDonald43452
Contributor
Contributor

When completing an upgrade precheck in SDDC-Manager the NSX-T password validity check fails:

Impact - HIgh: Password has expired and upgrade will fail due to this.

You will see the following in the /var/log/vmware/vcf/lcm/lcm-debug.log:

2021-06-17T19:10:20.089+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validation status for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: nsx.corp.local is SUCCEEDED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: nsx.corp.local is in -22 days
2021-06-17T19:10:20.090+0000 INFO [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK on resource id nsx.corp.local with status RED MyTHDHR Schedule

Reply
0 Kudos
nikhilslad
Contributor
Contributor

You need to Set password expiry for root and admin to 9999:



1. SSH to NSX-T VIP with admin credentials

2. Check password expiry for both root and admin accounts

getuser admin password-expiration


3. If the password has expired or is set to 99999 use the following command to set password expiryto 9999

set user admin password-expiration 9999

Hope This Helps...

Thanks.


4. Retry upgrade precheck in SDDC-Manager

-Nikk
Reply
0 Kudos
Bridgetburgh
Contributor
Contributor

With VMware Cloud Foundation password management of SDDC components is handed off to the SDDC manager. The SDDC manager can rotate the passwords for VMware components such as ESXi, Virtual Centre and NSX-T. A very useful feature and a great way. of keeping admin and root accounts secure in the infrastructure. So what happens when the rotation is perhaps missed and the NSX-T passwords expire?

Panorama Charter Home

Reply
0 Kudos
padapa
Contributor
Contributor

Even if the password expires, you can still Rotate the password of that Component (Like VROPS, NSX-V, NSX-T etc.), That is the beauty in VCF.

Reply
0 Kudos
Catyssun
Contributor
Contributor

just checked My password has Expired. I have updated it with a New one, RIght now, it’s working Fine. Thanks To you. PayByPlateMa com Online Toll Bills

Reply
0 Kudos