MrStayPuft
Contributor
Contributor

Change Password for Active Directory Account running VMware VirtualCenter Server

Jump to solution

We have an ESXi5.5 environment and I have been tasked with changing the password for the Active Directory account that is used to run the VMware VirtualCenter Server Service.

There is a Data Source configured for a separate MS-SQL Server which is configured to use Windows Authentication

I have located the KB Article VMware KB: Changing the vCenter Server database user ID and password

On the key: KEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter\DB The values for 2 and 3 are blank

It is not entirely clear to me if the vpxd.exe -p command is required with our environment (AD service account and Windows Authentication) or if that is only if SQL Authentication is set on the Data Source - would anybody have experience of this change and be able to clarify for me?

thanks

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
Nithy07cs055
Hot Shot
Hot Shot

Yes you are correct ,

but i would suggest to Stop the services first before doing the activity ,  it can take the old password in some times and leads to account lock out

2. once the password is updated , make sure the Logon account is updated( is the current services running on local account or the specified user account ?)

if it is running using the specified account , you need to updated and restart the services ,

3. make sure the services are running fine and observe for a while, the user account should not get locked out .

Let me know , if you have any other questions

Thanks and Regards, Nithyanathan R Please follow my page and Blog for more updates. Blog : https://communities.vmware.com/blogs/Nithyanathan Twitter @Nithy55 Facebook Vmware page : https://www.facebook.com/Virtualizationworld

View solution in original post

4 Replies
haripadmam
Hot Shot
Hot Shot

If the user account stated by you is used by vCenter to connect with database, then do the following as per KB for vSphere 5.5:

To change the vCenter Server user ID for SQL database connections for vCenter Server 5.x and earlier:


Note
: Before making any registry modifications, ensure that you have a current and valid backup of the registry. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 136393.

  1. Take a full backup of the registry prior to editing it. Do not skip this step.
  2. Click Start > Run, type regedit and click OK.
  3. In the Windows Registry Editor, navigate to:

    • HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter\DB (under My Computer)

    • For 32-bit versions of vCenter Server running on 64-bit versions of Windows:

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware VirtualCenter\DB


    • For vCenter Server 5.0:

      HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter\DB

      Note: To see these keys in a 32-bit version of the Registry Editor in a 64-bit operating system, click Start > Run, type%systemroot%\syswow64\regedit, and click OK.

  4. Right-click 2 and click Modify.
  5. Enter the database user ID in the Value data field.
  6. Click OK.

and then to update the password, execute the following:

To update the password used by the vCenter Server for database connections to the SQL Database, use one of these options:

For VirtualCenter 2.5 Update 2 and later, the -p command line flag sets the database password in vCenter Server:

  1. Click Start, right-click Command Prompt, and select Run as administrator to open a command prompt as an administrator.
  2. Run this command:

    For vCenter Server 5.5 and earlier:

    C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vpxd.exe -p

    Note:This is the default path to the vCenter Server installation directory. Change the path appropriately, if required.

  3. Enter a new password when prompted.

    Note: If changing any SQL authentication modes or credentials (for example, changing from SQL to Windows authentication), ensure that the ODBC System DSN utilized for the vCenter Server database connection is also updated to reflect the credential changes.

  4. Restart the vCenter Server service.  For more information, see Stopping, starting, or restarting vCenter services (1003895) and Stopping, starting, or restarting VMware vCenter Server 6.0 services (2109881).

If the user account you stated is used to install the vCenter server itself, you probably have to update credentials for individual vCenter services account (from services.msc) on vCenter server. Verify the same for SQL as well. Hope this helps! Please write back in case of any query.

All the best! Smiley Happy

Best Regards,

Hari.

MrStayPuft
Contributor
Contributor

Hi Hari,

Thank you for taking the time to reply.

You have quoted the KB I am unclear about, those instructions appear to relate to what to do when the Data Source is set to use SQL authentication rather than Windows Authentication - i.e. when you run vpxd -p  it simply updates value 3 in that registry key which I am thinking is not required when using Windows Authentication?

I can see the AD account that runs the vCenter service showing database activity so I believe all I need to do when changing the password for that account is update the logon setting on the vCenter service and restart or does it still need that second password entry in the registry? given that it is blank currently then I think not but is anybody able to confirm?

ta

0 Kudos
Nithy07cs055
Hot Shot
Hot Shot

Yes you are correct ,

but i would suggest to Stop the services first before doing the activity ,  it can take the old password in some times and leads to account lock out

2. once the password is updated , make sure the Logon account is updated( is the current services running on local account or the specified user account ?)

if it is running using the specified account , you need to updated and restart the services ,

3. make sure the services are running fine and observe for a while, the user account should not get locked out .

Let me know , if you have any other questions

Thanks and Regards, Nithyanathan R Please follow my page and Blog for more updates. Blog : https://communities.vmware.com/blogs/Nithyanathan Twitter @Nithy55 Facebook Vmware page : https://www.facebook.com/Virtualizationworld
haripadmam
Hot Shot
Hot Shot

Sorry i missed that... Yes, you are right. You can go ahead and update logon settings of vCenter services. Before you do so, please ensure to stop the services as Nithyanathan mentioned.