VMware Cloud Community
jmoras
Contributor
Contributor
Jump to solution

A general system error occurred: Failed to login with vim administrator password Failed to configure the VIM account on the host

Hi community.

History : I was called in to look at vSphere configuration for a client. When I started looking I noticed multiple issues in the environment by the person who set it up originally. I have been noting but have done nothing to correct these until...

One issue I have seen is the vSphere server does not apper to be communicating properly to the ESX 3.5 servers. The error message is similar to a post in this forum ( http://communities.vmware.com/message/1450789?tstart=0) however the same method of solution did not work.

Currently I have two ESX hosts connected to one vSphere console. The Console shows both hosts disconnected and the error points to issues with the VPXUSER account. I found

I looked and found multiple articles with similar issues so I chose a course of action

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100713...

http://communities.vmware.com/message/1168241

As a note also -connections from vSphere client toESX hosts directly works just fine - show no issues, and all looks very good.

So - my first actions were to disconnect and reconnect one of the hosts. This failed with the error "A general system error occurred: Failed to login with vim administrator password Failed to configure the VIM account on the host". After this I followed the process of removing the VPXUSER, restarted the agents and reconnect on the vSphere server - to the same result. I then removed the ESX host, removed the VPXUSER, restarted the agents and added the ESX host back again - but no change - the exact same error message. I do see the VPXUSER ID being recreated by this process - so I assume vSphere and ESX should know about the ID and password.

Nothing shows in /var/log/messages for this - but one of the above articles explains this as a result of use of PAM modules.

Just for fun I also tried using the ROOT password and reallowing ROOT to login via SSH - but I had the same failures. I also tried elevating privleges of the VPXUSER ID but - same issues.

So - here goes - any thoughts? I can give other details or screen caputres

0 Kudos
1 Solution

Accepted Solutions
kjb007
Immortal
Immortal
Jump to solution

ESX3:

#%PAM-1.0

  1. Autogenerated by esxcfg-auth

account required /lib/security/$ISA/pam_unix.so

auth required /lib/security/$ISA/pam_env.so

auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok

auth required /lib/security/$ISA/pam_deny.so

password required /lib/security/$ISA/pam_cracklib.so retry=3

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow

password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so

session required /lib/security/$ISA/pam_unix.so

ESX4

#%PAM-1.0

account required pam_per_user.so /etc/pam.d/login.map

auth required pam_per_user.so /etc/pam.d/login.map

password required pam_per_user.so /etc/pam.d/login.map

session required pam_per_user.so /etc/pam.d/login.map

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB

View solution in original post

0 Kudos
6 Replies
kjb007
Immortal
Immortal
Jump to solution

First, the thread is in the ESXi forum, are you using ESXi or ESX?

To begin, make sure your time matches on the ESX host and vCenter, make sure name resolution is correct. Then, check the /etc/pam.d/system-auth file and see if you have references to krb5 or some other module being used above pam_unix.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
jmoras
Contributor
Contributor
Jump to solution

Bad on me - this is ESX - I posted to the wrong forum.

Which section of the system-auth file? Auth, account, session, password, or all? And can you paste a copy of a generic/working one so that we can validate without having to reinstall?

I did just notice DNS issues so I will try to get resolved. I do not think that is the issue.

FYI

Thie hostd.log for vmware is thowring errors thta make me wonder about the SSL Cert which I am looking at as well. The errors here

Errors are

Event 17 : User jmoras logged out

Event 18 : Failed login attempt for vpxuser@127.0.0.1

Activation : Invoke done on

Throw vim.fault.InvalidLogin

Result:

(vim.fault.InvalidLogin) {

dynamicType = <unset>,

msg = ""

}

Activation : Invoke done on

Throw vim.fault.NotAuthenticated

Result:

(vim.fault.NotAuthenticated) {

dynamicType = <unset>,

object = 'vim.SessionManager:ha-sessionmgr',

privilegeId = "System.View",

msg = ""

}

0 Kudos
kjb007
Immortal
Immortal
Jump to solution

ESX3:

#%PAM-1.0

  1. Autogenerated by esxcfg-auth

account required /lib/security/$ISA/pam_unix.so

auth required /lib/security/$ISA/pam_env.so

auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok

auth required /lib/security/$ISA/pam_deny.so

password required /lib/security/$ISA/pam_cracklib.so retry=3

password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow

password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so

session required /lib/security/$ISA/pam_unix.so

ESX4

#%PAM-1.0

account required pam_per_user.so /etc/pam.d/login.map

auth required pam_per_user.so /etc/pam.d/login.map

password required pam_per_user.so /etc/pam.d/login.map

session required pam_per_user.so /etc/pam.d/login.map

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
jbrown
Contributor
Contributor
Jump to solution

This sorted the issue out for me.

Restart these two services below then try reconnecting with vCenter.

service vmware-vpxa restart

service mgmt-vmware restart

vCenter connected and then automatically updated the agent on the ESX host.

0 Kudos
oosts
Contributor
Contributor
Jump to solution

I had a similar issue with a vSphere 4 ESX but none of the proposed solutions woked for me.

For me the solution was to uninstall the vpxa rpm agent after removing the ESX from the Virtual Center

rpm -qa | grep vpxa

rpm -e VMware-vpxa-...

Then, everything goes right when I tried to add the ESX back to the Virtual Center.

Hope this help...

Seb.

0 Kudos
jmoras
Contributor
Contributor
Jump to solution

My issues were fixed

Removed vpxuser

fixed issue in /etc/pam.d/system-auth file ( my security team added some lines - this was a shell line )

reconnected fine after that.

0 Kudos