snmcc
Contributor
Contributor

Change default password length from shell (vmdird error 49)

I recently tried upgrading vCenter server from 6.7u3i to 6.7u3m and it failed, this in itself doesn't surprise me as I've seen this so many times.

I rolled the snapshot back but my previous image now appeared out of sync and I was getting "Error 87" in /var/log/vmware/vmdird/vmdird-syslog.log , FYI "Error 87" is because the password string is too long, so I used /opt/likewise/bin/lwregshell to reset the password using

cd HKEY_THIS_MACHINE\services\vmdir\
set_value dcAccountPassword "shortpassword"

 I then restarted vmdird which gets rid of the "Error 87" and I now get "Error 49" which is a password mismatch, understandable so I then use

/usr/lib/vmware-vmdir/bin/vdcadmintool
3
Please enter account UPN : hostname.domain@domain.local

This should only produce a 20 character password but due to our password policy we have a minimum of 50 so the passwords I am getting are then too long again.

I have tried other methods of resetting the password including, 

./dir-cli password reset --account hostname.domain@domain.local --login administrator

but I get an error 1326 from that, which I presume is something to do with vmdird not running correctly.

I've also tried with 

./dir-cli computer password-reset

but that just produces a 50 character password as well.

I need to find out how I can change the default password length or maximum length back to 20 to get around this issue.

Any help would be greatly appreciated. 

0 Kudos
2 Replies
sraghavendrar
VMware Employee
VMware Employee

Hi,

If you are able to get the vmdir service up, post running 

/usr/lib/vmware-vmdir/bin/vdcadmintool
3
Please enter account UPN : hostname.domain@domain.local

you can use powercli scripts to change the max sso password length https://www.virtuallyghetto.com/2020/10/powercli-module-for-managing-vcenter-single-sign-on-sso.html . Do give it a try.

 

0 Kudos
snmcc
Contributor
Contributor

Thanks for your response. I tried this on your suggestion but sadly it won't allow me to connect even with vmdir started.

0 Kudos