Hi
I forgot vCenter appliance root password. To reset it, I did the steps mentioned in this article
but unfortunately I can't login with the new password! In vCenter appliance console, I receive the following message "Authentication failed. Invalid login or password."
Can anyone help me solve this problem ?
Hey Nacho
Thanks for your tips, my first problem was that root password had expired and after I changed the expiration date with chage command, I still could not login to vCenter Appliance console, then I found out that failed logins count was much more than normal, then I realized SSH was enabled and it was under attacks and Photon OS locked root user after 3 times unsuccessful login for several minutes . but after I put it behind the firewall, my problem was solved.
Of course, Andre's tips were also useful.
Just a quick question. When you say that you cannot login to the "vCenter appliance console", are you referring to the web login on port 5480, or the native console (CLI) itself?
If you are able to login to the CLI, check whether the applmgmt service is up and running (service-control --status), and try to start it if it is not running (service-control --start applmgmt) . There's a known issue with this, see https://kb.vmware.com/s/article/68149.
Other than this try to reset the root password again using a less complex password, e.g. "VMware!1" to avoid possible issues with certain special characters.
André
I can't login on native CLI. I reset the root password using a complex password but I still can not login.
Is it the same on the console (Alt-F1)?
André
Unfortunately yes.
That seems to be another issue with the failed logins.
Do you run any monitoring tools, or penetration tests which try to connect to the vCSA?
After many login attempts (3 by default), login is disabled for several minutes.
André
Yes I do, I'm using Zabbix monitoring and I have disabled it.
I tried to unlock root account with these commands => pam_tally --user root --reset or faillog -u root -r but the problem still exists.
What do I have to do ?
What you may consider is to - temporarily until you find out who's causing the issue - change the lockout settings for the root account.
See e.g. https://www.ferroquesystems.com/resource/howto-reset-vcenter-7-vcsa-password-unlock-account/
I don't have access to a vCSA, but something like
grep failure /var/log/auth.log
may help identifying the source for the failed logins
André
Hi André, Thanks for your tips. I realized SSH was enabled on VCSA and it was under unsuccessful attacks and the user account was locked after certain number of failed SSH login attempts. after I disabled it my problem was solved.
Hey, hope you are doing fine:
I think you have an expired root password:
Let's try this:
1. run any of this KB's
https://kb.vmware.com/s/article/2147144
https://www.altaro.com/vmware/reset-root-password-vcsa-6-x/
https://nolabnoparty.com/en/reset-vcsa-root-password/
2. before running passwd run
chage --list root
you will see the expiration date for root password
if the password is expired, proceed with
chage -m 0 -M 99999 -I -1 -E -1 root
This way you will set it to never expire (it can be changed later)
3. Proceed with
passwd root and change password
let me know if that works
Warm regards
Hey Nacho
Thanks for your tips, my first problem was that root password had expired and after I changed the expiration date with chage command, I still could not login to vCenter Appliance console, then I found out that failed logins count was much more than normal, then I realized SSH was enabled and it was under attacks and Photon OS locked root user after 3 times unsuccessful login for several minutes . but after I put it behind the firewall, my problem was solved.
Of course, Andre's tips were also useful.