VMware Cloud Community
beckham007fifa
Expert
Expert
‎09-16-2014 04:19 AM

SSO account query - SSO password forgot, SQL password is unknown

Hi Guys,

How to reset SSO password in Vmware 5.1 is forgotten, also SQL password is not known. Need to get SSO account because that is the only account with SSO privilege. Also, by which ID SSO account is created in Vspehere 5.1 - when checked from web client console (through a account i am not sure whether that has SSO privilege?), I cannot see SSO group under sso ->Administration -> Access...why is that?

Also, how can we say from the roles or account type that this is my sso admin account and we need to reset its password....Many Thanks.

Also, are Administrator and SSO account (admin@system-domain or local.admin) are same or different?

This is my confusion. please help. Many Thanks.

Regards, ABFS
0 Kudos
3 Replies
vmroyale
Immortal
Immortal
‎09-16-2014 05:16 AM

Check out: vDingus - A blog by Bill Gurling: You guys are gonna love this - vCenter 5.1 SSO Password Recovery U...

Brian Atkinson | vExpert | VMTN Moderator | Author of "VCP5-DCV VMware Certified Professional-Data Center Virtualization on vSphere 5.5 Study Guide: VCP-550" | @vmroyale | http://vmroyale.com
0 Kudos
beckham007fifa
Expert
Expert
‎09-16-2014 05:25 AM

Hi, Thanks for sharing this, could you please clear my other queries as well mentioned in the previous message, many Thanks.

Regards, ABFS
0 Kudos
grasshopper
Virtuoso
Virtuoso
‎09-17-2014 01:45 PM

If you don't have the SQL password then the odds are stacked against you for the SQL hack.  You can learn the RSA_User password (stored in plain text at "C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties").  In the rare case that all passwords were set the same you may get lucky and that may be your admin@system-domain and/or RSA_DBA password.  However, you may end up needing to deploy a new SSO and re-point your vCenter to that to resolve your case.

To answer your other questions, you can determine which accounts you have granted admin access to by navigating to "Administration > SSO Users and Groups > Groups > __Administrators__".  Of course that will not help you until you can get into SSO.

As for the other question, the SSO IDs for the various versions are as follows:

ESX(i) 1.x to 5.0 - No SSO

ESXi 5.1 - admin@system-domain

ESXi 5.5 and later - administrator@vsphere.local

0 Kudos