jobl
Enthusiast
Enthusiast

Change password of local vra user

Is it somehow possible to change the password of a local vra user (vsphere.local?)

VCI, VCAP-DCA,VCAP-DCD,VCP-NV and so on πŸ™‚ www.rtsab.com
15 Replies
GrantOrchardVMw
Commander
Commander

Yes, via the API. I'm not in a position to get to my lab at the moment to grab the URI on body. Will add it for you shortly.

Grant

Grant http://grantorchard.com
jmedd
Enthusiast
Enthusiast

URL is "/identity/api/tenants/{TenantId}/principals/{PrincipalId}"

You can do it easily with the latest release of PowervRA since we have added a Set-vRAUserPrincipal function GitHub - jakkulabs/PowervRA: vRealize Automation PowerShell Toolkit

e.g.:

Set-vRAUserPrincipal -Id user@vsphere.local -Password s3cur3p@ss!

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
fifthman_roshan
Enthusiast
Enthusiast

Hi.. did anyone find answer for this..

am unable to get to the URL mentioned... "/identity/api/tenants/{TenantId}/principals/{PrincipalId}"

It says .. 404-Authentication Required.

Is there any other way to access default workflow...?

I need to change password for configurationadmin@vsphere.local.

0 Kudos
jmedd
Enthusiast
Enthusiast

Before using the URL to change the password you'll need to generate an authentication token to use with the REST request, its detailed here on how to generate one: vRealize Automation 7.0

Or you could just use PowervRA to do it, where we handle that hassle for you πŸ˜‰

Craig did a write up of it here: https://www.helloitscraig.co.uk/2016/07/managing-local-users-powervra.html

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
RanjnaAggarwal
VMware Employee
VMware Employee

i tried same command that is mentioned here but i am getting vra api version error:-

error password reset.png

How can i resolve this?

Regards, Ranjna Aggarwal
0 Kudos
jmedd
Enthusiast
Enthusiast

What version of vRA are you running it against?

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
0 Kudos
RanjnaAggarwal
VMware Employee
VMware Employee

vRA 7.0

Regards, Ranjna Aggarwal
0 Kudos
jmedd
Enthusiast
Enthusiast

hmm...we've tested this in our own systems against 7.0 and 7.0.1. Just tried the following in my 7.0 system and works fine:

Set-vRAUserPrincipal -Id configurationadmin@vsphere.local -Password xxxxxxxx

What do you get as an output for $vRAConnection?  Mine is below, should show an APIversion of 7.0

Server             : https://vraap02.vrademo.local

Token              : MTQ3MzQxMDgyNjgxODo3NGY5NTdhNjE2YWM2ODAxNTJkZDp0ZW5hbnQ6dnNwaGVyZS5sb2NhbHVzZXJuYW1lOmFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbGV4cGlyYXRpb246MTQ3MzQzOTYyNjAwMDpmMjQ0ZWZk

                     YTJkNmE2MjQwODg3MTkyNTc5YjY1YTM2MjJjNzA1MGNkN2FkMGRlZjRhODFjZjY0OTNhZGQyZGJmNjg4YTZmYTEyY2U0OWYzODIxZjYxZDdmYWEyNGYzZGZiYzQ0NGI3ZGFjNzU1MmYyMTYyZDc1YWJjZTBiMjZjZA==

Tenant             : vsphere.local

Username           : administrator@vsphere.local

APIVersion         : 7.0

SignedCertificates : False

There is a test at the beginning of the Set-vRAUserPrincipal function to test for the API version and will throw an error if less than 7.

        # --- Test for vRA API version

        if ($Global:vRAConnection.APIVersion -lt 7){

            throw "$($MyInvocation.MyCommand) is not supported with vRA API version $($Global:vRAConnection.APIVersion)"

        } 

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
0 Kudos
RanjnaAggarwal
VMware Employee
VMware Employee

where should i run this $vRAConnection?

Regards, Ranjna Aggarwal
0 Kudos
jmedd
Enthusiast
Enthusiast

It gets created when you make the connection to the vRA Appliance via Connect-vRAServer. You have done that right? If not, it needs to be run before you can use any of the PowervRA functions.

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
0 Kudos
RanjnaAggarwal
VMware Employee
VMware Employee

Now i have executed this against my vra appliance as server name but i am still getting error stating this resource not found however this user account was created as the part of the installation:-

passwordreseterror.png

Regards, Ranjna Aggarwal
0 Kudos
jmedd
Enthusiast
Enthusiast

OK, it is saying that the account configurationadmin@vsphere.local does not exist. What Tenant did you connect to with Connect-vRAServer? It should have been vsphere.local to be able to work with that account I believe.

Get-vRAUserPrincipal will also show you which accounts are available for manipulation based on the connection you made.

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
0 Kudos
RanjnaAggarwal
VMware Employee
VMware Employee

Get-vRAUserPrincipal shows nothing. But how come it is possible we provided the configurationadmin details while installing IaaS. it's fresh installation and we have default tenant only. Is it a bug in vra product that configurationadmin account doesn't gets created although password is configured for this account during installation as i faced this issue in many deployments but not in all?

Regards, Ranjna Aggarwal
0 Kudos
jmedd
Enthusiast
Enthusiast

Haven't seen that issue. Might be worth creating a fresh post in the community with that specific issue, or talking to VMware support.

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
0 Kudos
azizurrehman975
Contributor
Contributor

If you don't configure the configurationadmin at the last step during the installation of vRA using wizard, this user doesn't get created. The command works well for the local users.

0 Kudos