mhauck
Contributor
Contributor

Delete Scheduled Report

I have been looking for a bad login issue for a while now and think I have traced it back to a vCOPs weekly report.

Basically, we use Veeam ONE and it alerts every Monday at 8:00 AM about a bad login attempt. It reports the bad login as coming from our vCOPs UI VM.

Based on the schedule I assumed it was a scheduled task of some sort. I ended up searching the ciq.log for the bad login account and found it;

[pool-3-thread-1] INFO  com.vmware.cm.reportschedule.manager.impl.ReportScheduledExecutionManagerImpl  2013-07-22 08:00:00,295-0400 - Submitted scheduled report.

  reportScheduleId: 1

  reportId: 41

  inventoryObjectReference: IOR - uid = 0 aliveId = 8 moid = group-d0 type = WORLD

  reportSettingId: 7

  userIdentity: UserIdentity [username=domain\user]

[pool-2-thread-1] ERROR com.vmware.cm.report.manager.runner.ReportRunner  2013-07-22 08:00:07,619-0400 - run: ReportRunInfo [inventoryObjectReference=IOR - uid = 0 aliveId = 8 moid = group-d0 type = WORLD, reportId=41, reportSettingId=7, userIdentity=UserIdentity [username=domain\user]]

got an exception while generating reports = org.springframework.security.BadCredentialsException: Invalid user: domain\user

exception backtrace = org.springframework.security.BadCredentialsException: Invalid user: domain\user

com.vmware.vcops.api.security.VCOpsSpringAuthenticationProvider.authenticate(VCOpsSpringAuthenticationProvider.java:59)

com.vmware.cm.core.manager.impl.WebSessionImpersonator.createUserSession(WebSessionImpersonator.java:64)

com.vmware.cm.report.manager.runner.ReportRunner.login(ReportRunner.java:284)

com.vmware.cm.report.manager.runner.ReportRunner.initRequestAttributes(ReportRunner.java:247)

com.vmware.cm.report.manager.runner.ReportRunner.run(ReportRunner.java:135)

I also used this website to search for all sched reports;

http://www.jume.nl/entry/vcops-show-all-scheduled-reports

It found one report scheduled with the same user cred.

The problem is I can't seem to find the report when I go into vCOPs. I have also reset the password for the invalid account, logged in with that account and still can't see the report.

How do I find and delete this scheduled report.

BTW, I am running vCOPs 5.6.0

0 Kudos
10 Replies
j_ang
Enthusiast
Enthusiast

Hi,

Based on the logged exceptions, we know:

a. the scheduled report is attached to the World object.

b. the assigned password for the schedule creator's username was no longer valid.

So, you should be able to find the scheduled report under "World" --> "Reports"; and you should be able to delete it there.

To complete the "fix" for (b) i.e. you want to retain this scheduled report, you need to:

i. login as the user who owns the schedule.

ii. navigate to ANY scheduled report that this user owns.

iii. UPDATE the assigned password to the scheduled report. (Which updates the singular password stored for the user for all schedules.)

In other words, updating your password in the user management screens is not sufficient as it does not update the stored password for scheduled reports.

FYI, login credentials are usually encrypted into an irreversible form and stored. For scheduled reports and data collection, credentials are encrypted into a reversible form.

Hope this helps.

James Ang

vCenter Operations R&D

James Ang | VMware Engineering | VMware vCenter Operations | VMware vCenter CapacityIQ | VMware Capacity Planner | VMware vCenter Guided Consolidation
mhauck
Contributor
Contributor

Thank you for the information, but I contacted VMware support and they ended up going into the database table and removing the entry from there.

Prior to clearing the information support was unable to find any trace of the scheduled report in the GUI.

I had previously attempted to login as the user and recreate the same report, but that did not clear the scheduled report.

0 Kudos
j_ang
Enthusiast
Enthusiast

Just for my edification...

RE: "I had previously attempted to login as the user and recreate the same report, but that did not clear the scheduled report."

Did you recreate the report or the schedule (with password)?

Thanks.

James Ang

vCenter Operations R&D

James Ang | VMware Engineering | VMware vCenter Operations | VMware vCenter CapacityIQ | VMware Capacity Planner | VMware vCenter Guided Consolidation
0 Kudos
mhauck
Contributor
Contributor

I logged in with the credentials of the original user and there were no scheduled reports visible.

I then attempted to create a scheduled report as that user.

I then deleted the scheduled report, but the original scheduled report was still listed in the DB.

0 Kudos
j_ang
Enthusiast
Enthusiast

Was the user previously removed and added back?

James Ang

vCenter Operations R&D

James Ang | VMware Engineering | VMware vCenter Operations | VMware vCenter CapacityIQ | VMware Capacity Planner | VMware vCenter Guided Consolidation
0 Kudos
mhauck
Contributor
Contributor

The user account was never removed. The only change was the user account password. Had that not changed we never would have seen the problem.

The real issue was the database didn't cleanup when the scheduled report was removed/deleted.

0 Kudos
j_ang
Enthusiast
Enthusiast

Thanks for the response and feedback. We will investigate further.

James Ang

vCenter Operations R&D

James Ang | VMware Engineering | VMware vCenter Operations | VMware vCenter CapacityIQ | VMware Capacity Planner | VMware vCenter Guided Consolidation
0 Kudos
bouke
Hot Shot
Hot Shot

Cool to see you used my blog post by the way - this keeps me wanna blog and help other people out. Too bad your database is somehow corrupted.

Oh no, another Virtualisation signature...
0 Kudos
mhauck
Contributor
Contributor

Hey, that blog is what gave me proof the issue was a scheduled report / DB issue!

Thank you for putting it out there!

And as far as the health of the DB, all is well since VMware support cleaned out that old bit of data.

0 Kudos
helpdeskdcc
Contributor
Contributor

FYI he's a link to the blog post! VCOPS: Show all scheduled reports

0 Kudos