VMTN

Hi ,

For wider audience here is script

if SSO password ( admini@system-domain ) needs to be reset, please execute below query on RSA database:

UPDATE

[dbo].[IMS_PRINCIPAL]

SET

[PASSWORD] = '{SSHA256}KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA=='

WHERE

LOGINUID = 'admin'

AND

PRINCIPAL_IS_DESCRIPTION = 'Admin';

This will reset the password to "VMware1234!", after which you login and change the password as needed.

Note: Take backup of RSA database before executing this

Regards

Mohammed

Thank you!

Thank you!!!  worked like a charm!!!!!

Sorry for the late reply... But you're welcome

Does this hash update for the SQL Database modify the the Admin@System-Domain password or does it also change the Master password as well?

I ask because I am recently hired at this company and given an environment with no documentation. I was originally unable to install the web client until I ran this hash query in my database. I was then able to install the Web Client, log into the web client and also change my password for the admin@system-domain account.

However, I'm trying to update my current environment from 5.1 to 5.1u1 and when I run the installer to update SSO, it tells me I have the wrong password. I know the Admin Password is correct as I can log into the Web Client with it. However the installation fails with the wrong password dialog box. If I try to run the "rsautil reset-admin-password" and use my admin password, it tells me that I have the wrong password. So my guess is that this only changes the admin password and not the master.

If my guess is correct and this has only updates the admin and not the master, it seems extremely silly to me that the only way to reset the master password is to uninstall SSO and reinstall it from scratch.

Or is there something else going on in my environment?

Is my only choice to reinstall SSO?

This hash and the procedure resets your master password ... So maybe something else is going on?

Read the post earlier in this thread by memaad.... He outlines a process to reset it in the DB.

Hi,

Above mention hash in my post will reset the password only for admin@system-domain. Once you know this password then you can reset the master password.

Regards

MOhammed

Could you let me know what the directory and files are that I need to have a look at for this please. One of my engineers set this up and has since left the company. So I have no way of getting the system-domain password. I would IM you, but do not have any points......

Thanks

Worked for me!

Sehr geehrte Damen und Herren,

vielen Dank für Ihre Nachricht. Ich bin ab dem 19.08.2013 wieder im Büro für Sie zu erreichen. Wenn Ihr Anliegen eine kurzfristige Bearbeitung erfordert, sind Ihnen meine Kollegen/Kolleginnen vom Service & Support Team gerne behilflich: (Mail: support@acs-europe.de<mailto:support@acs-europe.de> und Tel.: +49 341 355913 20).

Vielen Dank für Ihr Verständnis.

Mit freundlichen Grüßen / Best regards

Maik Schoepe

Teamleiter IT Infrastructure / Field Service

ACS Solutions GmbH

Maximilianallee 2

04129 Leipzig

Phone: +49 341 355913 23

Fax: +49 341 355913 11

www.acs-europe.de

cid:image5ef047.JPG@b7299378.4aab20c8

Amtsgericht Leipzig: HRB21111

USt-IdNr: DE814217083

Geschäftsführung: Thomas Lindner

Hi,

How do I reset the master password after I've a working password for the admin@system-domain? I found this http://vcdxorbust.com/2013/05/30/vcentre-5-1-sso-changing-the-master-password-the-right-way-and-the-wrong-way/ but it warns that it will break my SSO setup.

@hedman

Quote from Charles Gillanders: The only way that actually works is to change the master password using the current master password. Trying to change it using the current admin user doesn’t work and will break your SSO installation.

The only working unsupported way is from my colleague: http://www.die-schubis.de/doku.php?id=vmware:vsphere

I did that and it only changed my admin@system-domain password, if I try to change the master password after the hash trick it gives me: "Error: Invalid password, failed to decrypt system key Root cause: javax.crypto.BadPaddingException: Given final block not properly padded" after rsautil manage-secrets -a change command. Same thing if I try to update vcenter to latest and it asks for master password. I guess I have the same problem as pktmobrien

I wanted to do the right thing and post how I solved my error/problem. Be warned, it is not pretty and you need to understand that it is absolutely necessary that you backup your vsphere server before doing this procedure. This procedure was issued to me from VMware Tech Support as my only option.

To recap on what happened in my scenario. I was a new hire and given a current installation of VMware Vsphere 5.1. I had no documentation but I was given the default Admin Passwords that were used in most instances in the network. After many unsuccessful attempts to upgrade from SSO 5.1 to 5.1u1 because of an invalid password during upgrade, I went to the forums and VMware Tech Support. The method suggested to fix this was to do a database query on the SQL instance using the supplied hash which would restore the MASTER and ADMIN@SYSTEM-DOMAIN password to the given value for the hash.

This did work, PARTIALLY. I say this in that I was able to finally login into the VMware Vsphere webportal and client using my admin@system-domain account using the new HASHED password. However, the problem that was still present was that I still could not upgrade SSO 5.1 to 5.1u1 because of a bad password. So...wait for it...... Corrupt RSA database!!! The confusing part is that everything still functions perfectly. I can use my admin@system-domain password to navigate my VMware environment, but I was unable to upgrade certain instances of VMware because of this issue.

I'M GOING TO BE VERY CLEAR ABOUT THIS! WHAT I'M PROVIDING YOU IS NOT INSTRUCTIONS ON HOW TO FIX THIS, BUT RATHER A CHECKLIST TO FOLLOW. I am NOT RESPONSIBLE if you bring down your production servers for not researching this before you attempt this or contacting VMware tech support. I spent an entire week reading and re-reading the procedures before attempting this.

MY VMware environment was in production and unaffected during this procedure. I also have VSA (Virtual Storage Appliance) and it was also unaffected.

Checklist that worked for me.

1. Read all of these steps!
2. Don't Forget to do Steps 15 and 16.
3. Download the Instructions for installing VMware VSphere and read specifically page 223 http://pubs.vmware.com/vsphere-51/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-511-installation-setup-guide.pdf
4. WATCH this YouTube video form start to finish before even starting. VMware vSphere 5.1 vCenter Upgrade Part 1. Single Sign On Installation - YouTube
5. WHAT EVER YOU DO, DO NOT install a newer version of SSO during this procedure. I did this and had to revert back to my SNAPSHOT and try again. Again, had I not backed up, I would have been in trouble. Be sure to install the same version of SSO that you are removing. So be sure to reinstall the version you uninstalled and THEN Upgrade SSO to a newer version. I say this because I believe I still had some certificate errors for the web portal after step 16 that were simply fixed when I upgraded SSO to 5.1u1.
6. Backup your VCenter Server.
7. Then Backup your VCenter Server and TEST YOUR BACKUP. A backup is only good if you can restore from it.
8. Then, Take a SNAPSHOT of your VCenter Server if it is virtualized.
9. Then backup your RSA DB instance in SQL. And don't be doofus and backup your RSA DB to your local C drive of your VCenter Server. If you have to start over, you lost it. Backup to networked drive or external storage.
10. Then take a Screen Shot of LocalHost\SQL Instance\Security\Logins\Table  (The Idea is to capture all of your security accounts because once you proceed ahead, you might have to add some back after this procedure.)
11. DrumROLL
12. Uninstall SSO. (You will receive an error because you do not have the MASTER password to uninstall this instance. This error simply tells you that the database will still exist but SSO will be un-installed.
13. Delete the RSA database from SQL.
14. Follow the YouTube Video for the procedure to configure the RSA database and install SSO.
15. Open CMD as ADMINISTRATOR. Just opening CMD will NOT work. You have to right click on CMD and "Run as Administrator".
16. Follow all of these procedures. http://kb.vmware.com/kb/2033620
17. Upgrade your SSO Instance.

Good Luck!