Reset or Unlock vRA 7.x Appliance root user

 

Reset or Unlock vRA 7.x Appliance root user


"Unable to authenticate user (invalid credentials or Account locked). Please try again"





See procedure below for resetting password or unlocking vRA 7.x appliance root user account. Because every now and then it happens....


Procedure



* Note the steps below require downtime, as always best practise dictates you first snapshot before any config changes *


Below are the steps to reset vRA appliance root password.

1. Connect to vSphere Client and open the vRA/vRB virtual machine console.
2. Go to VM > Power > Restart Guest to restart the appliance.
3. Wait for the appliance to boot. - You need to be QUICK in step 4 if you miss it boot again !   
4. Press e when you see the Grub Menu appearing on the screen.



5. Press e again. The output will be similar to:



6. Go down until you see a line beginning with linux /vmlinuz. (highlighted above)
7. Press "e" one last time to edit the end of this line, add the command: init=/bin/sh
    Line should look like:



8. Then press enter , it will take back to kernel screen, then Press "b" to boot.
9. Once it boots type the passwd command to reset the root password.

passwd root




  • If only looking to unlock the root account, run below command to check current status:
    pam_tally2 -u root
  • If locked you can unlock with:
    pam_tally2 -u root --reset
  •  In case of any read only filesystem errors run command:
    mount / -o remount,rw



10. After a reboot, you should be able to access the VAMI interface with the new password you just set or previous password which was temporarily locked.




The root user password expiry can be checked in the vami interface under Admin > Admin

 



As you can see above in this particular lab envrionment root user has quite a generous password expiry timeframe. To view or change the expiry you can ssh to vRA appliance and run the chage command:

  • To list current expiry run:
    chage -l root
  • To extend the expiry run(-M = Maximum number of days before password expiry ):
    chage -M 99999 root





These steps are also covered in VMware KB article 2150647. Any questions drop a comment below.

Comments

Post a Comment

Popular posts from this blog

vRealize Automation appliance services not registering

Image
Note this article covers only vRA 7.x, for vRA 8.x be sure to check out vRA 8 related articles: vRA 8.x basics vRA 8.x health check failing vRA 8.x Tutorial A common issue can be vRealize Automation appliance services not registering. This issue is typically noticed after a reboot or unplanned service outtage. The following article is intended to provide a walkthrough of troubleshooting such a scenario. Unfortunately the vRA catalina.out logfile located under /var/log/vmware/vcac can be quite cryptic in these scenario's and often just reports generic http response response codes. The service registry can be checked under the vami interface in vRA Settings -> Services tab and also via the component registry URL: https://vRAappliance/component-registry/ services / status / current Based on my experience the main offenders for vRA appliance service registry issues are as follows: Disk space. RabbitMQ  - internal messaging broker service leveraged by vRA. vIDM...
Read more

IaaS service not registering

Image
IaaS refers to the collection components installed on the Windows servers in a vRealize Automation environment. This article will focus specifically on the troubleshooting methodology applied when this IaaS service is not registering on the vRA appliances, I intend to create a separate post at a later date to focus solely on the purpose of each individual IaaS component. See vRA Management agents explained article for further explanation specifically for IaaS Management Agent components. The Problem The IaaS service registry status can be viewed in the Services tab of the VAMI interface or at the vRA appliance component service registry health check URL. https://vRA:5480 https://vRA/ component-registry/services/status/ current   Typically, IaaS service registry issues will be noticed here first. Other common symptoms of IaaS service registry issues include problems accessing the Infrastructure tab or general provisioning/data collection failures. ...
Read more

vRA 7.x Certificate Replacement Process

Image
  vRA 7.x Certificate Replacement Process Certificate for component "website" on node "<node name>" will expire on <date> Certificate for component "ManagerService" on node "<node name>" will expire on <date> Seeing the above message in your vRA vami interface, that means its time to replace your vRA ssl certificates. This post will cover the vRA 7.x cert replacement process. Certificate Management in vRA 7.x has been simplified and is all performed from the Certificates tab of the VAMI interface: https:<vRAFQDN>:5480 -> vRA -> Certificates A distributed vRA will have three main certificate components: vRA cert itself IaaS web certificate IaaS manager certificate !! In a simple install with a single IaaS web server the Manager and Web component will share the same certificate!! You have two options when choosing a certificate: Self-signed certificate generated by vRA itself Certificate Authority Signed certif...
Read more