Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

Most recent forum messages

older | 1 | .... | 9 | 10 | (Page 11) | 12 | 13 | 14 | newer

    0 0

    I'm not sure why you feel that way, Josh26. If anybody finds something they feel is a security vulnerability that hasn't been addressed by a previous VMSA/patch we'd appreciate that you immediately contact security@vmware.com and provide as much detail as possible regarding what you've found (http://www.vmware.com/support/policies/security_response.html). We actively investigate all reports.

     

    In this case, while the password is stored in plaintext (and actually can not be stored as a hash due to how it's later used), the file itself has strong protections based on file system ownership and permissions restricting access to Adminstrator.


    0 0

    Thanks All


    0 0

      Did you ever get an answer to this, i have the same problem and am in dire need of help recovering the admin@system-domain password; re-install is not an option at this point.   Please help me out, i can't see the plain text location in the post below.


    0 0

    For 2008 R2, you can check the following location and see if the password listed here jarrs your memory:

    "C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties"

    Note:  Afterall, I think the above is just the sso db pw but if you set everything the same it could be an instant win.

     

    If this was an upgrade to 5.1 and now you can't login, you may consider reviewing the list of valid admins from "vc_admin_users_groups.txt" (if based on your scenario one populated for you).  It would be in the temp directory of the person performing the upgrade (i.e. Start > Run > %tmp%).

     

    Folder Location:

    C:\Users\<xyzuser>\AppData\Local\Temp

     

    valid admin list:
    vc_admin_users_groups.txt

     

    Admins that were removed:

    deleted_vc_users.txt

     

    Once you get an ID that you can login into the vSphere C#lient with, go to the permissions tab of the root datacenter for example, and add the appropriate groups that SSO took out (i.e. your server team or whatever).  Then login to the web client / sso related stuff.

     

     


    0 0

    Hello!

     

    Is there by now any possibility to reset the SSO master password?

    I'd like to install the vSphere Webclient but can't remember the password for admin@System-Domain.

    The password I was sure I used during the upgrade from vSphere 5.0 to 5.1 doesn't match.

    Maybe I accidentally keyed in a wrong character when I first set the master password, I don't know.

    I tried already possible variations without success.

    Please help!


    0 0

    Hello sysmgmt.  Welcome to the communities.  Unfortunately the fix is still the same.  The Supported method is reinstall SSO.  Unsupported fix (confirmed to work) is to stand up a temp SSO db and copy the hash to your prod db.  The link is listed earlier in the thread.


    0 0

    Hi grasshopper!

     

    Thank you for the very quick reply and the hint with the unsupportetd fix.

    I'll maybe try this way first before reinstalling SSO.


    0 0

    One of the advantages of communities is rapid discovery of exploits and their correction.

     

    Storing passwords in plain text has been a bad idea since forever....

     

    The fact that SSO does this practically means that ESXi Management Network, vCenter and SSO would need to be on an "air gap" network to be truly secure. After all, if I could exploit the SSO server filesystem; I could acquire the keys to the kingdom!


    0 0

    Please go through Installation of vCenter Single Sign On high availability or recovery node fails if Master Password and Administrator password are different in the vCenter server 51 release note https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-51-release-notes.html


    0 0

    Hi sysmgt,

     

    I'm not sure if you were able to try the DB Hash fix that grasshopper mentioned but it appears to have worked for me. I was able to get on and install the web client server that we never got around to installing. So far, so good.

     

    Thanks to all who posted!


    0 0

    Hello mryellow!

     

    Yesterday I tried the the unsupported fix which grasshopper suggested and it worked for me too.

    After I've replaced the hash string and restarted vCenter Server, the installation of vSphere Webclient with the new set password finally succeeded.


    To all a big thanks, especially to grasshopper...

     



    0 0

    Hello all!

     

    If in any case anyone is still wondering how to reset the admin@SystemDomain password for SSO, i found this:

     

    http://vpowered.blogspot.mx/2012/09/unlocking-and-resetting-vcenter-sso.html

     

    It worked for me, wish you the best!


    0 0

    Thanks for sharing.  Keep in mind that to use that reset util requires that you already know the admin@system-domain password.  If you know it, then you can reset it easily.  That process is well documented in the official VMware KB.  Most folks here simply don't know the original password so cannot reset it like that.

     

    As such, the only real fix thus far has been performing the DB hash technique. 

     

    The original article discussing this is in german and is located at:
    http://www.die-schubis.de/doku.php?id=vmware:vsphere&&_sm_au_=iVVqjkrsQ0sLqFW6

     

    The Google Translate version (German to English) of the original article:
    http://translate.google.ie/translate?sl=de&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.die-schubis.de%2Fdoku.php%3Fid%3Dvmware%3Avsphere%26%26_sm_au_%3DiVVqjkrsQ0sLqFW6&act=url

     

    Unrelated Note:  Please be advised that my original concern from earlier in the thread about the admin@system-domain password being in plain text was incorrect.  I think the only plain text password stored is that of the RSA_User which does not help in recovery unless all passwords were set exactly the same at install time.  The location of that plain text password  (which was originally "intentionally deleted" by me) is "C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties".  Again, this likely won't help anyone who has forgotten the admin@system-domain password, and the fix is still to perform the DB hash technique noted from the shubis blog in germany.


    0 0

    hey so I think i know my admin master password because when it asks me for it it gets me to the point to ask me for the administrators name, is this suppose to be admin@System-Domain or admin@system-down or just admin?

     

    When i type in just admin or admin@System-Domain it asks me to enter new administrators password and verify. i do that but then i get the ERROR: Failed to decrypt field com.rsa.db.user

     

    what the heck?

     

    also i dont remember setting too many different passwords while installing the SSO. if it lets me get past to the point of asking me the admin account with the passwrod im typing in, why cant i continue the web client install with that same password?

     

    thanks in advance


    0 0

    admin@system-domain is the one you will need for the web client install.  Are you able to login with that?  In general, once you can login with admin@system-domain then you can create/manage those other IDs.  First step though will be getting the web client installed.  Also ensure you right click and run as administrator when doing the install of course.


    0 0

    no i cannot. i get invalid credentials in that log file.

    so from this post i read the only way to reset the pw for the admin@system-domain is to use the rsautil reset-admin-password command.

    but you need to know the master password, which i must know because the only password i remember configuring during the SSO install is the one im typing in when prompted for master password.

    but then i get that error of faield to decrypt field com.rsa.db.user


    0 0

    oldschoola41 wrote:

    no i cannot. i get invalid credentials in that log file.

     

    Understood.  Then you're in the right place (i.e. don't know the admin@system-domain password).  That is the subject of this thread and the fixes are noted above (i.e. db hash technique).  I can't tell you why the other ID throws that interesting error but you should probably get the admin@system-domain going first so you can make  progress on your web client install.


    0 0

    trying the db hash technique now.

    the pssword that im looking for is the only password that this SSO install asks you for right? the admin@system-domain ?

    so i dont know where this "master password" comes from


    0 0

    That's correct.  If SSO is already installed successfully then the only password you need is admin@system-domain, which will become a new "known" password upon completion of the db hash technique.  To answer the other question, in addition to allowing you to set a password for admin@system-domain, SSO also prompts you at install time (this is already done in your case) to enter passwords for the database users as well (i.e. RSA_USER and RSA_DBA) but those you do not need to know for your immediate objective.  To complete the webclient install in your case you just need the password for admin@system-domain.


    0 0

    what un/pw do i use to connect the sql mgmt studio to the dummy and prod dbs?


older | 1 | .... | 9 | 10 | (Page 11) | 12 | 13 | 14 | newer