Quantcast
Channel: VMware Communities: Message List - vCenter Single Sign On master password
Viewing all 262 articles
Browse latest View live

Re: vCenter Single Sign On master password

July 1, 2013, 3:33 pm
$
0
0

Does this hash update for the SQL Database modify the the Admin@System-Domain password or does it also change the Master password as well?

 

I ask because I am recently hired at this company and given an environment with no documentation. I was originally unable to install the web client until I ran this hash query in my database. I was then able to install the Web Client, log into the web client and also change my password for the admin@system-domain account.

 

However, I'm trying to update my current environment from 5.1 to 5.1u1 and when I run the installer to update SSO, it tells me I have the wrong password. I know the Admin Password is correct as I can log into the Web Client with it. However the installation fails with the wrong password dialog box. If I try to run the "rsautil reset-admin-password" and use my admin password, it tells me that I have the wrong password. So my guess is that this only changes the admin password and not the master.

 

If my guess is correct and this has only updates the admin and not the master, it seems extremely silly to me that the only way to reset the master password is to uninstall SSO and reinstall it from scratch.

 

Or is there something else going on in my environment?

 

Is my only choice to reinstall SSO?

Search

Re: vCenter Single Sign On master password

July 1, 2013, 10:18 pm
$
0
0

This hash and the procedure resets your master password ... So maybe something else is going on?

Re: vCenter Single Sign On master password

July 3, 2013, 11:04 am
$
0
0

Read the post earlier in this thread by memaad.... He outlines a process to reset it in the DB.

Re: vCenter Single Sign On master password

July 3, 2013, 4:45 pm
$
0
0

Hi,

 

Above mention hash in my post will reset the password only for admin@system-domain. Once you know this password then you can reset the master password.

 

Regards

MOhammed

Re: vCenter Single Sign On master password

July 10, 2013, 10:10 pm
$
0
0

Could you let me know what the directory and files are that I need to have a look at for this please. One of my engineers set this up and has since left the company. So I have no way of getting the system-domain password. I would IM you, but do not have any points......

Thanks

Re: vCenter Single Sign On master password

July 17, 2013, 3:20 pm

Re: vCenter Single Sign On master password

July 17, 2013, 3:23 pm
$
0
0

Sehr geehrte Damen und Herren,

vielen Dank für Ihre Nachricht. Ich bin ab dem 19.08.2013 wieder im Büro für Sie zu erreichen. Wenn Ihr Anliegen eine kurzfristige Bearbeitung erfordert, sind Ihnen meine Kollegen/Kolleginnen vom Service & Support Team gerne behilflich: (Mail: support@acs-europe.de<mailto:support@acs-europe.de> und Tel.: +49 341 355913 20).

 

Vielen Dank für Ihr Verständnis.

 

 

 

 

Mit freundlichen Grüßen / Best regards

 

 

 

Maik Schoepe

 

Teamleiter IT Infrastructure / Field Service

 

 

 

ACS Solutions GmbH

 

Maximilianallee 2

 

04129 Leipzig

 

 

 

Phone: +49 341 355913 23

 

Fax: +49 341 355913 11

 

www.acs-europe.de

cid:image5ef047.JPG@b7299378.4aab20c8

 

Amtsgericht Leipzig: HRB21111

 

USt-IdNr: DE814217083

 

Geschäftsführung: Thomas Lindner

Re: vCenter Single Sign On master password

July 29, 2013, 2:49 am
Search

Re: vCenter Single Sign On master password

August 9, 2013, 12:22 am

Re: vCenter Single Sign On master password

August 9, 2013, 1:07 am
$
0
0

I did that and it only changed my admin@system-domain password, if I try to change the master password after the hash trick it gives me: "Error: Invalid password, failed to decrypt system key Root cause: javax.crypto.BadPaddingException: Given final block not properly padded" after rsautil manage-secrets -a change command. Same thing if I try to update vcenter to latest and it asks for master password. I guess I have the same problem as pktmobrien

Re: vCenter Single Sign On master password

August 9, 2013, 7:10 am
$
0
0

I wanted to do the right thing and post how I solved my error/problem. Be warned, it is not pretty and you need to understand that it is absolutely necessary that you backup your vsphere server before doing this procedure. This procedure was issued to me from VMware Tech Support as my only option.

 

To recap on what happened in my scenario. I was a new hire and given a current installation of VMware Vsphere 5.1. I had no documentation but I was given the default Admin Passwords that were used in most instances in the network. After many unsuccessful attempts to upgrade from SSO 5.1 to 5.1u1 because of an invalid password during upgrade, I went to the forums and VMware Tech Support. The method suggested to fix this was to do a database query on the SQL instance using the supplied hash which would restore the MASTER and ADMIN@SYSTEM-DOMAIN password to the given value for the hash.

 

This did work, PARTIALLY. I say this in that I was able to finally login into the VMware Vsphere webportal and client using my admin@system-domain account using the new HASHED password. However, the problem that was still present was that I still could not upgrade SSO 5.1 to 5.1u1 because of a bad password. So...wait for it...... Corrupt RSA database!!! The confusing part is that everything still functions perfectly. I can use my admin@system-domain password to navigate my VMware environment, but I was unable to upgrade certain instances of VMware because of this issue.

 

I'M GOING TO BE VERY CLEAR ABOUT THIS! WHAT I'M PROVIDING YOU IS NOT INSTRUCTIONS ON HOW TO FIX THIS, BUT RATHER A CHECKLIST TO FOLLOW. I am NOT RESPONSIBLE if you bring down your production servers for not researching this before you attempt this or contacting VMware tech support. I spent an entire week reading and re-reading the procedures before attempting this.

 

MY VMware environment was in production and unaffected during this procedure. I also have VSA (Virtual Storage Appliance) and it was also unaffected.

 

Checklist that worked for me.

  1. Read all of these steps!
  2. Don't Forget to do Steps 15 and 16.
  3. Download the Instructions for installing VMware VSphere and read specifically page 223 http://pubs.vmware.com/vsphere-51/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-511-installation-setup-guide.pdf
  4. WATCH this YouTube video form start to finish before even starting. VMware vSphere 5.1 vCenter Upgrade Part 1. Single Sign On Installation - YouTube
  5. WHAT EVER YOU DO, DO NOT install a newer version of SSO during this procedure. I did this and had to revert back to my SNAPSHOT and try again. Again, had I not backed up, I would have been in trouble. Be sure to install the same version of SSO that you are removing. So be sure to reinstall the version you uninstalled and THEN Upgrade SSO to a newer version. I say this because I believe I still had some certificate errors for the web portal after step 16 that were simply fixed when I upgraded SSO to 5.1u1.
  6. Backup your VCenter Server.
  7. Then Backup your VCenter Server and TEST YOUR BACKUP. A backup is only good if you can restore from it.
  8. Then, Take a SNAPSHOT of your VCenter Server if it is virtualized.
  9. Then backup your RSA DB instance in SQL. And don't be doofus and backup your RSA DB to your local C drive of your VCenter Server. If you have to start over, you lost it. Backup to networked drive or external storage.
  10. Then take a Screen Shot of LocalHost\SQL Instance\Security\Logins\Table  (The Idea is to capture all of your security accounts because once you proceed ahead, you might have to add some back after this procedure.)
  11. DrumROLL
  12. Uninstall SSO. (You will receive an error because you do not have the MASTER password to uninstall this instance. This error simply tells you that the database will still exist but SSO will be un-installed.
  13. Delete the RSA database from SQL.
  14. Follow the YouTube Video for the procedure to configure the RSA database and install SSO.
  15. Open CMD as ADMINISTRATOR. Just opening CMD will NOT work. You have to right click on CMD and "Run as Administrator".
  16. Follow all of these procedures. http://kb.vmware.com/kb/2033620
  17. Upgrade your SSO Instance.

 

Good Luck!

Re: vCenter Single Sign On master password

August 11, 2013, 9:57 pm
$
0
0

Mohammed,

I'm logged in as admin@system-domain.

How do you reset the master password once you logged in?

Thanks!

Re: vCenter Single Sign On master password

December 13, 2012, 10:52 am
$
0
0

\\Update

[Jump to the solution later in the thread here]

 

Tips:

- Remember that the admin@system-domain password requires greater strength than most VMware passwords.  As such, if you think you know the password but it's not working, try adding a special character at the end such as !.  It only requires 8 characters but there must be at least one special character.  It will also lock you out after 3 bad attempts.  Try back later after it has reset the lock.

 

- Admin is not admin
The user name is case sensitive.  It should always be admin@system-domain (domain portion not case sensitive).

 

Don't even think about upgrading vCenter / SSO without good DB and vCenter backups and/or snaps

- If you are dealing with a failed SSO upgrade from a previous version, then you should a) Roll back to a snapshot/restore; or b) Reinstall SSO and repoint your vCenter.  Remember to reinstall SSO you _must_ use the same version that was installed.  Also remember that a failed upgrade of SSO can and will stop the SSO service and/or your vCenter service.  From that point on you won't be able to login to an otherwise previously healthy sso.


admin@system-domain (Not cached in plain text)

- Despite what's listed below in my original post, the admin@system-domain password is _not_ cached in plain text.  However, the DBA_USER password is.


DBA_User password (this is cached in plain text):

"C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties"

 

Why is the above useful?  In the rare case where the technician set all passwords the same (or at least the admin@system-domain and the RSA_USER) then and only then could one glean the admin@system-domain password from the above file.  More details and other options in this thread.

 

\\original post

I'm sure this will be fixed eventually, but the answer you seek is (shockingly) available in plain text.

Browse to the following directory:

[intentionally deleted by grasshopper]

In the above directory, locate and open the following file in notepad:

[intentionally deleted by grasshopper]

 

Edit 0.1: As it turns out admin@system-domain is not cached in plain text, only the RSA_USER is.  More details in the Tips section above.

Edit 0.2: Added quick link to solution by memaad and added additional tips since this post has gotten quite long.  I will try to add more over time.

 

Message was edited by: grasshopper

Re: vCenter Single Sign On master password

October 8, 2013, 11:19 am
$
0
0

I executed Mohammed's SQL command and it completed successfully but I'm still getting "the provided credential are not valid". Is there a way for me to verify the username?

Re: vCenter Single Sign On master password

October 8, 2013, 1:02 pm
$
0
0

My group was facing an issue where we did not remember the password for admin@System-Domain, so we executed the help posted by memaad(810 posts since Dec 2, 2009)Jun 13, 2013 2:43 PM.

It worked and helped us out tremendously.

 

Our situation was slightly different in that we did not have the web client installed.

 

One thing to note is that if you previously attempt username password combinations that fail beyond 3 attempts, even the new password set via memaad's method fails. The Single Sign On (SSO) will lock you out for 15 minutes, so make sure to wait at least 15 minutes.

Search

Re: vCenter Single Sign On master password

April 24, 2014, 9:33 am
$
0
0

Hi Team ,

 

I used unsupported way to reset the password :

 

UPDATE

[dbo].[IMS_PRINCIPAL]

SET

[PASSWORD] = '{SSHA256}KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA=='

WHERE

LOGINUID = 'admin'

AND

PRINCIPAL_IS_DESCRIPTION = 'Admin';

 

This will reset the password to "VMware1234!",

 

It ran successfully but when i am checking the webclient using the username and reset password , It is not working properly.

 

Please can you make me understand this .

 

Regards,
Santosh Dalvi

Re: vCenter Single Sign On master password

April 24, 2014, 10:10 am
$
0
0

Hi santoshdalviderby,

What version of vCenter are you running (probably 5.1 right?).  Have you tried rebooting the vCenter since the fix?  Have you waited at least 15 minutes between any failed login attempts (default lockout is 3 bad attempts).  Also please make sure you are logging in with admin@system-domain ("admin" must be all lower case).  Ensure that the system time is healthy.

 

If all of the above checks out, then please tell us more about the steps taken prior to resetting the password.  Did you attempt to re-install any components (especially interested to know if any installs failed).  Keep in mind, this fix is only valid for a perfectly healthy system for which the password was forgotten.

 

Please review KB2034506.  You can also review the Web Client Logs, and other vCenter logs.  If the problem persists please provide the error message you get when attempting to login and share any relevant logs by attaching them using the advanced editor on a forum post reply.

Re: vCenter Single Sign On master password

April 24, 2014, 9:01 pm

Re: vCenter Single Sign On master password

April 24, 2014, 9:27 pm
$
0
0

Excellent!  Good job and thanks for sharing!

Re: vCenter Single Sign On master password

May 31, 2015, 4:21 am
$
0
0

We had a similar issue recently. We used the steps to reset the SSO admin password and unlock the account. We can now successfully login via the web client using the admin@system-domain account.

 

What isn't working for us is the upgrade of vCenter. Starting with upgrading SSO it asks for the admin password which we now have. When I enter that password it gives an error that it's blank or incorrect. Is it really looking for the admin password or something else?

Viewing all 262 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
First Pictures of the Eclipse ! ! !

First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm