Hi Mike ,
I resolved the issue by using this 2 technotes :
Thanks for your help Mike .
Regards,
Santosh Dalvi
Hi Mike ,
I resolved the issue by using this 2 technotes :
Thanks for your help Mike .
Regards,
Santosh Dalvi
Excellent! Good job and thanks for sharing!
We had a similar issue recently. We used the steps to reset the SSO admin password and unlock the account. We can now successfully login via the web client using the admin@system-domain account.
What isn't working for us is the upgrade of vCenter. Starting with upgrading SSO it asks for the admin password which we now have. When I enter that password it gives an error that it's blank or incorrect. Is it really looking for the admin password or something else?
Hi!
Is it possible to reset master password with "unsupported" method in vSphere 6?
Hi guys
i do not remember admin@system-domain password
i wondring how to reset admin's account password
i tried to reset password by rsautil command line but i dont remember master password.
Anyway to reset password? can i find Master password in DB tables? or add new user admin user in DB?
Br
Bezar
I don't think there is a way to reset the master password for SSO, at least I haven't come accross a way to do this yet ...
The master password is the one you set during initial setup, it doesn't change even if you changed later changed the admin password ... If you can't remember it ... I'm afraid there's not much you can do... Maybe someone else has better news?
Hi ,
VMware does not support reseting Master password, However while doing search online I found this link "Unsupported by VMware"
Regards
Mohammed
Nice find memaad ...
Of course it's not supported, but if you're really in need of a fix and don't want to take the recommended way of VMware ... You could go this route.
Seriously??? I just checked this, it's true ... The shocking thing is that I looked at that file before and didn't notice that ... Gotta ask myself
That's some serious security flaw if you ask me ...
Thanks grasshopper... This is exactly why I love this community ... Never stop learning and staying humble!
Never stop learning and staying humble!
Yes my friend. Wise words. Because sometimes you're on top and sometimes you're on esxtop.
-grasshopper
PS - please see my previous post. I removed some detail to protect the innocent. If anyone gets stuck they can IM me or hit my gmail.
Mike Nisk wrote:
PS - please see my previous post. I removed some detail to protect the innocent. If anyone gets stuck they can IM me or hit my gmail.
The difficulty with these situations is that:
In short, I would encourage you to take this to a support case, and if you get nowhere, put that post right back.
I'm not sure why you feel that way, Josh26. If anybody finds something they feel is a security vulnerability that hasn't been addressed by a previous VMSA/patch we'd appreciate that you immediately contact security@vmware.com and provide as much detail as possible regarding what you've found (http://www.vmware.com/support/policies/security_response.html). We actively investigate all reports.
In this case, while the password is stored in plaintext (and actually can not be stored as a hash due to how it's later used), the file itself has strong protections based on file system ownership and permissions restricting access to Adminstrator.
Thanks All
Did you ever get an answer to this, i have the same problem and am in dire need of help recovering the admin@system-domain password; re-install is not an option at this point. Please help me out, i can't see the plain text location in the post below.
For 2008 R2, you can check the following location and see if the password listed here jarrs your memory:
"C:\Program Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties"
Note: Afterall, I think the above is just the sso db pw but if you set everything the same it could be an instant win.
If this was an upgrade to 5.1 and now you can't login, you may consider reviewing the list of valid admins from "vc_admin_users_groups.txt" (if based on your scenario one populated for you). It would be in the temp directory of the person performing the upgrade (i.e. Start > Run > %tmp%).
Folder Location:
C:\Users\<xyzuser>\AppData\Local\Temp
valid admin list:
vc_admin_users_groups.txt
Admins that were removed:
deleted_vc_users.txt
Once you get an ID that you can login into the vSphere C#lient with, go to the permissions tab of the root datacenter for example, and add the appropriate groups that SSO took out (i.e. your server team or whatever). Then login to the web client / sso related stuff.
Hello!
Is there by now any possibility to reset the SSO master password?
I'd like to install the vSphere Webclient but can't remember the password for admin@System-Domain.
The password I was sure I used during the upgrade from vSphere 5.0 to 5.1 doesn't match.
Maybe I accidentally keyed in a wrong character when I first set the master password, I don't know.
I tried already possible variations without success.
Please help!
Hello sysmgmt. Welcome to the communities. Unfortunately the fix is still the same. The Supported method is reinstall SSO. Unsupported fix (confirmed to work) is to stand up a temp SSO db and copy the hash to your prod db. The link is listed earlier in the thread.
Hi grasshopper!
Thank you for the very quick reply and the hint with the unsupportetd fix.
I'll maybe try this way first before reinstalling SSO.
One of the advantages of communities is rapid discovery of exploits and their correction.
Storing passwords in plain text has been a bad idea since forever....
The fact that SSO does this practically means that ESXi Management Network, vCenter and SSO would need to be on an "air gap" network to be truly secure. After all, if I could exploit the SSO server filesystem; I could acquire the keys to the kingdom!
Please go through Installation of vCenter Single Sign On high availability or recovery node fails if Master Password and Administrator password are different in the vCenter server 51 release note https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-51-release-notes.html