vRealize Automation 8.1 through 8.4 root password is expired 1 year after release preventing new installation
Article ID: 318876
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- When deploying a new instance of vRA 8.1 through 8.4, from a build released more than one year ago, LCM deployment fails during
Stage 4 - First Boot Check - VraVaInitializeTask LCMVRAVACONFIG590003
Environment
VMware vRealize Automation 8.3.x
VMware vRealize Automation 8.4.x
VMware vRealize Automation 8.1.x
VMware vRealize Automation 8.2.x
VMware vRealize Automation 8.4.x
VMware vRealize Automation 8.1.x
VMware vRealize Automation 8.2.x
Cause
The vRA PhotonOS appliance root password expiration is configured for 365 days. When the appliance is deployed, the current default password has already expired. When the system sets the new password during first boot, it fails due to a PAM configuration issue. As a result, the appliance is left with the default password and LCM is unable to access it.
Resolution
VMware is aware of this issue and is being considered for a future release.
Workaround:
Workaround:
- SSH into the newly deployed vRA appliance(s)
- Login using root with the password vmware
- When asked to change the password, set the new password to the one originally supplied with the previous attempted LCM initiated deployment.
- Within LCM, retry the failed deployment without deleting the already deployed appliances.
Note: If too many login attempts were made and the account is locked, automatic unlock will occur after 30 minutes. Alternatively, a reboot of the appliance will also unlock the root account.
Note: If the password provided to LCM is too simple or otherwise insecure, Step #3 will fail. In this case, a more secure password should be first set. After a successful login, the password should be changed to the one provided to LCM by running the passwd command on the shell.
Note: If the password provided to LCM is too simple or otherwise insecure, Step #3 will fail. In this case, a more secure password should be first set. After a successful login, the password should be changed to the one provided to LCM by running the passwd command on the shell.
Secure password example: lFxk380!
Additional Information
Impact/Risks:
- During this process, the appliance(s) root account will be temporarily accessible with the default password vmware.
- It is recommended to resolve the state of the non-custom root password on each appliance immediately with a custom password, else VMware advises to network isolate these virtual machines until this article can be followed.
Feedback
Yes
No
Powered by
