Search the VMware Knowledge Base (KB)
View by Article ID

vCenter HA replication fails due to expired VCHA user password (2148675)

  • 4 Ratings

Symptoms

  • The vCenter HA configure tab reports:

    A replication failure might be occurring at the moment. Automatic failover protection is disabled.
  • The vCenter HA monitor tab reports:

    Appliance configuration is out of sync.
    Appliance state is out of sync.
    Appliance sqlite db is out of sync.
  • In the /var/log/vmware/vcha/vcha.log file on the current active node, you see entries similar to:

    error vcha[7FC6BE0E6700] [Originator@6876 sub=VchaUtil] Error executing command /usr/bin/rsync: exit status=[12], stdout=[], stderr=[
    --> VMware vCenter Server Appliance 6.5.0.5100
    --> Type: vCenter Server with an external Platform Services Controller
    --> WARNING: Your password has expired.
    --> Password change required but no TTY available.
    --> rsync: connection unexpectedly closed (0 bytes received so far) [sender]
    --> rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.2]
    warning vcha[7FC6BE0E6700] [Originator@6876 sub=RsyncRepl-largeFrp] Rsync failed for vmw, retrying in 8 secs
  • Running the command chage --list vcha on the current active node shows that the password for the account vcha has expired:

    [ ~ ]# chage --list vcha
    Last password change                                    : Nov 14, 2016
    Password expires                                        : Jan 13, 2017
    Password inactive                                       : never
    Account expires                                         : never
    Minimum number of days between password change          : 1
    Maximum number of days between password change          : 60
    Number of days of warning before password expires       : 7

Cause

This issue occurs when vCenter HA is enabled, a new local OS user VCHA is created and used to perform the file replication between the current active node and current passive node.
 
Note: The user is also enabled to use RSA Key for SSH Authentication. However, even if the default user password expires, RSA Key for SSH Authentication is not possible.

Resolution

To resolve this issue, reset the VCHA user password on all three vCenter HA nodes (active, passive and witness).
 
Important: Ensure to perform these steps on all three vCenter HA nodes with the same password for the VCHA user.
  1. Log in to each vCenter HA as root using SSH or VM Console.
  2. Change to the BASH shell by running the shell command:


    Command> shell
  3. Reset the password for the VCHA user using the password command: 


    [ ~ ]# passwd vcha
    New password:
    Retype new password:
  4. Set the vcha user account to never expire by running this command:

    [ ~ ]# chage -m 0 -M 99999 vcha
  5. Confirm that the vcha user account is set to never expire by running this command:

    [ ~ ]# chage --list vcha
    Last password change                                    : Jan 13, 2017
    Password expires                                        : never
    Password inactive                                       : never
    Account expires                                         : never
    Minimum number of days between password change          : 0
    Maximum number of days between password change          : 99999
    Number of days of warning before password expires       : 7
 
Notes:
  • There should be no need to restart any services. Replication should now begin to succeed. It may take several minutes for all nodes to get synced.
  • If the replication does not start or complete, restart the vCenter HA Passive node.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 4 Ratings
Actions
KB: