Reset the VMware SSO password in vSphere 6.0

20 十二月

Due to the changes in the new vCenter Server 6.0 architecture, the SSO has now been incorporated in the new VMware Platform Services Controller “role”.

But the concepts of a global SSO accounts still exist and remain important to manage the infrastructure (and more important during installation and upgrade). If you forget the SSO admin password you can have some trouble. I’ve already wrote on how reset the VMware SSO password in the vSphere 5.1 and 5.5 versions and the procedure remain almost the same also in the 6.0 version.

As written in the KB 2034608 (Unlocking and resetting the VMware vCenter Single Sign-On administrator password) you can have this problem also in a case of multiple login failure (by default the account get locket if the password is incorrectly entered three times).

For VMware Platform Services Controller 6.0, if you want just to unlock the password:

  • Wait for 5 minutes. By default, the account lockout policy is set to unlock after 15 minutes. For more information on account lockout policies for the Platform Services Controller (PSC), see vCenter Server Password Requirements and Lockout Behavior in the vSphere Security Guide.
  • Unlock the account using another session that is still logged into the PSC server or using another user account with SSO administrator privileges.
    To unlock an account using another session or using another user account with SSO administrator privileges:

    1. Click Home.
    2. Click Administration.
    3. Click Single Sign-On > Users and Groups.
    4. Click the Users tab.
    5. Right-click the affected user account, such as administrator@vsphere.local, and click Unlock.

For VMware Platform Services Controller 6.0, if you need to reset the SSO admin password:

  • To reset the administrator@vsphere.local password on a Windows Platform Services Controller or vCenter Server with Embedded Platform Services Controller:
    1. Log in to the vCenter Server with a domain administrator account. If the Platform Services Controller is installed separate from the vCenter Server, log in to the Platform Services Controller server.
    2. Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
    3. Open the vdcadmintool service tool with this command:
      c:\> “%VMWARE_CIS_HOME%\vmdird\vdcadmintool.exe”
      This console loads:
      ===============================
      Please select:
      0. exit
      1. Test LDAP connectivity
      2. Force start replication cycle
      3. Reset account password
      4. Set log level and mask
      5. Set vmdir state
      ===============================
    4. Press 3 to enter the Reset account password option.
    5. When prompted for the Account UPN, enter: Administrator@vSphere_Domain_Name.local
      By default, this is:
      Administrator@vSphere.local
      A new password is generated.
      Note: if you customized your vSphere Domain name, provide the customized domain name.
    6. Use the generated password to log in to the administrator@vSphere.local account.
    7. After the password is regenerated, log in to the vSphere Web Client and change the password.
  • To reset the administrator@vsphere.local password on the Platform Services Controller or vCenter Server with Embedded Platform Services Controller Appliance:
    1. Log in to the vCenter Server Appliance via SSH.
    2. Run this command to enable access the Bash shell:
      shell.set –enabled true
    3. Type shell and press Enter.
    4. Open the vdcadmintool service tool with this command: /usr/lib/vmware-vmdir/bin/vdcadmintool
      This console loads:
      ================================
      Please select:
      0. exit
      1. Test LDAP connectivity
      2. Force start replication cycle
      3. Reset account password
      4. Set log level and mask
      5. Set vmdir state
      ================================
    5. Press 3 to enter the Reset account password option.
    6. When prompted for the Account UPN, enter:
      Administrator@vSphere_Domain_Name.local
      By default, this is:
      Administrator@vSphere.local
      But remember that in PSC you can have custom domains!
      A new password is generated.
      Note: if you customized your vSphere Domain name, provide the customized domain name.
    7. Use the generated password to log in to the administrator@vSphere.local account.
    8. After the password is regenerated, log in to the vSphere Web Client and change the password.

As you can notice the procedure remain almost the same both in 5.5 and 6.0 version with only few minimal changes.

來源:http://vinfrastructure.it/2015/05/reset-the-vmware-sso-password-in-vsphere-6-0/

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料