That time of the year again for this article. I am now a vExpert for five years in a row. After two years of only online events, VMworld is back in person and will have some sort of virtual option. Will be interesting to see how the king of hybrid cloud will handle a hybrid event. Starting August 29 – September 1 in San Fran and then November 7-10 in Barcelona. I imagine proposals should be starting soon and then more details to get everyone pumped up.
Everyone has noticed the tiny (1CPU, 128MB memory) vCLS machines (vSphere Cluster Services) that deployed in our environments after the 7.0 U1 upgrade. I like the concept of them that remove the dependency of vCenter being up for DRS to function. I envision that VMware will add more features that no longer depend on vCenter in future releases. There’s a little quirky thing that only an admin account in vCenter can see the vCLS machines. Searching with a non-admin account will only find the vCLS tags. Not really many scerionos that someone needs to interact with them, but one is to migrate them off a datastore you don’t want them to use.
Even if you document every password you created, you may still run into password related issues. Root password expirations are easy ones to miss, especially when you don’t know when the password is going to expire. Most vRealize products expire root accounts password after 365 days. I recommend disabling password expiration for root and admin passwords for vRealize products if you can. Of course, still rotate the passwords. That way you are not in a tough spot if you miss the chance to easily change it. Either way, make a reminder in your PAM to change the passwords if you have a policy to rotate passwords. Below are some tips if you cannot log in to one of your vRealize products.
For example, if you are sure you know you are using the correct password to SSH with root and it’s saying your password is wrong, start off with rebooting each node one at a time. Then SSH into each node with the current password. Hopefully, you’ll be prompted that the password expired and to change it. This also works for NSX Manager nodes. If it’s an account that was recently locked out, waiting about one hour worked for me in the past.
VMware has documentation for each vRealize product to reset the root password. It’s generally booting into single user mode when using Photon OS. It also has ways in documentation to disable the password expirations.
- vROps – root password reset
- vROps – Set root password expiration
- vRLI – root password reset
- vRA – root password reset
- vRLCM – root password reset
If you are using vRealize Lifecycle Manager, make sure to update passwords in its Locker. Your accounts will lock out if you don’t do it.
Configure SMTP for everything that has the ability and set email addresses for all accounts. Password reset links are emailed out for Log Insight. Therefore, best to have this squared away ahead of time in case a user needs their password reset.