Tag vrli

vRealize Log Insight Internal Certificate Expiration and Vulnerabilities

Brian Owen Leave a comment

A lot of vRLI customers, including me, were caught off guard in recent weeks that a certificate is expiring on April 30th. I figured taking care of this shouldn’t be a big hassle, but I was wrong. VMware provided a long list of instructions for applying a workaround, which are linked below. Seemed like a lot of trouble for an internal certificate.

https://kb.vmware.com/s/article/91441?lang=en_US
https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-89D2FDFC-2869-43C0-B6D6-23146DB5E4FE.html
https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-C5144813-F22A-4476-9E0E-BEC5B60417BF.html

I figured VMware wouldn’t leave us all hanging and I decided to wait to see if a patch would be released before the end of the month. I am glad I did because patch 8.12 was released on the 20th. Applying the patch resolves all of the vulnerabilities (CVE-2023-20864, CVE-2023-20865) and the upcoming expiration of the certificate. I upgraded from 8.10.2 and had no issues with the upgrade. Very fast and straightforward with taking a powered off snapshot and applying the update through the web UI. Check out the link below for the VMware KB on this update.

https://kb.vmware.com/s/article/91831

The patch also provides more. vRLI is now VMware Aria Operations for Logs within the product. Will everyone call it vAOL? I figured the name change will happen sometime soon, but I didn’t think it would on a small patch. There are also a few other updates. Check out the link below for the release notes.

https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/vmware-aria-operations-for-logs-812-release-notes/index.html

vRealize Password Trouble

Brian Owen Leave a comment

Even if you document every password you created, you may still run into password related issues. Root password expirations are easy ones to miss, especially when you don’t know when the password is going to expire. Most vRealize products expire root accounts password after 365 days. I recommend disabling password expiration for root and admin passwords for vRealize products if you can. Of course, still rotate the passwords. That way you are not in a tough spot if you miss the chance to easily change it. Either way, make a reminder in your PAM to change the passwords if you have a policy to rotate passwords. Below are some tips if you cannot log in to one of your vRealize products.

For example, if you are sure you know you are using the correct password to SSH with root and it’s saying your password is wrong, start off with rebooting each node one at a time. Then SSH into each node with the current password. Hopefully, you’ll be prompted that the password expired and to change it. This also works for NSX Manager nodes. If it’s an account that was recently locked out, waiting about one hour worked for me in the past.

VMware has documentation for each vRealize product to reset the root password. It’s generally booting into single user mode when using Photon OS. It also has ways in documentation to disable the password expirations.

If you are using vRealize Lifecycle Manager, make sure to update passwords in its Locker. Your accounts will lock out if you don’t do it.

Configure SMTP for everything that has the ability and set email addresses for all accounts. Password reset links are emailed out for Log Insight. Therefore, best to have this squared away ahead of time in case a user needs their password reset.