If you are in the unfortunate position in which you or
someone else has forgotten the vCenter SSO v5.1 admin@System-Domain password,
then you may have a problem. Particularly if there are no other users delegated
as SSO administrators.
However the aim of this blog post is to help you in
resetting the admin@System-Domain password in SSO 5.1 only (it is much easier
in 5.5)!.
First and foremost it's worth pointing out this is completed
unsupported by VMware. VMware's advise and supported method is to reinstall
SSO.
However you do have 2 other possible options I have
presented below.
The first options is to simply check the password for the
SSO DB in clear text which may be the same as the SSO admin user password.
The second is to update the SSO SQL database admin users
password hash, to essentially change the password hash to a password has we
know and will change later.
Option A - If your lucky you might be able to find the
password this way..
1. Check this file to see if the password used for the SSO
SQL database user was the same as the password used for
"admin@System-Domain"
C:\Program
Files\VMware\Infrastructure\SSOServer\webapps\lookupservice\WEB-INF\classes\config.properties
Note: You will need to change the drive letter to where you
install vCenter SSO to if different to C:
2. The password used for the SQL Server database is on this
line "db.pass="
## Jdbc Url
db.url=jdbc:jtds:sqlserver://;serverName=;portNumber=1433;databaseName=sqldb1sso
## DB Username
db.user=svcvc1sso
## DB password
db.pass=Password123
## DB type
db.type=Mssql
## DB host
db.host=sqldb1.vmadmin.co.uk
Option B - This should work if you do not know the SSO
master password for "admin@System-Domain" and wish to reset it..
1. Open SQL Server Management Studio and connect to SQL
server hosting SSO (RSA) database
2. Backup the SSO RSA database so you can restore it if
there is a problem
3. Run the following SQL script on the SSO RSA database to
set the "admin" users password hash to "VMware1234!"
Note: You can change the password later, for now we will set
it to the above password to save re-installing SSO.
UPDATE
[dbo].[IMS_PRINCIPAL]
SET
[PASSWORD] =
'{SSHA256}KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA=='
WHERE
LOGINUID = 'admin'
AND
PRINCIPAL_IS_DESCRIPTION = 'Admin';
3. If you try to login to vSphere Web Client at this point
you may get the following message about your password has expired.
"Associated users password is expired"
4.Open an elevated command prompt and run the command:
SET JAVA_HOME=C:\Program Files\VMware\Infrastructure\jre
Note: Do not put quotes round the path and change the
directory to the path you installed vCenter to
5. Navigate to the ssolscli directory (change to the
directory you installed vCenter SSO to)
cd "C:\Program
Files\VMware\Infrastructure\SSOServer\ssolscli"
6. Run the SSOPASS command to remove the password expiry
ssopass -d https://vcenter1.rootzones.net:7444/lookupservice/sdk
admin
Note: This has to be the FQDN the certificate was generated
for, localhost will not work.
7. Type your current password, even if it is expired.
8. Type the new password, and then type it again to confirm.
9. Now you can logon to the vSphere Web Client with the
following credentials:
admin@System-Domain
VMware1234!
10. Change the password for the account and keep a record of
it!
11. It would also be advantageous to add a domain user or
group to the SSO administrators group.
No comments:
Post a Comment