Wednesday, June 24, 2015

Leap second 2015 Issue/bug - Are you ready?

In the next 30th of June time a leap second is a second which is added to Coordinated Universal Time (UTC) in order to synchronize atomic clocks with astronomical time to within 0.9 seconds.

- The last leap second update happened on June 30th 2012 @ 23:59:60 UTC.
- The next leap second update is due June 30th 2015 @ 23:59:60 UTC. 

This UTC time change, can and will have a impact in most of our systems(most of the systems have a bug regarding this issue)

So prepare you systems for this change. Or check if they are properly configure for this bug.

In most of the systems we just need to do some changes in your NTP servers.

I will just add a list of some of the systems that you may have in your Virtual Infrastructures that  could be impacted with this issue. Will add the proper solutions(or the list for different devices) provided be support.

Follow the link bug search and choose your products

VMware
CISCO*
EMC*

HP: Storage, Proliant
NetApp*: NetApp systems will not be impacted by this bug, but they need to time needs to be proper configured, that your systems are safe. Check NetApp link support for the "how to"

*This support require that you have a support account.

Some of the solution provided is just a workaround, disable NTP servers before the leap second, and then enable again after the lead second occur. This workaround will work for most of the systems, but not so easy to manage with hundred, or thousands of devices.

Hope this can help you how to fix(or reconfigure your systems) and/or  bypass this issue in 30th June.

Wednesday, June 3, 2015

vCenter 5.x/6.x: How to reset administrator@vsphere.local account password.





There is a couple of reasons if we lose SSO administrator password.

We can forget the password, but also after an update from vCenter from 5.1 to 5.5 we cannot change the password in vSphere Web Client(is grayed out).

If this any of these cases had happen, we need to reset the password SSO administrator@vsphere.local.

You can reset the password with the tool vdcadmintool.exe on a Window Server, or from the vCenter Appliance(Linux based).

For the vCenter Windows Server:Log in to the vCenter Server with a domain administrator account, or to vCenter Single Sign-On if is installed in separated server.

Open a cmd(shell command prompt) console with "Run as Administrator"
Go to vmdird folder, that is located in "Program Files\VMware\Infrastructure\VMware\CIS\vmdird" or in "C:\Program Files\VMware\vCenter Server\vmdird"

  1.  Change Directory: c:\>cd\Program Files\VMware\Infrastructure\VMware\CIS\vmdird
  2.  Run vdcadmintool tool: c:\>Program Files\VMware\Infrastructure\VMware\CIS\vmdird>vdcadmintool.exe
  3.  Press 3 to choose to:  Reset administrator@vSphere.local password account.
  4.  Add the Account DN: cn=administrator,cn=users,dc=vSphere,dc=local 

    Note:
    if you customized your vSphere Domain name, provide the customized domain name in the Account DN option.

    (a new password is generated and displayed. Use this password to log into the administrator@vSphere.local account.)
  5. Press 0(zero) to exit console menu.


For the vCenter Server Appliance: 

For vCenter Appliance is the some procedure as for Windows, except the connection to the vCenter and location of the vdcadmintool

Connect to your vCenter Appliance with ssh and user root(if you did not change the initial password, the default password is vmware).

Note: If ssh is no enable in the vCenter appliance you need to enabled in the vCenter Appliance Web Console.

Connect to:
https://ip-address:5480 and in the admin tab enable "Administrator SSH login enabled"





After you are connected to the vCenter Appliance through ssh the location of the  vdcadmintool is: /usr/lib/vmware-vmdir/bin/vdcadmintool

Run the tool and use the same procedure/options that is detailed above for Windows vCenter.

 

Note: if you customized your vSphere Domain name, provide the customized domain name in the Account DN option.

After this your account administrator@vsphere.local password is reset.

Note: After you reset your account if you want to change the password to your company/environment policy, you can connect to your vCenter with vSphere Web Client and edit user(administrator) and change the password for administrator account.

Go to option "Administration -> Single Sign-On -> User and Groups -> Users Tab" then choose administrator user, right mouse click and choose "Edit User"(or use Edit User icon) and change password.



Also if you have you administrator@vsphere.local account locked(too many bad password attempts), or any other account, in the "Administration -> Single Sign-On -> User and Groups -> Users Tab", right mouse click and choose "Unlock"(or use Actions - Unlock icon) to unlock the account.

Note: To unlock, or do any changes in the administrator@vsphere.local, or connect to Single Sign-On area, you need a user with Single Sign-On admistration permissions.



Note: Additional information you can found here in VMware KB: KB-2061122 and KB-2034608

Hope this can can help you fixing your issues with the account administrator@vsphere.local(or other administration accounts).