vRealize Operations Manager Version: 8.4
Photon OS Version: 3.0 (build 11dd065)
Table of Contents
VMware References:
- How to reset the root password in vRealize Operations (2001476) (https://kb.vmware.com/s/article/2001476)
- Upgrade to vRealize Operations Manager 8.x fails due to the admin or root account password (75195) (https://kb.vmware.com/s/article/75195)
- About the vRealize Operations Administration Interface
Overview
I deployed three new appliances and when I tried to run Chef InSpec against an appliance, I realized I had forgotten to initially set the root password from the console. The result was that the root account locked. I found a VMware knowledge base article to assist, but a few settings did not work for me. This page should be a one-stop resolution to unlock the root account.
Boot into Single User Mode
(Recommended) Take a snapshot of all the appliances in the cluster.
Log in to the VMware vRealize Operations administration interface (admin UI) using the following address
https://hostname.domain-name.tld/admin
Select the node with the locked root account and click Take Node Offline/Online.
If the cluster is not running in High Availability (HA) mode, the cluster will need to be taken offline.
Provide a reason, if desired.
Open a web or remote console of the node.
With the console open, restart the virtual machine.
When the following Photon OS splash screen is visible, press the letter e to open the GNU GRUB menu.
When the GNU GRUB menu appears, arrow down to the line that begins with linux /$photon_linux and press Ctrl + e to go the end of the line.
Add a space and type the following:
rw init=/bin/bash
Press F10
Method 1 – Reset the root account — no new password
If you know the current password or do not want to set a new password due to password rotation limits, try using the following method:
pam_tally2 --user root --reset
Unless the directory has been created at some point, you may receive the following error and the account will not be unlocked.
pam_tally2: Couldn't create /var/log/tallylog: No such file or directory pam_tally2: Authentication error
List the directory contents to see that the /var/log is actually a link to /storage/log/var/log. This however is a broken link as the /var/log directory does not exist in /storage/log.
Add the missing directory to /storage/log with the following command:
su - mkdir --parents /storage/log/var/log
Now, when listing the directories, we can see the missing directories exist. All that is needed is to create the tallylog file. Run the following command to create the tallylog file.
touch /storage/log/var/log/tallylog
Run the pam_tally2 command again.
pam_tally2 --user root --reset
As you can see from the screenshot, the Failures column displays a 0, indicating the account is unlocked.
Reboot the appliance using the following commands:
umount / reboot -f
Bring the Cluster Online
Refresh the browser or log in to the vRealize Operations admin UI and bring the cluster online.
Conclusion
You should be able to log into the console, establish SSH, or continue use of your automation tool. Just be sure that if you do change the password, you update the password in your automation tool.