top of page
Writer's pictureRichard
Apr 42 min read

Disconnected Accounts in VCF SDDC Manager

I have a problem with disconnected accounts in Password Management for VCF 5.1. Operation for Logs is showing as disconnected for all root and admin accounts. However, I can manually log on to these with admin and root using the known passwords in Lookup_Passwords. I tried to update/remediate passwords without any success





  • The vRSLCM root password is in a disconnected state in the under Password Management in the SDDC UI.

  • The VCF version in use is 4.x or 5.0.x.

  • The vRSLCM version is 8.14.x.

  • Remediation of the account fails consistently with error "Failed to establish SSH session to <vRSLCM_FQDN>"

  • The vRSLCM root password is valid and properly stored in the SDDC Manager.

  • SSH from the SDDC to the vRSLCM appliance succeeds:


Purpose

This KB is designed to assist in clearing the disconnected state of the vRSLCM root password.

Impact / Risks

Minimal.  However, is it strongly recommended to take a snapshot of the vRSLCM appliance before proceeding with the workaround.

Resolution

Issue is fixed in vRSLCM 8.16+ and VCF 5.1.1 (which is expected to contain vRLSCM 8.16)


Workaround

  1. Snapshot the vRSLCM appliance as per component documentation

  2. SSH to the vRSLCM appliance as root user

  3. Backup sshd_config

  • cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

  1. Edit sshd_config file on the vRSLCM appliance

  • vi /etc/sshd/sshd/sshd_config

  1. Add the following key hash algorithms on the 'MACs' line:

  • hmac-sha2-512,hmac-sha2-256

  • e.g. # Example of overriding settings on a per-user basis #Match User anoncvs #       X11Forwarding no #       AllowTcpForwarding no Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256 etm@openssh.com,hmac-sha2-512,hmac-sha2-256 AllowGroups wheel #       PermitTTY no #       ForceCommand cvs server UsePrivilegeSeparation yes RhostsRSAAuthentication no DenyGroups cap_vami_users

  1. Restart the sshd service

  • systemctl restart sshd.service 


If that doesn’t work. You may need to run the fix_known_hosts.sh script from SDDC towards vRSLCM to get the keys in sync. The script can be downloaded HERE

21 views0 comments

Recent Posts

See All

Commentaires

bottom of page