vSphere 6.5 - vCenter HA Health Degraded due to Password Expiration

Share on:

One of my favorite new features of vSphere 6.5 is definately vCenter HA. I was checking out alerts when I noticed i had an alarm for vCenter HA being degraded.

Looking through the GUI, I was unable to find anything in regards to why the Health was a warning and why the components would not sync. Then I remembered a previous case I had opened for VCHA.

There is a log file located in /var/log/vmware/vcha

As soon as i opened up vcha.log the issue was plain and clear.

 1--> VMware vCenter Server Appliance 6.5.0.5100
 2-->
 3--> Type: vCenter Server with an embedded Platform Services Controller
 4-->
 5--> WARNING: Your password has expired.
 6--> Password change required but no TTY available.
 7--> rsync: connection unexpectedly closed (0 bytes received so far) [sender]
 8--> rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.2]
 9--> ]
102017-01-31T08:00:22.515-05:00 warning vcha[7F80E0818700] [Originator@6876 sub=RsyncRepl-largeFrp] Rsync failed for vmw, retrying in 2 secs
112017-01-31T08:00:24.666-05:00 error vcha[7F80E0818700] [Originator@6876 sub=VchaUtil] Error executing command /usr/bin/rsync: exit status=[12], stdout=[], stderr=[

My Password has expired! How is this possible? Lucky for me FĂ©idhlim O’Leary has already encountered this issue, and opened up a support case. The problem is due to the vcha user password expiring, it’s quite a simple fix.

If you check the password age, you can see when the last password change is. This example my password has not expired yet, you can check the expiration date but running chage –list vcha

1root@vc [ ~ ]# chage --list vcha
2Last password change                                    : Jan 05, 2017
3Password expires                                        : Mar 06, 2017
4Password inactive                                       : never
5Account expires                                         : never
6Minimum number of days between password change          : 1
7Maximum number of days between password change          : 60
8Number of days of warning before password expires       : 7

If the password is already expired, you can reset it by typing

1passwd vcha

Note: You will need to do this on all 3 nodes. You can ssh to the peer and witness through the primary if you know those IP’s

Now, we can set our password to not expire.

1root@vc [ ~ ]# chage -m 0 -M 99999 vcha

If we recheck the password expiration, we can now see it is set to not expire.

1root@vc [ ~ ]# chage --list vcha
2Last password change                                    : Jan 05, 2017
3Password expires                                        : never
4Password inactive                                       : never
5Account expires                                         : never
6Minimum number of days between password change          : 0
7Maximum number of days between password change          : 99999
8Number of days of warning before password expires       : 7

We will need to wait a few minutes for our replication cycles to complete, and voila! VCHA is now Healthy!

comments powered by Disqus

See Also