• info@lab2prod.com.au
  • Australia
VCF
VMware Cloud Foundation: Patching Failed

VMware Cloud Foundation: Patching Failed

SDDC Manager: Unable To Configure Security Global Config

The Issue?

There are 6 steps to upgrade a VMware Cloud Foundation (VCF) management domain:

  1. SDDC Manager and VMware Cloud Foundation services.
  2. VMware Cloud Foundation config drift.
  3. vRealize Suite Lifecycle Manager, vRealize Suite products, and Workspace ONE Access.
  4. NSX.
  5. vCenter Server.
  6. If you have stretched clusters in your environment, upgrade the vSAN witness host.
  7. VxRail Manager and ESXi

Reference: VMware Cloud Foundation Upgrade Process

The issue highlighted in this post occurs as part of step 1, specifically, when upgrading SDDC Manager.

Unable To Configure Security Global Config

The Cause?

This is due to the password expiration on the admin account on the NSX Managers. As a result of the expired password, the password saved on SDDC Manager no longer works against the NSX Managers. Due to repeated failed login attempts via API, the NSX Managers lock out the SDDC Manager login attempts – even with the right credentials. This results in the administrator not being able to remediate the account password in SDDC Manager.

Unable To Configure Security Global Config
sddc manager password remediation failed

The Fix?

This fix is relatively quick and simple:

1. Connect to each NSX Manager via SSH.

2. Login with admin credentials.

3. Run the following commands on each of the NSX-T Managers:

nsx fix api lockout policy

Repeat this process for the root account if required. Once this process is complete, retry password remediation on SDDC Manager again.

Summary

The issue is a result of not maintaining account password validity across SDDC Manager and the various solutions, in this case it was VMware NSX. It would prove beneficial to add password maintenance to your teams BAU task list.

My VCF Troubleshooting guide has a few other tips for administrators.

Check out these links for all my other VCF articles and my recently published VCF course

Leave a Reply

Your email address will not be published. Required fields are marked *