Caution: VCHA user password

When VCHA is enabled, a new OS user “vcha” is created and used for the file based replication.

This morning I experienced an issue on one of my VCHA setups (but not the other) where replication was failing when I arrived into the office.

Update 23/01/2017 – This is a real issue and not a once off. VMware Engineering are aware.

Looking at my vcha.log on my active I could see it was complaining about a password expiration.

2017-01-16T08:40:33.725Z error vcha[7FC6BE0E6700] [Originator@6876 sub=VchaUtil] Error executing command /usr/bin/rsync: exit status=[12], stdout=[], stderr=[
--> VMware vCenter Server Appliance 6.5.0.5100
-->
--> Type: vCenter Server with an external Platform Services Controller
-->
--> WARNING: Your password has expired.
--> Password change required but no TTY available.
--> rsync: connection unexpectedly closed (0 bytes received so far) [sender]
--> rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.2]
--> ]
2017-01-16T08:40:33.725Z warning vcha[7FC6BE0E6700] [Originator@6876 sub=RsyncRepl-largeFrp] Rsync failed for vmw, retrying in 8 secs

Using the command chage I inspected the vcha user

On the broken setup it showed that the password expired on Jan 13th 2017

root [ / ]# chage --list vcha
Last password change : Nov 14, 2016
Password expires : Jan 13, 2017
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7

Looking at my second VC the exact same is present except it looks like the password automatically changed on Jan 13.

root [ / ]# chage --list vcha
Last password change : Jan 13, 2017
Password expires : Mar 14, 2017
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7

Both VCs were deployed on the same date – Nov 14th 2016. I’m not sure why one automatically changed it’s password but the other didn’t. Also the chage command shows that the account is never supposed to expire so I’m not sure there either.

To fix this issue I manually reset the vcha user password by running:

passwd vcha

Set the user account vcha to never expire by running:

chage -m 0 -M 99999 vcha

You need to do this on all three VCHA nodes and reset each node with the same password.

 

Since Jan 14th was 60 days after the GA of vSphere 6.5 if you hit this issue please file an SR with VMware Support – hopefully this was just a once-off in my environment.

Advertisements

1 thought on “Caution: VCHA user password”

  1. Hi. This just happened to me as well. Spent a day trying to figure out why replication stopped. Because very unfortunately for me I changed Port Groups on all three nodes for the replication network on the same day vcha expired. So I went around in circles.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s