VMware: Recover vCenter Single Sign On (SSO) master password
2014-06-20 19:54
621 查看
During
the installation of the VMware vSphere Web Client I had to provide vCenter Single Sign On Information. Since no additional accounts / groups where granted SSO admin privileges (see VMware
vSphere 5.1 Documentation Center) the only account that had sufficient privileges was the default SSO admin user admin@System-Domain. The credentials of this account are provided during installation of the vCenter Single Sign On Service.
Unfortunately the password of the default SSO admin account was unknown. In this article I’ll explain how to change the password of the default SSO admin account.
Master password
VMware provides us with a solution to reset the password of the default SSO admin account (KB2034608)but it requires the master password. The master password is set during installation, the password provided for the default SSO admin account is used as master password, but it is not the same password as the default SSO admin account.
Although we can change the password of the default SSO admin account (admin@System-Domain), changing the master password is not possible (or supported).
After the password of the default SSO admin account is changed the master password is still unusable.
Default SSO admin account
The vCenter Single Sign On Service stores all data in a databases, including the principals. The credentials of the default SSO admin account are stored in the IMS_PRINCIPAL table. One of the stored properties is a SSHA-256(salted)hashed password. Changing the password is as easy as replacing the hash (also known as pass the hash) from a clean
vCenter SSO service installation.
Schubis wrote a (german) article how to generate a new hash and how to replace it
in your existing vCenter SSO setup. Unfortunately this requires you to built a lab environment with a SQL server and vCenter Single Sign On service, which is time consuming. Since you can change the password afterwards, I might as well provide you with some
pre-created hashes:
12345 | Passw0rd!{SSHA256}B6HO7UNHVi5fglh1RpJXX4z1maGJ9lcicTVcy94ztsmzAekseg== VMware1234!{SSHA256}KGOnPYya2qwhF9w4xK157EZZ/RqIxParohltZWU7h2T/VGjNRA== |
Recover access
If you need to recover access of the default SSO admin account please follow the following three steps:1. Reset password to temporary passwordConnect to the SQL database (default is RSA) and execute the statement below to reset the password of the default SSO admin account to Password!PgSQL
1 2 3 4 5 6 7 8 | UPDATE [Dbo]. [IMS_PRINCIPAL] SET [PASSWORD] = '{SSHA256}B6HO7UNHVi5fglh1RpJXX4z1maGJ9lcicTVcy94ztsmzAekseg==' WHERE LOGINUID = 'admin' AND PRINCIPAL_IS_DESCRIPTION = 'admin' |
2. Restart vCenter SSO service
Restart the service “vCenter Single Sign On” to apply the changes.
3. Change the password the default SSO Admin account
Connect to the VMware vSphere Web Client and authenticate with the new default SSO credentials (username :admin@System-Domain
and password: Passw0rd! ).
Navigate to Home > Administration > SSO Users and Groups
Select the default SSO admin account > Action > Edit User
Change the password of the default SSO admin account to your preferred password
Please avoid the use of special characters in your SSO administrator password like (^ * $ ; ” ’ ) < > & | \ _”), non-ASCII characters and trailing “ “ space as the vCenter SSO service cant’ handle it (KB2035820)!
原文出处:http://www.ingmarverheij.com/vmware-recover-vcenter-single-sign-on-sso-master-password/
相关文章推荐
- VMware从零开始学习之06 vCenter Single Sign-On安装
- vmware vcenter Single Sign-On 密码忘记
- ASP.NET 2.0: Implementing Single Sign On (SSO) with Membership API
- SSO (Single Sign On)介绍
- SSO-Single Sign On 单点登录
- SSO(Single Sign on)-单点登录
- Microsoft Single Sign-on Service (SSOSrv) 未能检索用户的解决办法
- 单点登录 Single Sign On (SSO)
- MOSS SSO -2147217900调用 SPS Single Sign-on 失败。返回的错误代码为“-2147217900” 错误
- 配置和启动Sharepoint Portal Server 2003的SSO[single-sign-on]
- SSO-单点登录(single sign on)
- SSO(Single Sign On)系列(一)--SSO简单介绍
- 配置 vCenter Single Sign-On 中
- Single Sign on (SSO) Using Cookie in asp.net
- SSO: 单点登录(Single Sign On),简称为SSO
- SSO(Single Sign on)-单点登录收藏
- 单点登陆,SSO英文全称Single Sign On
- ASP.NET 2.0: Implementing Single Sign On (SSO) with Membership API
- SSO (Single Sign On)