Requests submitted against Aria Automation nodes from vRLCM can fail with an LCMVRAVACONFIG90045 error after change the ‘root’ password on VRA.
One of the common causes is resetting the password for vRA by directly SSH’ing into it. Since vRA is managed by vRLCM, it is recommended to perform its lifecycle operations, including changing passwords and taking snapshots, using vRLCM. If the password was changed directly, it leaves vRLCM unaware of this change and will continue to use the root password stored in its Locker, causing requests to fail.
Here is a screenshot of a snapshot request failing. If you take a closer look, you will notice that the task is failing at Stage-3 when it tries to power on the VM and bring the services up on the node (this is because the request corresponds to an offline snapshot request using vRLCM). To bring up the services on the node, vRLCM will need to SSH into the node as ‘root’. Since the root password stored in vRLCM Locker is no longer the current password, the request fails.
And, if you happen to RETRY hoping it would fix the issue, multiple such retries can lockout the account.
Once the account is locked out you will need to bootup the appliance in single-user mode to change the password. Refer to Broadcom KB - https://knowledge.broadcom.com/external/article/322721/resetting-the-root-password-in-vmware-ar.html
Once you modify the password, you will now need to update vRLCM with the new password for VRA. You could use the following procedure to do so:
Logon to vRLCM as the admin@local and click on Locker
Click ADD and create new password record for the new password that was set on vRA
Once you have a new password record created, navigate to Lifecycle Operations | Environments and VIEW DETAILS of the environment corresponding to the VRA Node.
On the details page, select Aria Automation Nodes to see a list of all vRA nodes in the environment. Select the desired node and click CHANGE NODE PASSWORD.
On the Change Node Password screen, set the Current Password and New Password to the same Locker password record that we create at step-2 and click SUBMIT.
You should see an Update root password request complete sucessfully.
Now that the 'root' password has been updated, you can try re-submiting the requrest to resume from the failed state.
Navigate to Lifecycle Operations | Requests and lookup the failed request and click FAILED to expand its details.
On the Request Details page, Ckick RETRY to resubmit the request.
If the request fails once more, do not press RETRY again, as this could result in the root account being locked out again. Instead, you will need to submit a new request.
For the snapshot request issue discussed in this blog, you will need to perform some clean-up before you submit the request again.
Revert the snapshot on the appliance VM using vRLCM
Lifecycle Operations | Environments and VIEW DETAILS of the environment corresponding to the VRA Node.
Use the horizontal elipses to drop-down the menu and navigate to Snapshot | Manage Snapshots
Revert to the snapshot taken by the failed request
The VM should be powered-off at this point as it is shutdown by vRLCM for an offline snapshot.
Power-On the VM using vRLCM
Lifecycle Operations | Environments and VIEW DETAILS of the environment corresponding to the VRA Node.
Use the horizontal elipses to drop-down the menu and click POWER-ON
Once the VM is up and running, delete the snapshots using the vRLCM
Now intiate a new snapshot request from vRLCM
Lifecycle Operations | Environments and VIEW DETAILS of the environment corresponding to the VRA Node.
Use the horizontal elipses to drop-down the menu and navigate to Snapshot | Create Snapshot
Comments