Changing passwords? lets make it as difficult as we can…

In this day and age of computer hacks and security problems, why do companies make it awkward to change usernames and or passwords? One example of an awkward procedure to change a password is on the VMware vCenter server. If like any good security minded person you have allĀ  your passwords set to expire every 28 days or so, to change the password on the vCenter server you have to do some “command line fu” to change it. Heaven forbid that you have to change the username as well. So how do you do it? Well if you are running vCenter on a Windows 2008 server and connecting to a Oracle server (that actually holds all the data) there are a couple of things you need to do:

  1. Shutdown the vCenter server (disable it in the Services Control panel)
  2. Change the password for your vCenter user in the oracle DB
  3. Now here it the BIG gotcha. On the windows side you have to run a CMD prompt as an admin user. Just clicking on it in the start menu won’t do it. You have to right click on it and do “Run as Administrator”. If you fail to do this, the next step will fail and just piss you off even more. (The reason for this is the username and password are stored in the registry and I guess running cmd as normal user revokes all privs to modify the registry.)
  4. Now go to the location where VMware vCenter is installed and run the vpxd command with either a -p or a -P. If you use the lower case -p it will prompt you for the new database user password. If you use the -P option, right after the P you can put the new password on the command line.
  5. Now you should be able to start back up the vCenter processes.

Now if you need to change the userid, you need to use Regedit and go to :

  • HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VirtualCenter\DB (under My Computer)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware VirtualCenter\DB for 64 bit versions of Windows.

and change #2 to be the new userid.

This is documented in the VMware KB Article : Changing the vCenter database userid and password. But if you don’t pay attention go the run as part, you will spend a lot of time trying to figure it out even if you are logged in as an administrator.

 

If your password expires in Oracle while vCenter is up and running, it appears to continue to work while it is up. But if you reboot the vCenter server or restart the vCenter processes, it will “hang” and never start. They also need to make their error messages a little more detailed as to why it is ‘failing’ to start.