Password Operation Failed to Change the SSO password on an external PSC in VCF 3.11

Recently I came across an issue trying to change the SSO account (administrator@vsphere.local) password from the SDDC Manager using the Rotate password option under Security in VCF 3.11

I tried to Rotate the SSO password using the SDDC Manager, and got the following error:

However, Interesting thing is the sddc manager did change the SSO password in the backend

However, to check on this error, I dug a little deeper and saw the following error in the password rotate task:

I used the following command to check the operationsmanager.log to check the log in SDDC Manager

less /var/log/vmware/vcf/operationsmanager/operationsmanager.log

The log also shows that the sddc manager is trying to change the sso credential (administrator@vsphere.local) on VRA endpoints

I had to open a VMware Support ticket and here is the answer I received:

“As per the Engineering team this issue is due to a misconfiguration of vRA endpoints. SDDC Manager is trying to change the administrator@vsphere.local on the VRA endpoints but VRA endpoints are configured with a different user (vcf-secured-user@vsphere.local).  This issue is addressed in VCF 4.x”

What the VMware Engineering team is saying is that in VCF 3.10.x, 3.11 there is an issue with VRA as it is typically configured using a different tenant admin instead of using administrator@vsphere.local user to configure the endpoints in it. However, the SDDC manager is trying to change the administrator@vsphere.local credential on VRA endpoints. Hence this issue. Looks like this issue has been fixed in VCF 4.x

This resolves the issue at this time as we will be working to upgrade our VCF to 4.x soon.


Install & Configure Skyline Collector 3.1 in VCF 3.11

Here are steps to Install and Configure Skyline Collector 3.1 in VCF 3.11 Environment

NOTE: Some of the Content Might be Pixelated or the Data is Changed to Protect Existing Environments at my Organization

First you will have to download the skyline ova from VMware portal, the current filename as of this post is Skyline-Appliance-

Deploy the OVA file in the vcenter server

This concludes the deployment of the skyline appliance

Next we go to the skyline appliance Web UI at https://skyline_hostname_fqdn

Login using the default user admin and you will need to configure the skyline collector as below:

You can check the option “Hostname Verification”to make sure that https connection is enabled to the collector

Make sure you provide the correct Collector Registration Token available at VMware Cloud Console

Provide a Friendly Name for the Collector, This will be displayed in the VMware Cloud Console

In this window you can opt in so that the appliance auto-upgrades itself at a set day or time.

Next, you can configure the vcenter, nsx-v/nsx-t, horizon view, vrops, vcf (sddc manager) and vrslcm components with their hostname and credentials.

This is the final step after configuring the required components and finally we click finish.

with this we complete the deployment and configuration of VMware Skyline Collector version 3.1

At the time of this writing the Skyline Collector Version is 3.2