vRealize Log Insight - vRLI · December 23, 2021 0

vRealize Log Insight – How to reset and unlock the local admin password

Unlock Admin Account

  • SSH to your vRLI appliance (primary node if it’s a cluster), as the root user

First, check if the Local user account is locked

# We need to get the Cassandra DB credentials and login

root@VRLI [ ~ ]# /usr/lib/loginsight/application/lib/apache-cassandra-*/bin/credentials-look-up

# The output will look something like this

<cassandra-user value=”lisuper” />
<cassandra-password value=”mozospf0+O” />

# We login with the following command

root@VRLI [ ~ ]# /usr/lib/loginsight/application/lib/apache-cassandra-*/bin/cqlsh -u lisuper -p {password} –cqlshrc=/storage/core/loginsight/cidata/cassandra/config/cqlshrc

Now to get account status to see if it is locked out

  • Status = 1 – Account is active
  • Status = 2 – Account is locked out

# Run the below command to get all the rows from the user table
lisuper@cqlsh:logdb> SELECT *  FROM user;

# the output will look like the following, you will need the id (first column) and  to ensure the status is set to 2

id | api_id | capabilities | data_sets | domain | email | groups | internal | status | type | upn | user_name
————————————–+————————————–+————–+———–+——–+——-+—————————————-+———-+——–+——+—–+———–
47130167-3ccb-4a42-a5a2-58dfe42a25b8 | 022a1972-6d7d-4722-a9a8-92bb48a0cc56 | null | null | | null | {00000000-0000-0000-0000-000000000001} | null | 2 | 0 | | admin
00000000-0000-0000-0000-000000000000 | null | null | null | | | {00000000-0000-0000-0000-000000000001} | True | null | 0 | | System

(2 rows)
lisuper@cqlsh:logdb>

Now to re-enable the account:

# Run the update command and input your users id
lisuper@cqlsh:logdb> UPDATE user SET status=1
… WHERE id=47130167-3ccb-4a42-a5a2-58dfe42a25b8
… ;

# Confirm the user status is now 1
lisuper@cqlsh:logdb> SELECT * FROM user;

id | api_id | capabilities | data_sets | domain | email | groups | internal | status | type | upn | user_name
————————————–+————————————–+————–+———–+——–+——-+—————————————-+———-+——–+——+—–+———–
47130167-3ccb-4a42-a5a2-58dfe42a25b8 | 022a1972-6d7d-4722-a9a8-92bb48a0cc56 | null | null | | null | {00000000-0000-0000-0000-000000000001} | null | 1 | 0 | | admin
00000000-0000-0000-0000-000000000000 | null | null | null | | | {00000000-0000-0000-0000-000000000001} | True | null | 0 | | System

(2 rows)
lisuper@cqlsh:logdb>

Rest Admin Account Password

  • SSH to your vRLI appliance (primary node if it’s a cluster), as the root user
  • Run this script which will output a new password

li-reset-admin-passwd.sh

The script resets the admin user password, generates a new password, and displays it on the screen.