vCSA 6.5 High Availability Configuration Error
Recently I have been experimenting with configuring the built-in vCSA 6.5 HA functionality. Upon reading the documentation found here. I set about the task of configuring a basic HA deployment.
The error I saw upon completing the wizard was:
“A general system error occured: Failed to run pre-setup”.
Unfortunately, there wasn’t much to go on in the vCenter logs via the web GUI so it was time to SSH into the vCSA and go digging around for some logs with a little more information. After a brief meander, I found the following log
|
1 |
/var/log/vmware/vcha/prepare-vcha.log |
The interesting contents of the log were spat out as follows:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
2017-12-20T10:32:12.615Z INFO prepare-vcha *** START: Vcha pre-setup *** 2017-12-20T10:32:12.615Z INFO prepare-vcha embedded DB Type can be vcha enabled. 2017-12-20T10:32:12.623Z INFO prepare-vcha Found Eth1 interface with IP 10.67.1.1/24 2017-12-20T10:32:12.789Z INFO prepare-vcha Completed Vcha Network config saved to vchaeth.cfg. 2017-12-20T10:32:12.790Z INFO prepare-vcha vcha.aware file created 2017-12-20T10:32:12.790Z INFO prepare-vcha Opening firewall ports for VCHA... 2017-12-20T10:32:12.790Z INFO prepare-vcha Reloading firewall... 2017-12-20T10:32:13.678Z INFO prepare-vcha Saving clean pg_hba.conf... 2017-12-20T10:32:13.679Z INFO prepare-vcha Saving clean pg-firewall.. 2017-12-20T10:32:13.679Z INFO prepare-vcha Completed setup of firewall for vcha. 2017-12-20T10:32:13.679Z INFO prepare-vcha Installing the vcha-hacheck boot script... 2017-12-20T10:32:14.451Z INFO prepare-vcha Setting interface eth0 to manual mode... 2017-12-20T10:32:14.454Z INFO prepare-vcha Completed updating /etc/systemd/network/10-eth0.network to manual 2017-12-20T10:32:14.454Z INFO prepare-vcha Successfully set interface eth0 to manual mode. 2017-12-20T10:32:14.506Z ERROR prepare-vcha Failed to create vcha user, stderr: You are required to change your password immediately (root enforced) useradd: PAM: Authentication token is no longer valid; new one required code: 1 |
Looking at the log, it seemed that insufficient privileges were given to the user trying to create vcha user (root!). I then remembered the recent issues that VMware have had with Photon and root passwords expiring after 365 days. I logged into the VAMI for the vCSA and tried to reset the password but I was given an error.
The fix, in this case, was to simply reset the root password of the user via the bash shell.
|
1 2 3 |
passwd root **new password** **new password** |
At this point I was able to login with the new password and then login to the VAMI and set the root password to never expire. You can also do it via the command line using the “chage” command on the root user.
After restarting the deployment the pre-checks ran successfully and the configuration continued!
Hopefully this might help someone who is trying to do something similar!
Had the same problem and now it works fine. Thanks for this!
thanks alot. it worked for me.
Great write up. Solved the problem. Who would have thought. Thanks!!
Thanks Ryan. You saved us a lot of time.