VAMI: Probably shouldn’t use hashtags for the VCSA root password, either.

So, I was updating a 6.7 vSphere via the VAMI (vCenter Server Appliance Management Interface) yesterday and I noted that I had gotten lucky, and today was the the day for the password expiration. Nice! (not). 

If you don’t already know, your vCenter Server Appliance root password should be good, as in- not expired- when you update vCenter. Otherwise, you’ll get a warning that says it’s expired when you start to apply updates. Annoying!

If it’s expired, you have to go back through and reset it via SSH. That’s not so bad. However, if you lock it out, you have to put the VCSA into Single-User mode and reset the password that way. That can turn a 1-hour window into a 3-hour one if you don’t get it right.

So to my story: I was updating the VCSA and it went OK. (FYI I love how fast Photon OS reboots in 6.7. Excellent!) I checked vCenter and I was on the correct version, and I could SSH in, but I could not log in to the VAMI, I kept getting “Unable to log in”, even though I was certain my password was correct- because I could SSH.

I tried restarting the VCSA, nothing. I tried setting the password again via passwd in SSH. Nothing. I even put it into single-user mode and reset it that way. Nothing.

Then I noted that VMware has this article describing my issue pretty closely- except they warn that you that you can’t use a colon in your VCSA root password (:) and an exclamation point/bang (!) might give you problems. I didn’t have either of those in my password.

I did, however, have a pound sign (aka hashtag aka #) in it. When I reset the password, but substituted the # for an @, I was able to log into the VAMI (and everything else). I also used an underscore ( _ ), so that seems to be safe as well. 

I will Tweet this to VMware and have them look- I’m too swamped to test it thoroughly, as much as I’d like to. I hope this helps!