Tampered Keystore vSphere Replication 8.x

This is a common issue and happens when we get a certain combination of vCenter 6.5 and most notably vSphere Replication 8.1.0.

To resolve the issue follow the steps in this article. However there is a twist.

The twist is the old password will actually be ‘vmware’ for step 3 and 4 and it will be the old password from command one on step 8

sed -i — ‘s/old_password/new_password/g’ /var/opt/apache-tomcat/conf/server.xml

reboot a few times and ensure you can search the inventory with the fqdn. Adjust the hostname to match.

https://docs.vmware.com/en/vSphere-Replication/8.1/com.vmware.vsphere.replication-admin.doc/GUID-0481E271-A990-427E-AFE0-7345EB7B489E.html

To change the password for the hms-keystore.jks keystore, open the remote console of your vSphere Replication virtual machine and log in as root.
Obtain the current keystore password.
# /opt/vmware/hms/bin/hms-configtool -cmd list | grep keystore
Example of the output hms-keystore-password = old_password
Change the keystore password.
# /usr/java/default/bin/keytool -storepasswd -storepass old_password -new new_password -keystore /opt/vmware/hms/security/hms-keystore.jks
Change the vSphere Replication appliance private key password.
The following command is a long, single command and must be run at once. There are breaks in the command for better visibility. Verify that the command returns a success message.
# /usr/java/default/bin/keytool -keypasswd -alias jetty -keypass
old_password -new new_password -storepass new_password -keystore
/opt/vmware/hms/security/hms-keystore.jks
Update the configuration with the new password.
/opt/vmware/hms/bin/hms-configtool -cmd reconfig -property ‘hms-keystore-password=new_password’
Update the tomcat server.xml file with the new password.
sed -i — ‘s/old_password/new_password/g’ /var/opt/apache-tomcat/conf/server.xml
Reboot the appliance for the changes to take effect.
# reboot
Use a supported browser to log in to the vSphere Replication VAMI.
The URL for the VAMI is https:// vr-appliance-address:5480.
On the VR tab, click Configuration, and click Save and Restart Service.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s