Tampered Keystore vSphere Replication 8.x
This is a common issue and happens when we get a certain combination of vCenter 6.5 and most notably vSphere Replication 8.1.0.
To resolve the issue follow the steps in this article. However there is a twist.
The twist is the old password will actually be ‘vmware’ for step 3 and 4 and it will be the old password from command one on step 8
sed -i — ‘s/old_password/new_password/g’ /var/opt/apache-tomcat/conf/server.xml
reboot a few times and ensure you can search the inventory with the fqdn. Adjust the hostname to match.
To change the password for the hms-keystore.jks keystore, open the remote console of your vSphere Replication virtual machine and log in as root.
Obtain the current keystore password.
# /opt/vmware/hms/bin/hms-configtool -cmd list | grep keystore
Example of the output hms-keystore-password = old_password
Change the keystore password.
# /usr/java/default/bin/keytool -storepasswd -storepass old_password -new new_password -keystore /opt/vmware/hms/security/hms-keystore.jks
Change the vSphere Replication appliance private key password.
The following command is a long, single command and must be run at once. There are breaks in the command for better visibility. Verify that the command returns a success message.
# /usr/java/default/bin/keytool -keypasswd -alias jetty -keypass
old_password -new new_password -storepass new_password -keystore
/opt/vmware/hms/security/hms-keystore.jks
Update the configuration with the new password.
/opt/vmware/hms/bin/hms-configtool -cmd reconfig -property ‘hms-keystore-password=new_password’
Update the tomcat server.xml file with the new password.
sed -i — ‘s/old_password/new_password/g’ /var/opt/apache-tomcat/conf/server.xml
Reboot the appliance for the changes to take effect.
# reboot
Use a supported browser to log in to the vSphere Replication VAMI.
The URL for the VAMI is https:// vr-appliance-address:5480.
On the VR tab, click Configuration, and click Save and Restart Service.
Categories
paulsbestscriptlets 