| title | description | ms.topic | ms.service | ms.date |
|---|---|---|---|---|
Rotate the cloudadmin credentials for Azure VMware Solution |
Learn how to rotate the vCenter Server credentials for your Azure VMware Solution private cloud. |
how-to |
azure-vmware |
04/11/2022 |
Important
Currently, rotating your NSX-T Manager admin credentials isn't supported. To rotate your NSX-T Manager password, submit a support request. This process might impact running HCX services.
In this article, you'll rotate the cloudadmin credentials (vCenter Server CloudAdmin credentials) for your Azure VMware Solution private cloud. Although the password for this account doesn't expire, you can generate a new one at any time.
Caution
If you use your cloudadmin credentials to connect services to vCenter Server in your private cloud, those connections will stop working once you rotate your password. Those connections will also lock out the cloudadmin account unless you stop those services before rotating the password.
Consider and determine which services connect to vCenter Server as cloudadmin@vsphere.local before you rotate the password. These services may include VMware services such as HCX, vRealize Orchestrator, vRealize Operations Manager, VMware Horizon, or other third-party tools used for monitoring or provisioning.
One way to determine which services authenticate to vCenter Server with the cloudadmin user is to inspect vSphere events using the vSphere Client for your private cloud. After you identify such services, and before rotating the password, you must stop these services. Otherwise, the services won't work after you rotate the password. You'll also experience temporary locks on your vCenter Server CloudAdmin account, as these services continuously attempt to authenticate using a cached version of the old credentials.
Instead of using the cloudadmin user to connect services to vCenter, we recommend individual accounts for each service. For more information about setting up separate accounts for connected services, see Access and Identity Concepts.
-
In your Azure VMware Solution private cloud, select Identity.
-
Select Generate new password.
:::image type="content" source="media/rotate-cloudadmin-credentials/reset-vcenter-credentials-1.png" alt-text="Screenshot showing the vCenter Server credentials and a way to copy them or generate a new password." lightbox="media/rotate-cloudadmin-credentials/reset-vcenter-credentials-1.png":::
-
Select the confirmation checkbox and then select Generate password.
To begin using Azure CLI:
[!INCLUDE azure-cli-prepare-your-environment-no-header]
-
In your Azure VMware Solution private cloud, open an Azure Cloud Shell session.
-
Update your vCenter CloudAdmin credentials. Remember to replace {SubscriptionID}, {ResourceGroup}, and {PrivateCloudName} with your private cloud information.
az resource invoke-action --action rotateVcenterPassword --ids "/subscriptions/{SubscriptionID}/resourceGroups/{ResourceGroup}/providers/Microsoft.AVS/privateClouds/{PrivateCloudName}" --api-version "2020-07-17-preview"
-
Go to the on-premises HCX Connector at https://{ip of the HCX connector appliance}:443 and sign in using the new credentials.
Be sure to use port 443.
-
On the VMware HCX Dashboard, select Site Pairing.
:::image type="content" source="media/tutorial-vmware-hcx/site-pairing-complete.png" alt-text="Screenshot of VMware HCX Dashboard with Site Pairing highlighted.":::
-
Select the correct connection to Azure VMware Solution and select Edit Connection.
-
Provide the new vCenter Server user credentials and select Edit, which saves the credentials. Save should show successful.
Now that you've covered resetting your vCenter Server credentials for Azure VMware Solution, you may want to learn about: