Resetting Customization Spec Password after VCenter Upgrade

Following a recent upgrade from VCenter 6.5 to 6.7 I ran into an issue with Windows VM deployments using Customization Specifications. The deployments kept failing with the error "The VCenter Server is unable to decrypt passwords stored in the customization specification."

After some research I found out the this occurs because the encryption keys are updated during the VCenter upgrade and the passwords in the Customization Specs can no longer be decrypted. 



To resolve this issue I found out I would have to edit the Customization Spec and enter the passwords on the "Administrator Password" and "Workgroup or domain" tabs.

Re-enter the local Administrator password in the Customization Spec.

Re-enter the password for the Windows Domain account used to add servers to the Domain.

This works well if you only have a few deployments setup but I have to make this update to multiple Customization Specs in multiple Data Centers so this process would be very tedious. Since I am always looking at ways to script these types of tasks I started looking for the PowerCLI commands to accomplish this and it was actually very simple and this is what I have come up with.

Due to the way VCenter handles the encryption of the passwords in the Customization Specs I did have to run the script twice to update the passwords but this saved me hours of manual work.


  1. Three years later... one would think that VMWare would actually fix upgrade bugs like this. Often times we upgrade a piece of VMWare's solution set (many times as a result of VMWare technical support not doing root cause analysis and instead just referring us to upgrade something to the "latest") , we break something and have to completely rebuild something else, which in turn causes new issues. They field probably the most horrid solution set I've ever seen.


Post a Comment

Popular posts from this blog

Change Password on all Hosts in VCenter