Resetting Customization Spec Password after VCenter Upgrade

-
Following a recent upgrade from VCenter 6.5 to 6.7 I ran into an issue with Windows VM deployments using Customization Specifications. The deployments kept failing with the error "The VCenter Server is unable to decrypt passwords stored in the customization specification."

After some research I found out the this occurs because the encryption keys are updated during the VCenter upgrade and the passwords in the Customization Specs can no longer be decrypted. 


Solution

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

To resolve this issue I found out I would have to edit the Customization Spec and enter the passwords on the "Administrator Password" and "Workgroup or domain" tabs.

Re-enter the local Administrator password in the Customization Spec.

Re-enter the password for the Windows Domain account used to add servers to the Domain.

This works well if you only have a few deployments setup but I have to make this update to multiple Customization Specs in multiple Data Centers so this process would be very tedious. Since I am always looking at ways to script these types of tasks I started looking for the PowerCLI commands to accomplish this and it was actually very simple and this is what I have come up with.

Due to the way VCenter handles the encryption of the passwords in the Customization Specs I did have to run the script twice to update the passwords but this saved me hours of manual work.


Comments

  1. AnonymousJune 13, 2022 at 8:46 AM

    Three years later... one would think that VMWare would actually fix upgrade bugs like this. Often times we upgrade a piece of VMWare's solution set (many times as a result of VMWare technical support not doing root cause analysis and instead just referring us to upgrade something to the "latest") , we break something and have to completely rebuild something else, which in turn causes new issues. They field probably the most horrid solution set I've ever seen.

    ReplyDelete

Post a Comment

Popular posts from this blog

Change Password on all Hosts in VCenter

-
A couple of weeks ago I was having a conversation about security hardening my ESXi hosts and how often passwords are changed and of course it's not as often as it should be. Most admins that deal with passwords know the best practice is to change your passwords at least every 90 days and I was looking for an easy way to do that on multiple hosts without having to touch each one. In my lab environment I currently use the same password for all of my hosts so my thought was to write a PowerCLI script that I could use to change the passwords on all the hosts and keep it the same password on all of them. I wrote the script to log into VCenter and get all of the host and then log into each host and reset the password. For me this was a simple way to be more secure even though the password is the same on all hosts. Here I created the script with the "Reset-HostPasswords" function. To execute that function I would then run the command. To make the command easier to us
Read more

Get ESXI Host HBA WWN

-
From time to time I have to send HBA WWN and WWP reports to our Storage Team so they can make sure the right LUNs are mapped to the right hosts. That is can be a really easy task if you have a few servers as you can go into the configuration within the Web Interface for VCenter and get the information needed. If you are in a situation like I usually am though and you have multiple hosts usually in the hundreds to get that information could take quite a while but there are quick and easy PowerCLI commands that can help get that information fast and exported to CSV. This simple script can be used to get a report of WWNs for all hosts withing one VCenter site but can also be narrowed down by cluster or by single host.
Read more