VCF SDDC Manager UI stuck at initializing

VCF SDDC Manager is stuck at initializing, the root cause often lies with expired passwords or misconfigured credentials.

Step 1: Resolve Expired vCenter Root Password

1. Change the vCenter Root Password

   • If the vCenter root password has expired, temporarily change it to a new password and then revert it back to the original password (e.g., VMware1!).

2. Modify Password Policies

   • SSH into the vCenter and edit the /etc/security/pwquality.conf file to allow the original password to be reused:

     ssh <vCenter-IP>
     vi /etc/security/pwquality.conf

     Update the following:

     dictcheck = 0
     enforcing = 0  # Remove the `#` if it’s commented

   • Save and exit the file.

3. Change Password via CLI

   • Use the passwd command to update the password back to the original.

4. Optional: Revert the changes in pwquality.conf to their defaults after the password is updated.

5. Reboot the vCenter

   • Ensure the changes take effect by rebooting the vCenter.

Step 2: Update SDDC Manager with New vCenter Root Password

After resolving the vCenter password issue, update the SDDC Manager database:

1. SSH into SDDC Manager

   • Use the root user to log in.

2. Generate Authentication Token

   • Run the following command to generate a token:

     TOKEN=$(curl -d '{"username" : "administrator@vsphere.local", "password" : "VMware1!"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')

3. Retrieve Credential ID

   • Run this command to get the credential ID for vCenter:

     curl -X GET 'http://127.0.0.1/v1/system/credentials?entityType=VCENTER&credentialType=SSH' -H 'Content-Type: application/json' -H "Authorization: Bearer $TOKEN"

   • Copy the value of the id field (not the entityId).

4. Update Password

   • Replace <id> and <new-password> in the following command with the retrieved credential ID and new vCenter root password:

     curl -X PUT 'http://127.0.0.1/v1/system/credentials/<id>' -d '{"password": "<new-password>"}' -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" | json_pp

5. Reboot SDDC Manager

   • Restart the SDDC Manager to apply the changes.

Step 3: Reconfigure Expired Service Account Password

If the service account svc-sa-sddc-mgr-sa-vcsa-mgmt@vsphere.local has an expired password, re-add it to the vCenter:

1. Retrieve Service Account Password

   • SSH into the SDDC Manager and generate a token:

     TOKEN=$(curl -d '{"username" : "administrator@vsphere.local", "password" : "VMware1!"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')

   • Retrieve the service accounts:

     curl -k -X GET -H "Authorization: Bearer $TOKEN" --insecure 'https://127.0.0.1/v1/system/credentials/service' | json_pp | less

   • Locate the svc-sa-sddc-mgr-sa-vcsa-mgmt@vsphere.local account and copy its secret value (password).

2. Update the Service Account in vCenter

   • Go to Administration > Single Sign-On > Users and Groups.

   • Select vsphere.local, find the user svc-sa-sddc-mgr-sa-vcsa-mgmt@vsphere.local, and edit the account.

   • Paste the password retrieved in the previous step and save.

3. Update Password Policy

   • Navigate to Administration > Single Sign-On > Configuration > Local Accounts.

   • Edit the password expiration policy to 150 days (optional, can edit it to any number of days).

4. Reboot SDDC Manager

Additional Notes

• If issues persist, reboot the vCenter alongside the SDDC Manager.

• If the root user or vcf account passwords for SDDC Manager do not work, reset them following this guide: Reset SDDC Manager Passwords.

By carefully following these steps, you should be able to resolve the initialization issue with the SDDC Manager and restore its functionality.