VMware Site Recovery Manager Service Account

You are probably wondering what I am talking about because the VMware Site Recovery Manager Service in the Windows Services manager runs as “Local System”.

VMware SRM Service

The service account I am talking about is the one that is used by the SRM service to pair the sites together and to connect to vCenter. This is the account used for Credential Based Authentication.

I stumbled upon this after the VMware Site Recovery Manager service wouldn’t start. I looked in the log file located in the C:\Documents and Settings\All Users\Application Data\VMware\VMware Site Recovery Manager\Logs” directory. I opened the latest vmware-dr-x.log file and found this.

Failed to login to VC:

Unexpected MethodFault (vim.fault.InvalidLogin) {

dynamicType = <unset>,

msg =
“Login failed due to a bad username or password.”

As soon as I saw that in the log file I new what had happened. The admin that had installed SRM had changed his password.

I looked in the “Site Recovery Manager Administration Guide” and found a command line tool called srm-config.exe on page 86. On page 86 there is a section called “Reinitializing credential-based authentication after a user ID or password change“.

I created a new local administrator on both SRM servers named SRMAdmin, gave the account vCenter Administrator permissions and SRM Administrator permissions.

I then ran this command to change the account in SRM.

C:\Program Files\VMware\VMware Site Recovery Manager\bin>srm-config.exe -cmd updateuser -cfg ..\config\vmware-dr.xml -u SRMAdmin

capture1


After I ran this on both SRM servers I was able to start the service.

I then had to reconfigure the connection between the two SRM servers.

There isn’t really any recomendation in the admin guide about a dedicated account for SRM. The only reference to the fact that it even uses an account is on page 34 when it is talking about using Credential Based Authentication and on page 86 in the srm-config.exe section.

VMware should add this to their guide.

6 thoughts on “VMware Site Recovery Manager Service Account

  1. Pingback: Changing ODBC Connections to Site Recovery Manager Database « vblog.matt-taylor.org

  2. Many thanks to you for this post – you have just dug me out of a hole!!
    I too had used my admin credentials for this install, expecting that it was just for connection at the point of install as there was no indication that persistent credentials were needed.
    I’m using SRM 4.1 and had to perform an additional step to register the new credentials in the credentials store:
    VMware\VMware Site Recovery Manager\bin>installcreds -key localhost -u SRMAdmin
    After entering the password and receiving a ‘successful’ confirmation, I was able to issue the srm-config.exe command to change the SRM account and managed to start the SRM service.

    Thanks for bloggin this!

  3. Hello

    In your configuration above, is SRM and vCenter installed on the same machine? I ask because in our environment SRM and vCenter are on separate machines so was wondering how to add a local SRM account to vCenter permissions…..

    Cheers
    gogogo5

  4. If its of any help, we run SRM 4.1 here too and instead of running all the commands you can run a Repair from the Add/Remove Programs in Control Panel and the repair wizard prompts you for the new credentials you wish to use and you also need to input the ODBC DSN credentials again. Worked a treat and the service started!

    Cheers
    gogogo5

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s