Here’s an issue that some may run into when using Aria Automation with Identity Manager (IDM) aka Workspace ONE. It’s not often that I need to login to IDM, because after it’s setup and configured, it pretty much just works.
With that said…occasionally I do need to login to IDM, and this time I was checking on a couple of user & group sync settings, and noticed I had an status error (top right) indicating a problem with IDM, which looks like this:

Clicking into the details I found an issue in the User Password Expiration section and I had an error stating:
"Password for user root and sshuser has expired"
Now, just know that the IDM appliance has accounts with a 60-day password expiration period. DM will still continue to function, but root and sshuser will have no connectivity and will affect upgrades/patches and other administrative activites, so I need to fix this.
The catch22 here is that both root and sshuser are expired, so I cannot SSH or login using the console…so that forces me to up the ante for password reset, and boot IDM into single user mode to run the passwd command and first reset root, then I can reset sshuser.
This official Broadcom KB article does a great job at exampling the process, and I’ll add some additional color with my experience and example within this blog post.
There is also additional information in this official KB resetting other admin and configurator passwords using other additional methods.
But, here’s how I resolved my issue.
First, I connected into vCenter, then opened up and remote console, and shut the box down (gracefully).
Now, I need to get into single user mode – to do this, I powered it back up and at the Photon boot screen, hit the “p” button, which pauses the bootloader.

Then I hit the “e” button which then allows access to the GRUB bootloader screen.

From here, using the arrows keys, I moved the cursor to the end of the second row, and added
rw init=bin/bash

I then hit F10 to continue the boot process.
The VM then booted into single user mode and a Bash prompt

To change root password I typed in the following command
passwd root
And then was asked for a new password, and typed it in a second time to confirm

I entered the new root password…NOTE: For security purposes PhotonOS/IDM remembers the last password, so it’s not possible to reuse the original password.
After changing the password, I rebooted the box
reboot -f
And then I let IDM load, and after a few minutes I logged back into the Administrator console. I confirmed the root password was reset, and then I could move onto the sshuser password.

To mange this, now that I had root access back, I could simply SSH and login as root, and run the same passwd command.
passwd sshuser

Once that was complete, I logged back into IDM and verified all was green and good again.

Looks good! And verified the password are rest and expiration is set out 60 days.

There’s more information in this blog about extending the expiration date, in a lab environment of course!
That’s all for this blog! If you learned something or I helped you out in some way, please make a comment and let me know. Thanks!
Leave a Reply