vSphere Customization Spec Fails to Set-up Windows Password

Mindwatering Incorporated

Author: Tripp W Black

Created: 01/16 at 06:35 PM

 

Category:
VMWare
vCenter

Issue:
Customization Specification stops working after a vCenter upgrade or the vCenter public keys are updated. Typically, no error is reported for the Task in vCenter, or the vRA deployment, that is returned to the deployment. The VM's local MS Windows administrator account just doesn't get set-up properly.

The vCenter may log an error though, "vCenter Server is unable to decrypt passwords stored in the customization specification".


Cause:
The public key in the specification must match the vCenter public key, or the custom specification just stops working. There is a KB article 2111495 regarding this issue. This bug is evidently an "expected" feature.

This happens with:
- rekeying of the vCenter certificate which, of course, changes the public key
- migrating the spec (exporting and importing) from an old vCenter to a new one, because the new vCenter has a different public key.
- Upgrading the vCenter from one version or dot release to another.
- The VM OS version is too new for the customization spec. A version of vSphere vCenter will support up to a certain version of MS Windows and Linux for customization.
- - For example, Windows 2022 requires vSphere 7.0 or 8.0, and Ubuntu 20.10(e) or 20.04 LTS also requires vSphere 7.0 or 8.0) See the VMware compatibility guide matrix.


Resolution:
1. vSphere Web Client --> Policies and Profiles --> Customization Specification Manager
2. Select the customization specification no longer working, click Edit.
3. Re-enter the password in the Administrator Password field. Save.

3a. If this does not work, delete and re-create the customization specification from scratch.






Other/Old Reasons:
PowerCLI 5.5.0-1295336 and higher, with cloned customization spec (New-OSCustomizationSpec) fails with preferred NonPersistent type, but succeeds if -Type changed to Persistent with a specific OS spec name or GUID.

After MS Windows VM is created from VM template, the cloned VMs take forever to boot up the VM. They pause "forever" on the getting ready screen.
- Possible workarounds:
- - Recreate the customization spec, repeat the clone attempt.
- - The VM hardware is no longer compatible. Look in the MS Windows Device Manager for the yellow exclamation points (!) icons. Common culprit is the "VMware VMCI Device". Remove it, and reinstall VMware Tools.
- - Install the physical to virtual converter agent into the VM, and convert it again to a new VM.



previous page