Solved

ncc health_checks system_checks default_password_check alwasys GREEN

  • 17 July 2019
  • 6 replies
  • 1436 views

Badge +7
Running the checks "CVM using default password", HOST using default password", IPMI using default password", I always get green status even if the CVM, HOSTS and IPMI passwords are the default ones. Why?
icon

Best answer by JeremyJ 27 February 2020, 20:46

View original

This topic has been closed for comments

6 replies

Userlevel 2
Badge +17
How about running the NCC health_checks run_all command to see what we will get from its result?
If you get the same one, consider upgrading to the newer NCC version
Badge +7
Hi
i've upgraded NCC to latest 3.7.1.2 version and I've tried to runn all the checks using
ncc health_checks run_all command
but the result is always green
Userlevel 2
Badge +17
Hi
i've upgraded NCC to latest 3.7.1.2 version and I've tried to runn all the checks using
ncc health_checks run_all command
but the result is always green

Looks strange.
Although you can ignore this check (as you've already known that you are using default password on your site) but this is something like a bug that needs to be escalated to Nutanix engineers.
Could you provide your AOS version, hypervisor version of your cluster?
Badge +7
Thanks. AOS 5.10.5 NCC 3.7.1.2 AHV 20170830.279
Userlevel 3
Badge +4

Hi balma01

Please follow the change default password procedure documented on KB 6153, and then run the following password check again from any CVM.

nutanix@cvm$ ncc health_checks system_checks default_password_check

The alert should not be showed again.

Userlevel 3
Badge +4

Hello balma01, 

If I understand you correctly, you describe you are seeing a false negative. You’re saying the check should give a failure but it does not.

I think there is a misunderstanding here. Based on your description I think this is working as designed.

The outcome of this check is not determined to be critical. If a default password is used the result given is an INFO.

Only a WARN or FAIL result should change the check status from green to something else, yellow for WARN or red for FAIL. An INFO result is intended to show green.
 

If you check the results, you should see an INFO note for components which still have a default password set. The details given from this check also link to the KB 6153 which describes the check and provdes methods for updating the passwords.