We recommend, on a regular cadence, that you rotate secrets that are contained in the switches, HLH, and iDRACs, for example, passwords, certificates, or string keys. At the end of the deployment period, Dell Technologies assists the operator, if required, to set up accounts and remove any well-known user names and passwords.
For more information about guidance on secrets in use and how to use the available tools, see Rotate secrets in Azure Stack Hub on the Microsoft website.
The following table lists the supported Azure Stack Hub rotation matrix.
Table 39. Microsoft Azure Stack Hub supported rotation
Certificate installed |
Rotate certificate to |
Supported |
Azure Stack Hub release |
Self-Signed |
Enterprise |
Not supported |
N/A |
Self-Signed |
Public |
Supported |
1803 and later |
Self-Signed |
Self-Signed |
Not supported |
N/A |
Enterprise |
Public |
Supported |
1803 and later |
Enterprise |
Self-Signed |
Not supported |
N/A |
Enterprise |
Enterprise |
This is supported in 1803 if customers use the same enterprise CA that is used at deployment |
1803 and later |
Public |
Self-Signed |
Not supported |
N/A |
Public |
Enterprise |
Not Supported |
N/A |
Public |
Public |
Supported |
1803 and later |
Important: We do not recommend using well-known user names such as ADMIN, admin, root, Administrator, USERID, and so on, or weak passwords, such as Password, Password1!, P@ssW0rd, Welcome, 1234567, Winter10, Calvin, and so on.
By default, Windows Server 2019 account passwords on the HLH host, Management VM, and OpenManage Network Manager VM are set to expire after 30 days. This default includes the Administrator accounts and any other operator accounts that are created during deployment. These operating system account passwords can be changed through the system settings in Windows Server 2019.
If the passwords are allowed to expire, then you must open a console session to perform a reset; RDP connections are unable to connect if the password has expired. For the Management VM and OpenManage Network Manager VM, you can open the console session from the Hyper-V manager on the HLH host. For the HLH host, you must use a physical console or iDRAC virtual console.
Note: We recommend that you create strong passwords that include at least one each of uppercase and lowercase letters, numerals, and special characters.
Caution: Due to limitations in OpenManage Network Manager, the switch passwords for admin, admin user, SSH, and SNMP group should only include ! (exclamation mark) as the special character. For more information about passwords and user ID requirements, see the Dell EMC Integrated System for Microsoft Azure Stack Hub Deployment Planning Guide.