Disable root password expiry on vCenter

From Notes_Wiki
Revision as of 04:04, 26 February 2024 by Saurabh (talk | contribs)

Home > VMWare platform > VMWare vCenter > Disable root password expiry on vCenter

To disable password expiry on vCenter Very important for VxRail / vCF automated environments use:

  1. Login into vCenter via SSH and get access to bash shell by typing 'shell' in appliancesh prompt.
    OR we can open vCenter VM console via vCenter / ESXi host and login with root username and password
  2. Change existing password (if required) via:
    passwd
    If vCenter remembers last 5 passwords and forces you to set new password, you can change password 4-5 times so that finally we can set old password again.
  3. Disable aging of root password via:
    chage -M 9999 root
    chage -l root
  4. If login is not working try to reset failed login count via:
    pam_tally2 -u root -r


We can also disable password expiry via options in https://<ip-or-fqdn>:5480/ appliance management interface. But this should be done before password expiry. After password is expired we may only have option of using console to reset password.


Disable other vsphere.local user password expiry

By default not only root but any other local users that we create in vCenter for administration purposes (Eg for integrating with backup tools), have a default password expiry of 90 days. Due to this except administrator@vsphere.local all other local user in SSO domain also face password expiry. To disable this use:

  1. Login into vCenter Web UI
  2. Go to Home -> Administration. Then go to Single Sign On -> Configuration.
  3. Click the Local Accounts tab.
  4. Click Edit for the Password Policy row.
  5. Change the maximum lifetime to 9999 or 0 to effectively disable the password expiry for other @vsphere.local users.

Refer:



Home > VMWare platform > VMWare vCenter > Disable root password expiry on vCenter