Skip to content

VMware SSO Passwords

by on July 12, 2013

NOTE: The password used for admin@system-domain at installation time for VMware Single Sign On (SSO) is the Master password. Changing the password for this account does not change the Master password. Please be sure to record this Master password in the event it is needed for future use as it cannot be changed. One example of where this password will be requested is during the procedure for resetting a SSO admin account that is locked out from too many retries.

VMware SSO user passwords expire after 365 days

The default password policy for SSO users is for the password to expire after 365 days, including the admin@System-Domain user. The password policy can be edited to increase or decrease this value by days. See KB 2033823, Configuring and troubleshooting vCenter Single Sign On password and lockout policies for accounts. This article contains a breakout of the policies in place for SSO accounts.

However, if the password expires, the procedure to reset the password is below.

KB 2035864, Resetting an expired password in VMware Single Sign On (SSO), provides the command line procedure for changing the passwords. The procedure requires the old password even if expired for the reset.

The KB article provides the procedure for both Windows based and appliance vCenter Servers.
For Windows based vCenter:
Open a command prompt and navigate to this directory:

C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli

Run the following command:

Type your current password, even if it is expired.
Type the new password, and then type it again to confirm.

Unlocking a SSO admin account

The default configuration for SSO admin accounts is 3 login attempts. After the third the account is locked out.
To reset the account, follow KB 2034608, Unlocking and resetting the vCenter Single Sign On (SSO) administrator password.

The KB article presents several procedures including the reset procedure for the vCenter Appliance.

1. Wait 15 minutes as the default account lockout policy is set to unlock after 15 minutes.
2. If already logged into SSO as an admin with another session you can unlock the account by navigating to the users screen by selecting Home, Administration, SSO Users and Groups and right click on the account and select Unlock.
3. Resetting the admin password automatically unlocks the account. Follow
To reset the SSO administrator password on a Windows server:

Note: Resetting the password will also unlock the administrator account.
Login as an administrator to the vCenter SSO server.
Click Start > Run, type cmd, and click OK. The Command Prompt window opens.
Navigate to the directory SSOInstallDirectory\utils. By default, the installation directory is C:\Program Files\VMware\Infrastructure\SSOServer\utils.
Run this command:

rsautil reset-admin-password

Enter the master password when prompted.

Note: This is the password selected for the SSO administrator during the SSO installation. If you have changed your SSO administrator password later, the master password is still the original one chosen.

Enter the SSO administrator name for which you want to reset the password. For example, admin.
Enter the new password for the user and then confirm it a second time.

You should see the message Password reset successfully.

From → Uncategorized

Comments are closed.

%d bloggers like this: