Single Sign-On password Expires by default every 90 day , if you found your self unable to login with SSO Administrator Account or you forget the Login password , it is not possible to manage SSO without SSO administrator. You wouldn’t even be able to promote another user as an SSO Administrator , So you need to rest the password via ssh to vCenter
Note : this method apply for vCenter 6.5 and 6.7
to do that you have to SSH to vCenter and login with root account
if you didn’t enable Bash Shell you need to do so by using below command
shell.set –enabled true
after we granted shell access to vCenter we need to run the vdcadmintool to reset the SSO account password
Select Number 3 Reset account password
this will allow you to reset SSO Administrator password , you will be asked to enter the Account UPN which have format : SSOusername@vsphereDomain.local
after that a new password will be generated
use the new generated password to login to vSphere Client (HTML5) or vSphere Web Client (Flex)
We are going to Change the SSO Administrator Password
i’m going to use vSphere Client (HTML5) with lovely Dark Them 😀
from Menu -> Administration -> Single Sing-On -> User and Groups
chose the “SSODomain.local” them you will find all local account including Administrator account which we are going to Change it’s password
now we rested the SSO Administrator password , you can change the default expiration 90 day
from Menu -> Administration -> Single Sing-On -> Configuration
then chose policies -> password Policy -> Edit
if you chose 0 it will never expire
thanks
vSaiyan 
You must be logged in to post a comment.