By default, the vCenter Single Sign-On password expires every 90 days. To prevent unexpected expiration, the vSphere Client issues a warning when the password is about to expire; however, if you find yourself in a situation where you cannot recall the password or the password has expired, it can be reset. The reset process is performed from an SSH session to vCenter.

Reset SSO Administrator Password

To begin, SSH to the vCenter Server Appliance and log in with the root account.

Next, enable BASH shell access and launch BASH.

shell.set –enabled true

shell

With BASH launched, we will run the vdcadmintool to reset the SSO account password.

/usr/lib/vmware-vmdir/bin/vdcadmintool

Select option 3 to Reset account password.

Enter the Account UPN. After hitting enter, a new password is automatically generated.

NOTE – The account format is SSOusername@vsphereDomain.local. Typically, the account is administrator@vsphere.local.

Navigate back to the vSphere Web Client and log in with the newly generated password.

Change SSO Administrator Password

To change the SSO admin password, select Administration from the Navigator menu.

Next, locate the Administrator user from the Single Sign-on Users and Groups. Click the pencil to edit the account properties.

Enter the Current Password and a new password. Confirm the password. Select OK to submit the changes.

The SSO admin password has now been reset and changed. It is also possible to change the password expiration from the default 90 days.

Change SSO Administrator Password Expiration

To set the password lifetime, navigate to the Single Sign-On Configuration under Policies. Select Edit on the Password Policy.

The maximum number of days allowed is 9999. To set the password to never expire, enter 0 in the Maximum Lifetime days. Press Ok to continue.

That’s it!

VMware KB – How to unlock and reset SSO password in vSphere 6.x