Resetting an expired password in vCenter 5.1 Single Sign-On (SSO)

A customer of ours was unable to login to their VMware vCenter 5.1 environment. I researched the environment and concluded that there SSO password was expired.

Error messages in the vSphere webclient: “provided credentials are not valid”. Also the admin@system-domain account was unable to logon, same error message. And I was 100% sure this was the correct password.

I started searching the VMware KB articles and found one that describes how to reset the password. See VMware KB2035864.

Resetting an expired password in vCenter Single Sign-On (SSO) (2035864)

Details

  • vCenter Single Sign-On account (SSO) passwords expire after 365 days, including the password for admin@system-domain.
  • In vSphere 5.1, you see this error on a login attempt with an expired password:
    Web Client: “provided credentials are not valid”
  • In the vsphere_client_virgo.log, you see the error:
    SOAP fault javax.xml.ws.soap.SOAPFaultException: Authentication failed

Solution

vCenter Single Sign-On administrator users can change expired passwords for System-Domain users. Request that an administrator resets your password.

If you are a vCenter Single Sign-On administrator user, use the ssopass command-line tool to reset the password.

On the Windows host running vCenter Single Sign-On:

  1. Open an elevated command prompt and run the command:
    SET JAVA_HOME=C:\Program Files\VMware\Infrastructure\jre
    Note: This is the default path of the JRE folder for vCenter Server 5.1. If vCenter Server has been installed in a custom location, change command accordingly.
  2. Navigate to the ssolscli directory
    c:\>cd C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli
  3. Run the following command:
    ssopass -d https://FQDN_of_SSO_server:7444/lookupservice/sdk username
  4. Type your current password, even if it is expired.
  5. Type the new password, and then type it again to confirm.

Note: If the above steps fail to update the password, see Logging in to the vSphere Web Client using admin@system-domain fails with the error: associated users password is expired (2060150).

From the vCenter Server Appliance (VCSA):

  1. Log in to the vCenter Server Appliance as root.
    Note: The default password is vmware.
  2. Navigate to this directory:
    /usr/lib/vmware-sso/bin
  3. Run this command:
    ./ssopass -d https://FQDN_of_SSO_server:7444/lookupservice/sdk username
  4. Type the current password for the user, even if it is expired.
  5. Type the new password, and then type it again to confirm.

This document helped me to regain access to the VMware vCenter environment. Problem solved.

Related articles:

Disclaimer.
The information in this article is provided “AS IS” with no warranties, and confers no rights. This article does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my opinion.

Marco

Marco works for ViaData as a Senior Technical Consultant. He has over 15 years experience as a system engineer and consultant, specialized in virtualization. VMware VCP4, VCP5-DC & VCP5-DT. VMware vExpert 2013, 2014,2015 & 2016. Microsoft MCSE & MCITP Enterprise Administrator. Veeam VMSP, VMTSP & VMCE.