ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

Nakivo Backup and Replication - #1 Backup solution for Virtual, physical, cloud, NAS and SaaS

Menu
  • Certification
      • VCP-DCV vSphere 8
          • vcp2024-125.
        • Close
    • Close
  • VMware
    • Configuration Maximums
    • vSphere
      • vSphere 8.0
      • vSphere 7.0
      • vSphere 6.7
      • vSphere 6.5
      • vSphere 6.0
      • Close
    • VMworld
      • VMware EXPLORE 2024
      • VMware EXPLORE 2023
      • VMware EXPLORE 2022
      • VMworld 2019
      • VMworld 2018
      • VMworld 2017
      • VMworld 2016
      • VMworld 2015
      • VMworld 2014
      • VMworld 2013
      • VMworld 2012
      • VMworld 2011
      • Close
    • Close
  • Microsoft
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Close
  • Categories
    • Tips – VMware, Microsoft and General IT tips and definitions, What is this?, How this works?
    • Server Virtualization – VMware ESXi, ESXi Free Hypervizor, VMware vSphere Server Virtualization, VMware Cloud and Datacenter Virtualization
    • Backup – Virtualization Backup Solutions, VMware vSphere Backup and ESXi backup solutions.
    • Desktop Virtualization – Desktop Virtualization, VMware Workstation, VMware Fusion, VMware Horizon View, tips and tutorials
    • How To – ESXi Tutorials, IT and virtualization tutorials, VMware ESXi 4.x, ESXi 5.x and VMware vSphere. VMware Workstation and other IT tutorials.
    • Free – Free virtualization utilities, ESXi Free, Monitoring and free backup utilities for ESXi and Hyper-V. Free IT tools.
    • Videos – VMware Virtualization Videos, VMware ESXi Videos, ESXi 4.x, ESXi 5.x tips and videos.
    • Home Lab
    • Reviews – Virtualization Software and reviews, Disaster and backup recovery software reviews. Virtual infrastructure monitoring software review.
    • Close
  • Partners
    • NAKIVO
    • StarWind
    • Zerto
    • Xorux
    • Close
  • This Web
    • News
    • ESXi Lab
    • About
    • Advertise
    • Archives
    • Disclaimer
    • PDFs and Books
    • Close
  • Free
  • Privacy policy

VCSA 6.5 Password Expires in X days Notification – How to change?

By Vladan SEGET | Last Updated: July 3, 2017

Shares

If you don't change the default VMware vCSA password policy for an administrator within the vSphere.local domain, you will get a notification 30 days before the password expires.

This is not the root password of the VCSA appliance. We wrote how to reset root password for VCSA appliance here. (Post include a detailed video too). This is not either a notification of password expiry for Administrator from Microsoft Active Directory (AD) domain.

Usually, the right way to integrate VMware vCSA (or vCenter server installed on Windows) to an existing Microsoft Active Directory (AD) environment, is to join VCSA to a Microsoft AD and add a new identity source (Microsoft AD) so you can manage the vCenter with your existing corporate environment. We have written a post on it here.

But this is not always the case. There can be vSphere installations which are isolated from production environments, there can be other use cases such training/learning systems which do not use AD at all. In all those cases you'll be using the domain which you'll set up during the VCSA deployment – vSphere.local is the default (but you can perfectly deploy and setup another domain). And in this case you'll be dealing with

But the main point of this post is to get to the place where you can change this setting.

vSphere administrator password

VCSA 6.5 Password Expires in X days Notification – How to change?

Note that you only see the password expiry for the default vSphere.local domain (not your Microsoft AD).

The password for administrator account is managed by vCenter Single Sign-On password policy, which applies only to the vSphere.local (or the one you have setup during the install) domain.

The steps to change the vCenter SSO policy:

Connect to your vCSA appliance Go to Home > Select Single Sign-ON >  Configuration > Policies > Password Policy > Edit.

Change vCenter SSO policy

There you'll get a possibility to edit the existing policy which fixes the password behavior. At the same time, you'll have a possibility to change the password complexity requirements…

vCSA Password requirements and Lockout behavior.

By default, this password must have this following requirement:

  • At least 8 characters
  • At least one lowercase character
  • At least one numeric character
  • At least one special character

The password for this user cannot be more than 20 characters long.

Administrators can change the default password policy.

Change vCenter SSO default policy

vCenter Single Sign-On Lockout Behavior

I think it's worth to note the lockout behavior while we're here. The lockout behavior is basically fixing what happens when you enter your administrator password wrong for 5 times (default). The account is locked out and during this time you can't do anything, just wait….

What's happening is that you have to wait 180 seconds before you can start logging back again. Users are locked out after a preset number of consecutive failed attempts.

By default, users are locked out after five consecutive failed attempts in three minutes and a locked account is unlocked automatically after five minutes. You can change these defaults using the vCenter Single Sign-On lockout policy

You can change these defaults using the vCenter Single Sign-On lockout policy.

Best practices?

  • If you're using the Microsoft AD as an identity source then you'll manage your users/passwords/password lockout policies/restrictions through Microsoft AD.
  • VMware recommends to configure NTP, and also restrict network access by opening only the required ports for vCenter/vCSA in your firewall. (Check the full list of ports through VMware Docs).
  • Create a custom role instead of default administrator – Not all administrator users must have the Administrator role. Instead, create a custom role with the appropriate set of privileges and assign it to other administrators.

You can clone the default admin and then uncheck privileges which you don't want the other administrators can use.

Restricted Administrator

  • Datastore access – Assign the Datastore > Browse Datastore privilege only to users or groups who really need those privileges. Users with the privilege can view, upload, or download files on datastores associated with the vSphere deployment through the Web browser or the vSphere Web Client.

Wrap-up:

To well understand the separation of the default vSphere.local (or the one you have set up during the deployment of VCSA) and the Microsoft AD is essential. Since I had received few questions on this recently, I thought that it was a good way to enforce the knowledge with a blog post.

Worth to note that in case you deploy Platform service component (and SSO) on a separate VM you'll have to change the default policy on the PSC (not on vCSA). For that, just connect to the PSC VM through this url:

https://psc_IP/psc

Well, that's about it. Stay tuned for more.

More from ESX Virtualization

  • How to unlock the VMware VCSA root password?
  • How To Reset ESXi Root Password via Microsoft AD
  • How To Create VMware ESXi ISO With Latest Patches
  • How to reset ESXi 6.x root password and under which conditions
  • How to reset Single Sign-On (SSO) password in vSphere

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)

Shares
5/5 - (1 vote)

| Filed Under: How To, Server Virtualization, Tips Tagged With: VCSA 6.5 Password Expires

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x16, Veeam Vanguard x9, VCAP-DCA/DCD, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.

Private Sponsors

Featured

  • Thinking about HCI? G2, an independent tech solutions peer review platform, has published its Winter 2023 Reports on Hyperconverged Infrastructure (HCI) Solutions.
  • Zerto: One Platform for Disaster Recovery, Backup & Cloud Mobility: Try FREE Hands-On Labs Today!
Click to Become a Sponsor

Most Recent

  • Veeam Backup & Replication 12.3.2 – patch critical vulnerabilities for your dataprotection environments
  • Veeam confirming vSphere 9.0 and ESXi 9 upcoming support
  • Veeam Backup & Replication v13 Beta: A Game-Changer with Linux
  • What is Veeam Data Cloud Vault and how it can help SMBs
  • Nakivo Backup and Replication – Malware Scan Feature
  • Zerto 10 U7 released with VMware NSX 4.2 Support
  • XorMon NG 1.9.0 Infrastructure Monitoring – now also with Veeam Backup Support
  • Heartbeat vs Node Majority StarWind VSAN Failover Strategy
  • Vulnerability in your VMs – VMware Tools Update
  • FREE version of StarWind VSAN vs Trial of Full version

Get new posts by email:

 

 

 

 

Support us on Ko-Fi

 

 

Buy Me a Coffee at ko-fi.com

Sponsors

Free Trials

  • DC Scope for VMware vSphere – optimization, capacity planning, and cost management. Download FREE Trial Here.
  • Augmented Inline Deduplication, Altaro VM Backup v9 For #VMware and #Hyper-V – Grab your copy now download TRIAL.

VMware Engineer Jobs

VMware Engineer Jobs

YouTube

…

Find us on Facebook

ESX Virtualization

…

Copyright © 2025 ·Dynamik-Gen · Genesis Framework · Log in