Hi guys,
How do you change the amount of days in which the vSphere web client (6.0 U2) prompts you that a password will expire in X amount of days?
Many thanks
Aaron
Hello aaroncatt9
By default, vCenter Single Sign-On passwords expire after 90 days. The vSphere Web Client reminds you when your password is about to expire, but there is no specific date on which it will prompt , it will just throw an warning
You can change this Password policy using the below link and set your custom days .
More information
Users in the vsphere.local domain can change their vCenter Single Sign-On passwords from the
vSphere Web Client. Users in other domains change their passwords following the rules for that domain.
You can change a vCenter Single Sign-On password from the vSphere Web Client.
The vCenter Single Sign-On lockout policy determines when your password expires. By default, vCenter
Single Sign-On user passwords expire after 90 days, but administrator passwords such as the password for
administrator@vsphere.local do not expire. vCenter Single Sign-On management interfaces show a warning
when your password is about to expire.
This procedure explains how you can change a password. If your password is expired, the administrator of
the local domain (vsphere.local by default) or another member of the Administrators group for the local
domain can reset the password by using the dir-cli password reset command.
Procedure to rest the Password incase if it expires
1 Log in to the vSphere Web Client using your vCenter Single Sign-On credentials.
2 In the upper navigation pane, to the left of the Help menu, click your user name to pull down the menu.
As an alternative, you can select Administration > Single Sign-On > Users and Groups and select Edit
User from the rightȬbuĴon menu.
3 Select Change Password and type your current password.
4 Type a new password and confirm it.
The password must conform to the password policy.
5 Click OK.
Let me know if you need more information on this , i can help you.
Is there a way to disable or modify when this alert banner pops up? The reason I ask is we are using our AD credentials to login. when those credentials are 30 days from expiring we start getting this banner which is quite annoying. It would be nice to change this to 7 days or something like that.
Advanced vCenter settings
VirtualCenter.VimPasswordExpirationI... (VIM Password Expiration). Do a filter search on 'password' to find it.
Change this value to 3 or something so you won't be reminded it defaults to 30 days, this should fix it.
Yes I know this post is old.. but I searched for this myself.. and I finally found the solution (I think) because it was annoying me.. since I recently upgraded to vCenter 6.5
this doesn't work for me! VCSA 6.5 Build 5973321
KB 1016736 says the VimPasswordExpirationInDays setting controls how often the vpxuser account password gets rotated, so it would seem it doesn't affect the 'password expires' message.
Setting it to 3 days is probably not a good idea...
How to modify the default expiry time for the vpxuser account (1016736) | VMware KB
OK that's true, I thought at first it was working but I see now it's not.
I still want to know HOW to disable the message. It's a domain policy, fine. But WHY is VMWare reporting it every time I login to vCenter, it's quite annoying. Probably can't turn it off per-se this is VMware attempt at full transparency because they ASSUME that since they are tied to Active Directory we want to SEE ALL AD messages pertaining to login, but that is false and it should still be preference.
I login in Windows RDP all day long and none of them complain my password will expire in 30 days, 29 days, 28 days.. they are members of domain, I get a warning at 10 days (which is what I expect) not 30 days out!
You can change this Password policy using the below link and set your custom days .
More information
Users in the vsphere.local domain can change their vCenter Single Sign-On passwords from the
vSphere Web Client. Users in other domains change their passwords following the rule
I see NO custom days, only ability to change Max Lifetime (which is basically only how many days you are REQUIRED to change) not warning.
We want to know how to turn WARNING or notifications off, not change Max Days setting. There doesn't appear to be any way.... but your post is misleading, there is still no solution.
This is configurable as part of the vSphere Web (Flex) / H5 (HTML) Client configuration
Web Client - /etc/vmware/vsphere-client/webclient.properties
H5 Client - /etc/vmware/vsphere-ui/webclient.properties
The default is 30 days
# The number of days before the notification about expiring password appears.
sso.pending.password.expiration.notification.days = 30
You'll probably need to restart the service for the change to take affect
in /etc/vmware/vsphere-ui/webclient.properties set the sso.pending.password.expiration.notification.days = -1
VMware, please just make this an easy option in the GUI to change like most other settings. Thanks.
Yup, this needs to be a GUI setting. We have a ESXi 6 and an ESXi 7 environment and I'd like to change this in both without screwing around with modifying the config files. It would be nice if you could click a hyperlink on the banner itself and have it take you to a setting to change the number of days. I think a better default would be 7 days as well.