Re: Password expires in X days notification

aaroncatt9 · ‎10-04-2016

Hi guys,

How do you change the amount of days in which the vSphere web client (6.0 U2) prompts you that a password will expire in X amount of days?

Many thanks

Aaron

Nithy07cs055 · ‎10-04-2016

Hello aaroncatt9‌

By default, vCenter Single Sign-On passwords expire after 90 days. The vSphere Web Client reminds you when your password is about to expire, but there is no specific date on which it will prompt , it will just throw an warning

You can change this Password policy using the below link and set your custom days .

https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B9C4409...

More information

Users in the vsphere.local domain can change their vCenter Single Sign-On passwords from the

vSphere Web Client. Users in other domains change their passwords following the rules for that domain.

You can change a vCenter Single Sign-On password from the vSphere Web Client.

The vCenter Single Sign-On lockout policy determines when your password expires. By default, vCenter

Single Sign-On user passwords expire after 90 days, but administrator passwords such as the password for

administrator@vsphere.local do not expire. vCenter Single Sign-On management interfaces show a warning

when your password is about to expire.

This procedure explains how you can change a password. If your password is expired, the administrator of

the local domain (vsphere.local by default) or another member of the Administrators group for the local

domain can reset the password by using the dir-cli password reset command.

Procedure to rest the Password incase if it expires

1 Log in to the vSphere Web Client using your vCenter Single Sign-On credentials.

2 In the upper navigation pane, to the left of the Help menu, click your user name to pull down the menu.

As an alternative, you can select Administration > Single Sign-On > Users and Groups and select Edit

User from the rightȬbuĴon menu.

3 Select Change Password and type your current password.

4 Type a new password and confirm it.

The password must conform to the password policy.

5 Click OK.

Let me know if you need more information on this , i can help you.

Thanks and Regards, Nithyanathan R Please follow my page and Blog for more updates. Blog : https://communities.vmware.com/blogs/Nithyanathan Twitter @Nithy55 Facebook Vmware page : https://www.facebook.com/Virtualizationworld

Jaxsonville · ‎02-16-2017

Is there a way to disable or modify when this alert banner pops up? The reason I ask is we are using our AD credentials to login. when those credentials are 30 days from expiring we start getting this banner which is quite annoying. It would be nice to change this to 7 days or something like that.

RParker · ‎08-11-2017

Advanced vCenter settings

VirtualCenter.VimPasswordExpirationI... (VIM Password Expiration). Do a filter search on 'password' to find it.

Change this value to 3 or something so you won't be reminded it defaults to 30 days, this should fix it.

Yes I know this post is old.. but I searched for this myself.. and I finally found the solution (I think) because it was annoying me.. since I recently upgraded to vCenter 6.5

brunofernandez1 · ‎10-09-2017

this doesn't work for me! VCSA 6.5 Build 5973321

------------------------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards from Switzerland, B. Fernandez http://vpxa.info/

robwesterby · ‎10-23-2017

KB 1016736 says the VimPasswordExpirationInDays setting controls how often the vpxuser account password gets rotated, so it would seem it doesn't affect the 'password expires' message.

Setting it to 3 days is probably not a good idea...

How to modify the default expiry time for the vpxuser account (1016736) | VMware KB

RParker · ‎10-27-2017

OK that's true, I thought at first it was working but I see now it's not.

I still want to know HOW to disable the message. It's a domain policy, fine. But WHY is VMWare reporting it every time I login to vCenter, it's quite annoying. Probably can't turn it off per-se this is VMware attempt at full transparency because they ASSUME that since they are tied to Active Directory we want to SEE ALL AD messages pertaining to login, but that is false and it should still be preference.

I login in Windows RDP all day long and none of them complain my password will expire in 30 days, 29 days, 28 days.. they are members of domain, I get a warning at 10 days (which is what I expect) not 30 days out!

RParker · ‎10-27-2017

You can change this Password policy using the below link and set your custom days .
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B9C4409...
More information
Users in the vsphere.local domain can change their vCenter Single Sign-On passwords from the
vSphere Web Client. Users in other domains change their passwords following the rule

I see NO custom days, only ability to change Max Lifetime (which is basically only how many days you are REQUIRED to change) not warning.

We want to know how to turn WARNING or notifications off, not change Max Days setting. There doesn't appear to be any way.... but your post is misleading, there is still no solution.

gbudziak · ‎11-17-2017

This is configurable as part of the vSphere Web (Flex) / H5 (HTML) Client configuration

Web Client - /etc/vmware/vsphere-client/webclient.properties

H5 Client - /etc/vmware/vsphere-ui/webclient.properties

The default is 30 days

# The number of days before the notification about expiring password appears.

sso.pending.password.expiration.notification.days = 30

You'll probably need to restart the service for the change to take affect

Sanjuro · ‎10-01-2019

in /etc/vmware/vsphere-ui/webclient.properties set the sso.pending.password.expiration.notification.days = -1

jhege5 · ‎07-29-2021

VMware, please just make this an easy option in the GUI to change like most other settings. Thanks.

jtapp · ‎08-20-2021

Yup, this needs to be a GUI setting. We have a ESXi 6 and an ESXi 7 environment and I'd like to change this in both without screwing around with modifying the config files. It would be nice if you could click a hyperlink on the banner itself and have it take you to a setting to change the number of days. I think a better default would be 7 days as well.

All

Password expires in X days notification