<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: vCenter keeps locking accounts in VMware vCenter™ Discussions</title>
    <link>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686554#M36924</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hey shawn,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I marked your answer as helpful, because somehow I did it in a hurry, but in a different way. I had to use an LDAP browser in order to fix those parameters for vdp account, and it did work, but I'm pretty sure your procedure could work also.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Mon, 26 May 2014 19:58:25 GMT</pubDate>
    <dc:creator>bhbarbosa</dc:creator>
    <dc:date>2014-05-26T19:58:25Z</dc:date>
    <item>
      <title>vCenter keeps locking accounts</title>
      <link>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686549#M36919</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello everyone!&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I need some troubleshooting for this issue I'm having. Environment is vCenter Server Appliance Version 5.5.0 Build 1588022. The problem is vCenter keeps locking out both my vdp and vcops SSO accounts (vdp@vsphere.local and vcops@vsphere.local). I proceeded logging on vSphere Web Client with SSO Admin account (administrator@vsphere.local) and went to Administration &amp;gt; Single Sign On &amp;gt; Users and Groups and noticed vdp account was locked. Then I unlocked it, but in the sudden of a refresh page, it became locked out again. I changed the password for this account, disabled it, then re-enabled it again. Whenever I unlock, vCenter keeps unlocking it. I tailed my vCenter appliance's /var/log/messages, till I found every second vmdird keeps locking those accounts:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:18+00:00 vcsa01 vmdird: t@140575374509824: LoginBlocked DN (cn=vcops,cn=users,dc=vsphere,dc=local), error (9239)(Account access blocked)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:22+00:00 vcsa01 vmdird: t@140575349331712: Lockout policy check - account lockout. (cn=vdp,cn=users,dc=vsphere,dc=local)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:23+00:00 vcsa01 vmdird: t@140575374509824: LoginBlocked DN (cn=vcops,cn=users,dc=vsphere,dc=local), error (9239)(Account access blocked)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:26+00:00 vcsa01 vmdird: t@140575349331712: Lockout policy check - account lockout. (cn=vdp,cn=users,dc=vsphere,dc=local)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:27+00:00 vcsa01 vmdird: t@140575374509824: Lockout policy check - account lockout. (cn=vdp,cn=users,dc=vsphere,dc=local)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:29+00:00 vcsa01 vmdird: t@140575349331712: Lockout policy check - account lockout. (cn=vdp,cn=users,dc=vsphere,dc=local)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:31+00:00 vcsa01 vmdird: t@140575374509824: Lockout policy check - account lockout. (cn=vdp,cn=users,dc=vsphere,dc=local)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:32+00:00 vcsa01 vmdird: t@140575349331712: LoginBlocked DN (cn=vcops,cn=users,dc=vsphere,dc=local), error (9239)(Account access blocked)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:35+00:00 vcsa01 vmdird: t@140575349331712: Lockout policy check - account lockout. (cn=vdp,cn=users,dc=vsphere,dc=local)&lt;/P&gt;&lt;P&gt;2014-05-05T17:07:35+00:00 vcsa01 vmdird: t@140575374509824: Lockout policy check - account lockout. (cn=vdp,cn=users,dc=vsphere,dc=local)&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Any tips on this?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thank you!&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 05 May 2014 17:10:47 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686549#M36919</guid>
      <dc:creator>bhbarbosa</dc:creator>
      <dc:date>2014-05-05T17:10:47Z</dc:date>
    </item>
    <item>
      <title>Re: vCenter keeps locking accounts</title>
      <link>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686550#M36920</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;check your account lockout policies settings in SSO config, for more info see:&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;A href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;amp;cmd=displayKC&amp;amp;externalId=2033823" title="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;amp;cmd=displayKC&amp;amp;externalId=2033823"&gt;VMware KB: Configuring and troubleshooting vCenter Single Sign On password and lockout policies for accounts&amp;nbsp;&amp;nbsp; &lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt; &lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;also have a look at this KB:&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;A href="http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&amp;amp;docType=kc&amp;amp;externalId=2001703&amp;amp;sliceId=1&amp;amp;docTypeID=DT_KB_1_1&amp;amp;dialogID=277598511&amp;amp;stateId=0" title="http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&amp;amp;docType=kc&amp;amp;externalId=2001703&amp;amp;sliceId=1&amp;amp;docTypeID=DT_KB_1_1&amp;amp;dialogID=277598511&amp;amp;stateId=0"&gt;VMware KB: Active Directory account locks out due to repeated failed login attempts from vCenter Server&amp;nbsp;&amp;nbsp; &lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt; &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Regards,&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;P.&lt;/SPAN&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 05 May 2014 19:41:22 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686550#M36920</guid>
      <dc:creator>vNEX</dc:creator>
      <dc:date>2014-05-05T19:41:22Z</dc:date>
    </item>
    <item>
      <title>Re: vCenter keeps locking accounts</title>
      <link>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686551#M36921</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I checked those policies and didn't see anything different from default, yet I changed it by now, but the problem still persists.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The second KB doesn't apply for me.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks, anyway.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 06 May 2014 12:05:29 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686551#M36921</guid>
      <dc:creator>bhbarbosa</dc:creator>
      <dc:date>2014-05-06T12:05:29Z</dc:date>
    </item>
    <item>
      <title>Re: vCenter keeps locking accounts</title>
      <link>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686552#M36922</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;This just hit us and hard.&amp;nbsp; We are running vCenter 5.1 and the default expiration policy is something like 385 days.&amp;nbsp; What we had to do was this:&lt;/P&gt;&lt;P&gt;Go to the section where you control the policies. &lt;/P&gt;&lt;P&gt;Set the maximum age to 0.&lt;/P&gt;&lt;P&gt;Set the minimum number of password before re-use to 1.&lt;/P&gt;&lt;P&gt;Save the policy.&lt;/P&gt;&lt;P&gt;Go to the user account that keeps getting locked out in Users and Groups.&lt;/P&gt;&lt;P&gt;Edit the account and set the password to something that will take but is temporary. &lt;/P&gt;&lt;P&gt;Edit the account again and set the password back to the very first one you had that is used by the VDP appliances and other accounts you are using. &lt;/P&gt;&lt;P&gt;Make sure the account is unlocked.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The account is getting locked because the password has expired and if you change it in SSO but don't change it on the source, then after three attempts, the account is locked.&amp;nbsp; VDP and other applications are trying to login all the time to update their local information, so you will see the account locked pretty quickly if the password doesn't match what VDP thinks it should be. &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;This should prevent the account from getting locked right away and allow things to proceed.&amp;nbsp; The alternative is to set those policies, create a new account for each of these services with the correct permissions and switch them to use those new accounts.&amp;nbsp; But this can be problematic with VDP if things don't go just right (it might think it is a new registration and you will have to re-enter your backup jobs and stuff).&amp;nbsp; &lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 23 May 2014 15:47:53 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686552#M36922</guid>
      <dc:creator>shawnrhode</dc:creator>
      <dc:date>2014-05-23T15:47:53Z</dc:date>
    </item>
    <item>
      <title>Re: vCenter keeps locking accounts</title>
      <link>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686553#M36923</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Please look and follows the steps:&lt;/P&gt;&lt;P&gt;&lt;A href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;amp;cmd=displayKC&amp;amp;externalId=2034608" title="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;amp;cmd=displayKC&amp;amp;externalId=2034608"&gt;VMware KB: Unlocking and resetting the vCenter Single Sign-On administrator password &lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;A href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;amp;cmd=displayKC&amp;amp;externalId=2033823" title="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;amp;cmd=displayKC&amp;amp;externalId=2033823"&gt;VMware KB: Configuring and troubleshooting vCenter Single Sign On password and lockout policies for accounts &lt;/A&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Sat, 24 May 2014 09:25:50 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686553#M36923</guid>
      <dc:creator>DanielOprea</dc:creator>
      <dc:date>2014-05-24T09:25:50Z</dc:date>
    </item>
    <item>
      <title>Re: vCenter keeps locking accounts</title>
      <link>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686554#M36924</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hey shawn,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I marked your answer as helpful, because somehow I did it in a hurry, but in a different way. I had to use an LDAP browser in order to fix those parameters for vdp account, and it did work, but I'm pretty sure your procedure could work also.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Thanks.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 26 May 2014 19:58:25 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-vCenter-Discussions/vCenter-keeps-locking-accounts/m-p/2686554#M36924</guid>
      <dc:creator>bhbarbosa</dc:creator>
      <dc:date>2014-05-26T19:58:25Z</dc:date>
    </item>
  </channel>
</rss>

