This just hit us and hard. We are running vCenter 5.1 and the default expiration policy is something like 385 days. What we had to do was this:
Go to the section where you control the policies.
Set the maximum age to 0.
Set the minimum number of password before re-use to 1.
Save the policy.
Go to the user account that keeps getting locked out in Users and Groups.
Edit the account and set the password to something that will take but is temporary.
Edit the account again and set the password back to the very first one you had that is used by the VDP appliances and other accounts you are using.
Make sure the account is unlocked.
The account is getting locked because the password has expired and if you change it in SSO but don't change it on the source, then after three attempts, the account is locked. VDP and other applications are trying to login all the time to update their local information, so you will see the account locked pretty quickly if the password doesn't match what VDP thinks it should be.
This should prevent the account from getting locked right away and allow things to proceed. The alternative is to set those policies, create a new account for each of these services with the correct permissions and switch them to use those new accounts. But this can be problematic with VDP if things don't go just right (it might think it is a new registration and you will have to re-enter your backup jobs and stuff).