VMware Cloud Community
buckmaster
Enthusiast
Enthusiast
‎09-23-2013 11:58 AM

vSphere 5.5 Can NOT change SSO password policy

So I had this issue in beta and RC.  Either it did not get fixed or I'm still doing it wrong.  Everytime I try to change the SSO password policy to 0 which is never expire I get and error.  Basically states an error occurred so not much help.

Read the documentation but I still can not figure it out.

Tom Miller
Preview file
32 KB
0 Kudos
5 Replies
admin
Immortal
Immortal
‎09-23-2013 02:44 PM

We do not currently support setting the password to never expire through vCenter Web client UI, 0 is not valid value and does not set the password to never expire, The workaround is to set the value to a large number such as 9999. Please upload the sso-support bundle if you want the eng/support team to look into this issue further. The sso support bundle can be generated by going to Start->All Programs->VMware and clicking on "Generate vCenter Single Sign On log bundle" link.

buckmaster
Enthusiast
Enthusiast
‎09-23-2013 05:53 PM

Well - I really like the new SSO design.  But... this is different than 5.1 as you could set the password to never expire in 5.1 SSO.  Changing to 9999 instead.

Tom Miller
0 Kudos
samusarun2
Contributor
Contributor
‎01-22-2014 04:16 PM

I understand setting the SSO password policy to a large number like 9999 is the workaround.

So question...

If i am controlling password policy via a group policy within active directory and it is currently set for all users to reset their passwords every 115 days. If I set the password policy to 130 days within SSO, will it inform my AD users to reset their passwords? And if so, is it tracking this within its' own DB? Is there someway to disable this or prevent it from happening?

I'd hate for my users to get their password change notification from AD at 115 days, and then after they change their password, SSO hits them up again 15 days later - see what I mean?

0 Kudos
raog
Expert
Expert
‎01-22-2014 08:54 PM

The password policy applies only to users in the SSO domain (vsphere.local). The AD password policy is separate.

Regards

Girish

To Virtualization and beyond! PS::If you felt the answer as helpful, please mark it as helpful/answered so that it helps other users as well! Blog:: www.virtualtipsntricks.com
0 Kudos
fkckbrown
Contributor
Contributor
‎05-29-2014 11:47 AM

It should be noted that the tool tip for password expiration says, word for word:

Use 0 to indicate that password never expires

While it looks like my mouse is over the Users cannot reuse any previous, my mouse is over the day's field for password.

VC Password Expire TT.png

0 Kudos