VMware Cloud Community
phetertheo
Contributor
Contributor

Password expiration notification using email for "administrator@vsphere.local"

Hi Teams,

How we can get an email notification vCenter Server of "administrator@vsphere.local" password expiration notification via email? I have set and email address on the 'administrator@vsphere.local' but not getting mail notification.It's only notification on VC bar once i'm login.

pastedImage_2.png

Mail notification only working for OS "root".

Reply
0 Kudos
8 Replies
KocPawel
Hot Shot
Hot Shot

I am not 100% sure but I think it looks like that:

By default, vCenter SSO users password expire after 90 days, but administrator passwords such as the password for administrator@vsphere.local do not expire.

Reply
0 Kudos
phetertheo
Contributor
Contributor

Hi Koc

I know the setting is 90 days and administrator@vsphere.local not expired.

How about if i create a new local user something like "used01@vsphere.local".

I have test and it's expired, my question how I enable the notification via email instead of pop-up in the top bar once this id log-in.

Reply
0 Kudos
KocPawel
Hot Shot
Hot Shot

Now I understand but unfortunately I don't know how do it Smiley Happy.

When you create local users, they have email value. Did you try to fill in this value, configure SMTP Server on vCenter and catch some event by vCenter Alarm or SNMP trap?

If it is possible to catch such event by SNMP, you could send email notification by external system.

Unfortunately, I don't have possibilities to test it Smiley Sad

Reply
0 Kudos
sk591
Enthusiast
Enthusiast

I do not think this is possible for the vCenter SSO users. However, you can still reset the password expiration settings to a longer period to avoid expirations.

Reply
0 Kudos
phetertheo
Contributor
Contributor

Hi Koc

I did input the email address but nothing email to me 30 days before the password expired. Out VC was configured mail relay to our smtp.

Reply
0 Kudos
Lapsap201110141
Enthusiast
Enthusiast

We are now 2023.  But it seems this function is still not available, is that it?

What's unimaginable is that the root account has such function as stated in this article:

https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-configuration/GUID-C63C82F1-D430-4710-...

So it's clear that 90% of the code has already been written.  All that is missing is to "link" this part to the other local users.

Come on!  We have paid a lot of money on ESXi licenses and vCenter licenses.  Don't tell me we can't have this small function.

FredrikGilljam
Contributor
Contributor

Having the same issue, having a few vsphere.local users that we would like to get notifications to email that the password is about to expire.

It's possible to do it with a powershell script using Get-VIAccount and Get-SsoPersonUser.
But that "login" requires the service account that runs in to be in the local Administrator group and  that is not for sure the best way to do it. 
Have been looking with vlog and aria operations for solutions for this as well and does not seems to find anything. 😞

Reply
0 Kudos
lamw
Community Manager
Community Manager

You can automate this by using a mix of dir-cli and Guest Operations API (so there's no need for SSH) and allows for remotely connecting using vSphere API and taking advantage of the GuestOps https://williamlam.com/2021/06/quick-tip-how-to-check-password-expiry-for-a-specific-vsphere-sso-use... and then you can fetch this property periodically and based on your preferences, send an email. 

You can even combine this with an Event-Driven approach using VEBA and a cron job (schedule task) is a type of an event https://williamlam.com/2021/10/managing-vm-snapshot-retention-policies-using-the-vmware-event-broker... and then use VEBA as framework for enabling this and many other types of use cases that may not be possible or easily OOTB

Good luck!

Reply
0 Kudos