Issue: vCenter Root Password Expired (2 Tips to Fix It)
Are you looking for details about ‘managing password expiration settings in VMWare vSphere? When you install the vCenter Server Appliance, the password lifetime for root user is set to 365 days (vCenter 6.5 or earlier) or 90 days (vSphere 6.7).
Scenario: My vCenter root password expired
My root user password expired in vCenter
Hello, I can no longer access a vCenter service appliance that I own. The password, I believe, expired in December. Since I'm new to vCenter, I thought that I would be asked to change my password and that I would still be able to use my old one. Is it possible for an expired password to fully lock you out?
This vCenter root password expired issue may arise with the following symptoms:
- When you try to log on to the management website :5480 with root, it says the password is expired.
- When you installed vCenter, password change for local users is defined by default policy.
- You left the default setting to expire the root password in your vCenter Appliance 6.5/6.7/7.0.
Why does it occur? The main reason is the default password policy, which is defined to expire after 90 days. In order to avoid root password expired, you can change the root password using SSH client or disable root user password expired for vCenter over the GUI.
I will introduce the detailed steps to solve the issue of vCenter root password expired in the following article.
Solution: vCenter root user password expired [2 quick tips]
By default, the SSO policy is applied for vSphere local users. It requires a user password to be changed every 90 days. You can reset the root password and change password expiration settings from the vCenter Server Management Interface.
Reset vCenter root password in vCSA 7.0
If you can’t log into the web console, you could still log into the appliance via SSH. Then invoke the shell command, and reset the root password with the passwd command. To do it, connect to your vCSA host using the SSH client.
1. Enable the SSH access to vCSA in the Access >> SSH login >> Enabled section of the Appliance Management (https://your_vcenter_name:5480/ui/access).
2. Open your Putty SSH session and log in as root. Type shell and run this passwd command to vCenter change the root password expired.
vCenter change root password expired policy to avoid it expiring again
If you can log into vCenter now, you can then disable root password expiration by editing password policy to make it never expire.
To check your password policy in vCenter, you can go to the Administration section and see the values in the “Password expiration settings” section. As you can see on the Password Policy tab, the following requirements are applied to the passwords of all local vCSA users:
- A password expires in 90 days (maximum lifetime);
- The minimum password length is 8 characters (maximum — 20 characters);
- The last 5 passwords are not allowed to be reused;
- Some password complexity restrictions.
And by editing the policy, you can then disable root password expiration again.
How to change the settings of password expiration policy:
If you do not want the root user password to expire in vCenter, you can disable password expiration policy by following these steps.
1. Connect to the Port 5480 of your appliance and sign in as root.
2. Go to the menu Administrator of your appliance.
3. In the Password expiration settings section, click Edit and select the password expiration policy.
4. In the opened wizard, select No to disable vCenter root password expiration.
5. Click Save to apply the new password expiration settings. Now the password of the root user never expires.
When installing patches or upgrades, do not forget to backup VCSA. Having a proper backup can save you especially if you're in a production environment. For better protection, virtual machine backup is also necessary to prevent your VMs from malware attack and data loss.
Scalable VM protection for expanding vCenter environment
96% of businesses experienced at least one of the major causes of data loss: human errors, hard drive failures, outages, fire and natural disasters, so a professional VM backup tool is necessary that offers better data protection for organizations. If you are searching for the premier backup solution for your enterprise, you will not find a better option than AOMEI Cyber Backup paired with your organization.
Here I want to introduce a professional VMware backup software – AOMEI Cyber Backup which performs automated backups for virtual machines and supports various versions including ESXi 6.0-7.0. You are able to backup your multiple virtual machines with its flexible strategies.
With AOMEI Cyber Backup, you can enjoy these features easily.
✦ Auto VM Backup: schedule VMware or Hyper-V virtual machine backups in batch without human errors and perform hot backup to keep business continuity.
✦ Flexible vSphere Backup: batch backup large numbers of VMs managed by vCenter Server, or multiple VMs on a standalone ESXi host.
✦ Multiple Storage Destinations: backup to a local drive, or network destinations like NAS.
✦ Cloud Storage: easily archive backup versions to Amazon S3 for a better data storage solution.
✦ Retention Policy: delete unwanted or expired backups automatically, saving storage costs.
Hit the button below to download AOMEI Cyber Backup 30-day free trial.
Best practice for vCenter virtual machine backup
1. Bind Devices: Access to AOMEI Cyber Backup web client, navigate to Source Device > VMware > + Add VMware Device to Add vCenter or Standalone ESXi host. And then click … > Bind Device.
2. Create Backup Task: Navigate to Backup Task > + Create New Task, and select VMware ESXi Backup as the Backup Type.
3. Set Task Name, Device, Target, Schedule, and Cleanup as needed.
- Task Name: you can change the task name or use the default name with an ordinal.
- Device: batch select large numbers of VMs managed by vCenter Server for centralized backup.
- Target: selecting to back up to a local path, or to a network path. Used paths will be saved in Favorite Storage for handy selection.
- Archive: add Amazon S3 buckets. Then go to check Archiving backup versions to Amazon S3 and click Select to choose the added Amazon S3.
- Schedule (optional): perform full, differential, or incremental backup, and automate execution according to the frequency you specified.
- Cleanup (optional): configure a retention policy to auto delete old backup files and save storage space.
4. Run Backup: Click Start Backup and select Add the schedule and start backup now, or Add the schedule only.
5. Restore: Click Restore to restore virtual machine from backup, saving the trouble of re-configuring a new one.
▶ Select a VM backup and click Restore to original/new location. It allows you to restore the entire VMware virtual machine to the original or another host easily and quickly.
Summary
When you deploy vCenter Server, you set the initial password of the root user, which expires after 90 days by default. If you want to disable vCenter root password expiration, this feature can be deactivated by performing the steps in this article. You can change the root password and the password expiration settings from the vCenter Server Management Interface.