book
Article ID: 320773
calendar_today
Updated On:
Issue/Introduction
This article provides steps to modify the password of the vpxuser account.
Environment
VMware vCenter Server 5.0.x
VMware vCenter Server 7.0.x
VMware vCenter Server 5.1.x
VMware vCenter Server 6.x
VMware vCenter Server 4.1.x
VMware vCenter Server 5.5.x
VMware vCenter Server 4.0.x
VMware VirtualCenter 2.5.x
Resolution
vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The password for each vpxuser account is auto-generated when an ESX/ESXi host is added. The password is updated by default every 30 days.
To modify default password settings:
-
Connect vSphere Client to vCenter Server.
-
Click Administration > vCenter Server Settings > Advanced Settings.
-
Scroll to the parameter VirtualCenter.VimPasswordExpirationInDays and change the value from the default.
Notes:
-
For security reasons, VMware does not recommend increasing the value.
-
In the /var/log/hostd file you will see the entry:
Password was changed for account vpxuser on host
-
Restart the VMware VirtualCenter Server service. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).
Additional Information
For more information, see:
How to stop, start, or restart vCenter Server services如何修改 vpxuser 帐户的默认到期时间Impact/Risks:
- If modifying the vpxuser password expiry time you may also need to take consideration of the Security.PasswordMaxDays setting for users on the ESXi host side Advanced Settings if it has also been changed (default 99999 days). For more information see Configure the Passwords and Account Lockout Policy in the VMware Host Client section in the vSphere Single Host Management - VMware host Client Guide
- If the VirtualCenter.VimPasswordExpirationInDays occurs while the ESXi host is in maintenance mode then vpxd will delay the password renewal until within 24 hours after it has exited maintenance mode. If the Security.PasswordMaxDays has also been modified and the vpxuser password expires while the ESXi host is in maintenance mode then the ESXi host would need to be disconnected and reconnected to vCenter Server and the root password re-entered.
- The Security.PasswordMaxDays should always be a greater value than the VirtualCenter.VimPasswordExpirationInDays to ensure the password can be changed by vpxd before it expires on the ESXi host. vCenter Server is not aware of changes to the Security.PasswordMaxDays on the ESXi host