How to modify the default expiry time for the vpxuser account
search cancel

How to modify the default expiry time for the vpxuser account

book

Article ID: 320773

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides steps to modify the password of the vpxuser account.


Environment

VMware vCenter Server 5.0.x
VMware vCenter Server 7.0.x
VMware vCenter Server 5.1.x
VMware vCenter Server 6.x
VMware vCenter Server 4.1.x
VMware vCenter Server 5.5.x
VMware vCenter Server 4.0.x
VMware VirtualCenter 2.5.x

Resolution

vCenter Server creates the vpxuser account on each ESX/ESXi host that it manages. The password for each vpxuser account is auto-generated when an ESX/ESXi host is added. The password is updated by default every 30 days.

 

To modify default password settings:

  1. Connect vSphere Client to vCenter Server.

  2. Click Administration > vCenter Server Settings > Advanced Settings.

  3. Scroll to the parameter VirtualCenter.VimPasswordExpirationInDays and change the value from the default.

    Notes:

    • For security reasons, VMware does not recommend increasing the value.

    • In the /var/log/hostd file you will see the entry:

      Password was changed for account vpxuser on host

  4. Restart the VMware VirtualCenter Server service. For more information, see Stopping, starting, or restarting VMware vCenter Server services (1003895).



Additional Information

For more information, see:
How to stop, start, or restart vCenter Server services
如何修改 vpxuser 帐户的默认到期时间

Impact/Risks:
  • If modifying the vpxuser password expiry time you may also need to take consideration of the Security.PasswordMaxDays setting for users on the ESXi host side Advanced Settings if it has also been changed (default 99999 days). For more information see Configure the Passwords and Account Lockout Policy in the VMware Host Client section in the vSphere Single Host Management - VMware host Client Guide
  • If the VirtualCenter.VimPasswordExpirationInDays occurs while the ESXi host is in maintenance mode then vpxd will delay the password renewal until within 24 hours after it has exited maintenance mode. If the Security.PasswordMaxDays has also been modified and the vpxuser password expires while the ESXi host is in maintenance mode then the ESXi host would need to be disconnected and reconnected to vCenter Server and the root password re-entered.
  • The Security.PasswordMaxDays should always be a greater value than the VirtualCenter.VimPasswordExpirationInDays to ensure the password can be changed by vpxd before it expires on the ESXi host. vCenter Server is not aware of changes to the Security.PasswordMaxDays on the ESXi host


Powered by Wolken Software