Unlock the account using another session that is still logged into the SSO server or using another user account with SSO administrator privileges.
To unlock an account using another session or using another user account with SSO administrator privileges:
-
- Click Home.
- Click Administration.
- Click Single Sign-On > Users and Groups.
- Click the Users tab.
- Right-click the affected user account, such as [email protected], and click Unlock.
In emergency situations or if the default policies are changed, you can also reset the password to unlock the account.
To reset the
[email protected] password:
On a Windows server
- Log in to the vCenter Server with a domain administrator account. If vCenter Single Sign-On is installed separate from the vCenter Server, log in to the vCenter Single Sign-On server.
- Open an elevated command prompt.
- Navigate to the vmdird directory by running the command:
cd Program Files\VMware\Infrastructure\VMware\CIS\vmdird
- Run c:\Program Files\VMware\Infrastructure\VMware\CIS\vmdird\vdcadmintool.exe.
This console loads:
===============================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
===============================
- Press 3 to enter the Reset account password option.
- When prompted for the Account DN, enter:
cn=Administrator,cn=users,dc=vSphere,dc=local
A new password is now generated.
Use the newly generated password to log in to [email protected] account.
Note: If the generated password contains an exclamation mark (!), perform the regeneration process again.
- After the password is regenerated, log in to vSphere Web Client and change the password to be compliant with VMware's list of unsupported character. For more information, see vSphere 5.5 Single Sign-On [email protected] password issues (2060637).
In the vCenter Server Appliance
- Connect to vCenter Server Appliance through SSH.
- Run /usr/lib/vmware-vmdir/bin/vdcadmintool
This console loads:
================================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
================================
- Press 3 to enter the Reset account password option.
- When prompted for the Account DN, enter:
cn=Administrator,cn=users,dc=vSphere,dc=local
A new password is generated.
- Use the generated password to log in to [email protected] account.
Note: If the generated password contains an exclamation mark (!), perform the regeneration process again.
- After the password is regenerated, log in to vSphere Web Client and change the password to be compliant with VMware's list of unsupported character.