Login to Management Interface (VAMI) of a vCenter or Platform Service Controller fails with the message "Exception in invoking authentication handler User password expired"
Article ID: 332308
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
Logging in to the VAMI page of a vCenter or PSC Appliance (https://<VC FQDN>:5480) fails with the message:
Exception in invoking authentication handler User password expired
The Appliance was deployed more than 90 days ago with default settings.
Login to the Appliance Shell (SSH or VM Console) is working.
From the Shell Session "chage -l root" returns an output similar to:
root@xxxxxx [ ~ ]# chage -l root
You are required to change your password immediately (root enforced)
chage: PAM: Authentication token is no longer valid; new one required
Logging in to the VAMI page of a vCenter or PSC Appliance (https://<VC FQDN>:5480) fails with the message:
Exception in invoking authentication handler User password expired
The Appliance was deployed more than 90 days ago with default settings.
Login to the Appliance Shell (SSH or VM Console) is working.
From the Shell Session "chage -l root" returns an output similar to:
root@xxxxxx [ ~ ]# chage -l root
You are required to change your password immediately (root enforced)
chage: PAM: Authentication token is no longer valid; new one required
Cause
This issue occurs when the root password of the appliance (PSC or vCenter) server is expired.
In vSphere 6.5 and later the root password expire after 90 days by default, in older versions it was 365 days.
After deploying the Appliance you can modify the the Password Settings of the Root User through the vCenter Server Appliance Management Interface.
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcsa.doc/GUID-C63C82F1-D430-4710-8B92-177A79D3DE65.html
In vSphere 6.5 and later the root password expire after 90 days by default, in older versions it was 365 days.
After deploying the Appliance you can modify the the Password Settings of the Root User through the vCenter Server Appliance Management Interface.
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcsa.doc/GUID-C63C82F1-D430-4710-8B92-177A79D3DE65.html
Resolution
Reset the root password of the Appliance using the "passwd" command.
root@xxxxxx [ ~ ]# passwd root
You can then you can modify the the Password Settings of the Root User through the vCenter Server Appliance Management Interface.
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcsa.doc/GUID-C63C82F1-D430-4710-8B92-177A79D3DE65.html
You can configure different expiry times including "never expire" and set an email address to which the expiration warning is sent.
root@xxxxxx [ ~ ]# passwd root
You can then you can modify the the Password Settings of the Root User through the vCenter Server Appliance Management Interface.
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.vcsa.doc/GUID-C63C82F1-D430-4710-8B92-177A79D3DE65.html
You can configure different expiry times including "never expire" and set an email address to which the expiration warning is sent.
Feedback
Yes
No
Powered by
