Search the VMware Knowledge Base (KB)
View by Article ID

How to unlock and reset SSO password in vSphere 6.x (2146224)

  • 4 Ratings

Purpose

This article provides steps to unlock and reset the SSO password in vSphere 6.x

Note: You must unlock and reset the vCenter Single Sign-On (SSO) password in vSphere 6.x if you have entered an incorrect password three times and you see the error:

User account is locked. Please contact your administrator.

Resolution

To unlock an account using another session or using another user account with SSO administrator privileges:

Note: Unlock the account using another session that is still logged into the PSC server or using another user account with SSO administrator privileges.
  1. Click Home.
  2. Click Administration.
  3. Click Single Sign-On > Users and Groups.
  4. Click the Users tab.
  5. Right-click the affected user account and click Unlock.
In emergency situations or if the default policies are changed, you can also reset the password to unlock the account.

On a Windows Platform Services Controller or vCenter Server with Embedded Platform Services Controller:
  1. Log in to vCenter Server with a domain administrator account. If the Platform Services Controller is installed separate from vCenter Server, log in to the Platform Services Controller server.
  2. Open an elevated command prompt.
  3. Run c:\> "%VMWARE_CIS_HOME%\vmdird\vdcadmintool.exe".

    This console loads:

    ===============================
    Please select:
    0. exit
    1. Test LDAP connectivity
    2. Force start replication cycle
    3. Reset account password
    4. Set log level and mask
    5. Set vmdir state
    ===============================

  4. Press 3 to enter the Reset account password option.
  5. When prompted for the Account UPN, enter:

    User@vSphere_Domain_Name.local

    A new password is generated.

    Notes:
    • If you customized your vSphere Domain name, provide the customized domain name.
    • If the prededing steps fail with a domain administrator account, use a local administrator account

  6. Use the generated password to log in to the User@vSphere_Domain_Name.local account.
  7. After the password is regenerated, log in to vSphere Web Client and change the password.
On the Platform Services Controller or vCenter Server with Embedded Platform Services Controller Appliance
  1. Log in to vCenter Server Appliance using SSH as the root user.
  2. Run this command to enable access the Bash shell:

    shell.set --enabled true

  3. Type shell and press Enter.
  4. Run /usr/lib/vmware-vmdir/bin/vdcadmintool.

    This console loads:

    ================================
    Please select:
    0. exit
    1. Test LDAP connectivity
    2. Force start replication cycle
    3. Reset account password
    4. Set log level and mask
    5. Set vmdir state
    ================================

  5. Press 3 to enter the Reset account password option.
  6. When prompted for the Account UPN, enter:

    User@vSphere_Domain_Name.local

    A new password is generated.

    Note: If your vSphere Domain name is customized, provide the customized domain name.

  7. Use the generated password to log in to the User@vSphere_Domain_Name.local account.
  8. After the password is regenerated, log in to the vSphere Web Client and change the password.

Tags

reset administrator password, platform services controller, account locked, reset admin password

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 4 Ratings
Actions
KB: