Search the VMware Knowledge Base (KB)
Products:
View by Article ID

How to unlock and reset SSO administrator password in vSphere 5.5 (2146225)

  • 18 Ratings

Purpose

You must unlock and reset the vCenter Single Sign-On (SSO) password in vSphere 5.5 if you have entered an incorrect password for three times and you see the error:

User account is locked. Please contact your administrator.

Resolution

Unlock the account using another session that is still logged into the SSO server or using another user account with SSO administrator privileges.

To unlock an account using another session or using another user account with SSO administrator privileges:
    1. Click Home.
    2. Click Administration.
    3. Click Single Sign-On > Users and Groups.
    4. Click the Users tab.
    5. Right-click the affected user account, such as administrator@vsphere.local, and click Unlock.

In emergency situations or if the default policies are changed, you can also reset the password to unlock the account.

To reset the administrator@vsphere.local password:

On a Windows server
  1. Log in to the vCenter Server with a domain administrator account. If vCenter Single Sign-On is installed separate from the vCenter Server, log in to the vCenter Single Sign-On server.
  2. Open an elevated command prompt. 
  3. Navigate to the vmdird directory by running the command:

    cd Program Files\VMware\Infrastructure\VMware\CIS\vmdird

  4. Run c:\Program Files\VMware\Infrastructure\VMware\CIS\vmdird\vdcadmintool.exe.

    This console loads:
    ===============================
    Please select:
    0. exit
    1. Test LDAP connectivity
    2. Force start replication cycle
    3. Reset account password
    4. Set log level and mask
    5. Set vmdir state
    ===============================

  5. Press 3 to enter the Reset account password option.
  6. When prompted for the Account DN, enter:

    cn=Administrator,cn=users,dc=vSphere,dc=local

    A new password is now generated.

    Use the newly generated password to log in to administrator@vSphere.local account.

    Note: If the generated password contains an exclamation mark (!), perform the regeneration process again.

  7. After the password is regenerated, log in to vSphere Web Client and change the password to be compliant with VMware's list of unsupported character. For more information, see vSphere 5.5 Single Sign-On administrator@vsphere.local password issues (2060637).
In the vCenter Server Appliance
  1. Connect to vCenter Server Appliance through SSH. 
  2. Run /usr/lib/vmware-vmdir/bin/vdcadmintool.

    This console loads:

    ================================
    Please select:
    0. exit
    1. Test LDAP connectivity
    2. Force start replication cycle
    3. Reset account password
    4. Set log level and mask
    5. Set vmdir state
    ================================


  3. Press 3 to enter the Reset account password option.
  4. When prompted for the Account DN, enter:

    cn=Administrator,cn=users,dc=vSphere,dc=local

    A new password is generated. 

  5. Use the generated password to log in to administrator@vSphere.local account.

    Note: If the generated password contains an exclamation mark (!), perform the regeneration process again.

  6. After the password is regenerated, log in to vSphere Web Client and change the password to be compliant with VMware's list of unsupported character.

Tags

reset administrator password, platform services controller, account locked, reset admin password

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 18 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 18 Ratings
Actions
KB: