- You update your vCSA 6.5 instance to 6.5 U1a.
- After the update is completed successfully, the root Password Expiry Policy is enabled with 365 days, when it was previously disabled.
- This introduces operational risk to your environment where you could be locked out of the root account after a year has elapsed.
Update: VMware has informed me that this is a known issue to be corrected in a future update.
- Login to the vCSA VAMI on Port 5480.
- Select the Administration object on the left and verify that the Password Expiration Settings policy is Enabled with a period of 365 days.
- Set the “Root Password Expires” to “No” and press Submit.
- Note: if you have an Information Security Policy that requires password expiry, then make sure the “Email for expiration warning” is configured with a monitored account.
I noticed this after I updated from vCSA 6.5 U1 to U1a. I also verified this behaviour updating from vCSA 6.5 GA to U1a. I have not had time to check if every vCSA 6.5 update behaves this way.