This post is applicable to customers using VMware vCenter Server Appliance 6.5.
- You update your vCSA 6.5 instance to 6.5 U1a.
- After the update is completed successfully, the root Password Expiry Policy is enabled with 365 days, when it was previously disabled.
- This introduces operational risk to your environment where you could be locked out of the root account after a year has elapsed.
Update: As of 19 December 2017, this issue has been corrected in 184.108.40.20600.
- Login to the vCSA VAMI on Port 5480.
- Select the Administration object on the left and verify that the Password Expiration Settings policy is Enabled with a period of 365 days.
- Set the “Root Password Expires” to “No” and press Submit.
- Note: if you have an Information Security Policy that requires password expiry, then make sure the “Email for expiration warning” is configured with a monitored account.
I noticed this after I updated from vCSA 6.5 U1 to U1a. I also verified this behaviour updating from vCSA 6.5 GA to U1a. I have not had time to check if every vCSA 6.5 update behaves this way.
2 thoughts on “vSphere 6.5 – vCSA Update Root Password Expiry”
Hey there. Thank you for your post.
FYI: I have seen this also with the 6.0 VCSA (various patch levels.) This appears to be a weird regression bug that VMware don’t seem to have closed.
Comments are closed.