I came across a post the other day that’s very for IT administrators to be aware of. I recently updated from vSphere 6.5 to vSphere 6.5 U1a. So I decided to check and see if I was in fact, apart of this issue and low and behold I was. This has been reported as a bug to VMware and Adam Eckerle and it is currently getting worked on to get it corrected. Thankfully, there’s an easy workaround and it needs to be shared until this is corrected.
Problem:
After upgrading from vSphere 6.5 to vSphere 6.5 U1a the root accounts Password Expiry Policy is enabled with a 365 day expiration date (previous defaulted to disabled) This is a huge issue being that if your root account becomes locked out it could mean you aren’t able to administer your vSphere environment if that’s your single administrator account. (Note: Please don’t have just 1 administrator role in your environment).
Workaround:
- Log into the VCSA VAMI using port 5480. (https://vcsa_ip_hostname:5480
- Select the Administration option
3. Set the Root Password Expires to No
The caveat to this is if you have a password expiration policy enforced in your environment per Security Policy/Compliance/Regulation than you should setup the SMTP perimeters to send you an email before the account actually expires.
Good Luck!