Reading Time: 3 minutes

Due to the changes in the new vCenter Server 6.0 architecture, the SSO has now been incorporated in the new VMware Platform Services Controller “role”.

But the concepts of a global SSO accounts still exist and remain important to manage the infrastructure (and more important during installation and upgrade). If you forget the SSO admin password you can have some trouble. I’ve already wrote on how reset the VMware SSO password in the vSphere 5.1 and 5.5 versions and the procedure remain almost the same also in the 6.0 version.

As written in the KB 2034608 (Unlocking and resetting the VMware vCenter Single Sign-On administrator password) you can have this problem also in a case of multiple login failure (by default the account get locket if the password is incorrectly entered three times).

For VMware Platform Services Controller 6.0, if you want just to unlock the password:

  • Wait for 5 minutes. By default, the account lockout policy is set to unlock after 15 minutes. For more information on account lockout policies for the Platform Services Controller (PSC), see vCenter Server Password Requirements and Lockout Behavior in the vSphere Security Guide.
  • Unlock the account using another session that is still logged into the PSC server or using another user account with SSO administrator privileges.
    To unlock an account using another session or using another user account with SSO administrator privileges:

    1. Click Home.
    2. Click Administration.
    3. Click Single Sign-On > Users and Groups.
    4. Click the Users tab.
    5. Right-click the affected user account, such as [email protected], and click Unlock.

For VMware Platform Services Controller 6.0, if you need to reset the SSO admin password:

  • To reset the [email protected] password on a Windows Platform Services Controller or vCenter Server with Embedded Platform Services Controller:
    1. Log in to the vCenter Server with a domain administrator account. If the Platform Services Controller is installed separate from the vCenter Server, log in to the Platform Services Controller server.
    2. Open an elevated command prompt. For more information, see Opening a command or shell prompt (1003892).
    3. Open the vdcadmintool service tool with this command:
      c:\> “%VMWARE_CIS_HOME%\vmdird\vdcadmintool.exe”
      This console loads:
      ===============================
      Please select:
      0. exit
      1. Test LDAP connectivity
      2. Force start replication cycle
      3. Reset account password
      4. Set log level and mask
      5. Set vmdir state
      ===============================
    4. Press 3 to enter the Reset account password option.
    5. When prompted for the Account UPN, enter: Administrator@vSphere_Domain_Name.local
      By default, this is:
      [email protected]
      A new password is generated.
      Note: if you customized your vSphere Domain name, provide the customized domain name.
    6. Use the generated password to log in to the [email protected] account.
    7. After the password is regenerated, log in to the vSphere Web Client and change the password.
  • To reset the [email protected] password on the Platform Services Controller or vCenter Server with Embedded Platform Services Controller Appliance:
    1. Log in to the vCenter Server Appliance via SSH.
    2. Run this command to enable access the Bash shell:
      shell.set –enabled true
    3. Type shell and press Enter.
    4. Open the vdcadmintool service tool with this command: /usr/lib/vmware-vmdir/bin/vdcadmintool
      This console loads:
      ================================
      Please select:
      0. exit
      1. Test LDAP connectivity
      2. Force start replication cycle
      3. Reset account password
      4. Set log level and mask
      5. Set vmdir state
      ================================
    5. Press 3 to enter the Reset account password option.
    6. When prompted for the Account UPN, enter:
      Administrator@vSphere_Domain_Name.local
      By default, this is:
      [email protected]
      But remember that in PSC you can have custom domains!
      A new password is generated.
      Note: if you customized your vSphere Domain name, provide the customized domain name.
    7. Use the generated password to log in to the [email protected] account.
    8. After the password is regenerated, log in to the vSphere Web Client and change the password.

As you can notice the procedure remain almost the same both in 5.5 and 6.0 version with only few minimal changes.

Share

Related Posts

  • Reset the VMware SSO password

    VMware Single Sign On is a new VMware vCenter Server components, introduced for the first time in vSphere 5.1, that manage the authentication across different VMware components both for services and users. It is not just an authentication broker but also a security token exchange…

  • vSphere 5 download

    Finally the vSphere 5 download is now available on VMware site: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0 VMware ESXi 5.0 (Build 469512) VMware vCenter 5.0 (Build 456005) Also the official documents is now available: http://www.vmware.com/support/pubs/vsphere-esxi-vcenter-server-pubs.html

  • vSphere 5 download

    Finalmente, dopo più di un mese dal Lancio ufficiale di VMware vSphere 5, è disponibile la versione per il download, direttamente dal sito di VMware: http://downloads.vmware.com/d/info/datacenter_cloud_infrastructure/vmware_vsphere/5_0 VMware ESXi 5.0 (Build 469512) VMware vCenter 5.0 (Build 456005) Oltre al download dei binari, sono disponibili anche i…

Virtualization, Cloud and Storage Architect. Tech Field delegate. VMUG IT Co-Founder and board member. VMware VMTN Moderator and vExpert 2010-24. Dell TechCenter Rockstar 2014-15. Microsoft MVP 2014-16. Veeam Vanguard 2015-23. Nutanix NTC 2014-20. Several certifications including: VCDX-DCV, VCP-DCV/DT/Cloud, VCAP-DCA/DCD/CIA/CID/DTA/DTD, MCSA, MCSE, MCITP, CCA, NPP.