SSO [email protected] account expiry

The other day I hit the “Associated user’s password is expired” when trying to login to my SSO as the [email protected] account.

You can just reset the password for the account as per VMware KB 2035864. However, on vSphere 5.1 this causes some confusion over the SSO user password and the so called master password (which never changes) – see this communities post for more info.

A quick and dirty fix for this (if you are running the vCenter with a SQL DB) follows.

  1. Take a backup of your RSA DB (if you don’t and you trash your DB then don’t complain to me :)).
  2. Open SQL Server Management Studio, expand the RSA DB, expand the Tables folder and find the dbo.IMS_AUTHN_PASSWORD_POLICY table.
  3. Right click and select Edit Top 200 Rows.
  4. Now edit the MAX_LIFE_SEC column (this is in seconds), so for example if you want to set it to 5 years it would be 157680000 (apparently you can set this to 0 for never expire).  I’m setting mine to 90000000 (1014 days).

  1. Restart the SSO service.
  2. Log back into the Web Client as [email protected]
  3. Go to Administration, Configuration, Policies tab.  It should now look like this:-

Leave a Reply

Your email address will not be published. Required fields are marked *