Ran across this issue earlier this week when a customer advised there backup service account had expired. The service account was created as a SSO (Single Sign On) user rather than using a Active Directory account due to a pending domain migration.
To stop this issue from reoccurring they changed the maximum password age from 90 days to a higher value as they couldn’t set this to never expire. Upon testing logon for the service account logon they were repeatedly presented with a password change prompt. Grudging resetting the password only for the prompt to keep reappearing.
1. Logon Screen
2. Password Prompt
3. Password Change Successful
Upon logging again the logon procedure was continually looping round these 3 steps.
To troubleshoot the issue I checked the VMware Password Age Policy and the maximum was set to 99999999 (eight 9’s )which on first look seemed a bit excessive.
I thought that since the Password Age Policy has changed surely only a value that is valid would be accepted. Anyhow as with most things in IT the simplest answer is the most likely. Let’s peel the onion back and start to undo the last change but also achieve the same goal as the same time. Changing the maximum password age to 9999999 (seven 9’s).
Logging on this time is now successful
Looks like the maximum is 9999999, so if you really need to you can set the value to this. Best practice would dictate to change any passwords periodically along with a alphanumeric complex password