Tag Archives: Maximum Password Age

VMware vCenter 5.5 appliance max password age

Ran across this issue earlier this week when a customer advised there backup service account had expired. The service account was created as a SSO (Single Sign On) user rather than using a Active Directory account due to a pending domain migration.

To stop this issue from reoccurring they changed the maximum password age from 90 days to a higher value as they couldn’t set this to never expire. Upon testing logon for the service account logon they were repeatedly presented with a password change prompt. Grudging resetting the password only for the prompt to keep reappearing.

1. Logon Screen

Logon

2. Password Prompt

Password_Change

3. Password Change Successful

password_changed

Upon logging again the logon procedure was continually looping round these 3 steps.

To troubleshoot the issue I checked the VMware Password Age Policy and the maximum was set to 99999999 (eight 9’s )which on first look seemed a bit excessive.

password policy

I thought that since the Password Age Policy has changed surely only a value that is valid would be accepted. Anyhow as with most things in IT the simplest answer is the most likely. Let’s peel the onion back and start to undo the last change but also achieve the same goal as the same time. Changing the maximum password age to 9999999 (seven 9’s).

password policy new

Logging on this time is now successful

post_logon

Looks like the maximum is 9999999, so if you really need to you can set the value to this. Best practice would dictate to change any passwords periodically along with a alphanumeric complex password