How to Reset vCenter SSO password of VCSA 6.5

We have already discussed about resetting root password vCenter Appliance in post , and here I am sharing the details about how can we reset the vCenter SSO password.

For all virtual environment one the major security part is vCenter SSO password and we have keep this as very secret since it has the higher privilege. Also initial password will be set by the deployment engineer or administrator who configuring the vCenter, always recommends to reset the password after initial deployment and hand over.

From vSphere 6.0 onwards the vCenter architecture is changed , compared to previous versions. Earlier version it was SSO server and 6.0 onward  Platform services controller (PSC) take over the role of vCenter SSO server . Platform service controller completely deals with identity management for administrators and applications that interact with the vSphere platform.

VMware Platform Services Controller provides a variety of identity and data services to vCenter Server and to integrated VMware products. When multiple Platform Services Controller instances are configured in a vCenter Single Sign-On domain, they replicate identity data and provide a resilient, highly available platform.

There are two methods ,you can configure PSC with vCenter and password reset for both are following.

  • vCenter server with embedded Platform Services controller – Password reset of SSO can be done from vCenter Server appliance
  • vCenter with external PSC – Password reset of SSO can be done by logging into PSC controller.

How to Reset vCenter SSO password for the VCSA appliance

First we need vCenter server root credentials of the PSC or vCenter Server Appliance to reset the vCenter SSO password. And we are using vdcadmintool for resetting the password .

Follow the below procedure

1.Find type of PSC using with vCenter Server

2.Login to Platform Services Controller if externally configured with vCenter or Login to vCenter Server if Platform Services Controller Appliance is embeded with vCenter using SSH as root user.

3.Run this command to enable access the Bash shell:

shell

Note:Here I am using an external PSC controller , same procedure  can be used for resetting SSO password of vCenter server with embedded Platform Services controller .

4.Verify your SSO domain Name by entering below command , this command is same for both scenarios .( embedded or external psc )

# /usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name –server-name localhost

Note: – Default SSO domain is vSphere. Local

5.Type below command for listing the options associated with vdcadmintool

# /usr/lib/vmware-vmdir/bin/vdcadmintool

6. Select option 3 – Reset account password and it will be prompted for the Account UPN, enter your UPN and it will generate new SSO password

User@vSphere.DomainName 

In my case, it is administrator@vsphere.vmarena.local.

Note: If vSphere Domain name is custom one , provide the same and a random password will be generated for the VCenter SSO admin account.

7.Log in to vSphere Web Client using the vCenter SSO admin account with the generated password. Select the Change Passwordoption under the logged in Username

8.Specify the password generated in the above steps in the current password field and your new password  in new password field and Click Ok to change it. Logout and Login back to the vCenter server using SSO user account with the new password.

Reference