There is a couple of reasons why we can lose our SSO administrator password.
We can forget the password, but also after an update from vCenter from 5.1 to 5.5, we cannot change the password in vSphere Web Client(is grayed out).
If happened, we need to reset the password SSO firstname.lastname@example.org.
You can reset the password with the tool vdcadmintool.exe on a Window Server, or from the vCenter Appliance(Linux based).
How to reset
For the vCenter Windows Server:
Log in to the vCenter Server with a domain administrator account, or to vCenter Single Sign-On if SSO is installed in a separated server.
Open a cmd(shell command prompt) console with “Run as Administrator”
Go to vmdird folder, that is located in “Program Files\VMware\Infrastructure\VMware\CIS\vmdird” or in “C:\Program Files\VMware\vCenter Server\vmdird”
- Change Directory: c:\cd\Program Files\VMware\Infrastructure\VMware\CIS\vmdird
- Run vdcadmintool tool: c:\Program Files\VMware\Infrastructure\VMware\CIS\vmdird>vdcadmintool.exe
- Press 3 to choose to: Reset administrator@vSphere.local password account.
- Add the Account DN: cn=administrator,cn=users,dc=vSphere,dc=local
Note: if you customized your vSphere Domain name, provide the customized domain name in the Account DN option.(a new password is generated and displayed. Use this password to log into the administrator@vSphere.local account.)
- Press 0(zero) to exit console menu.
For the vCenter Server Appliance
For vCenter Appliance is the same procedure as for Windows, except the connection to the vCenter and location of the vdcadmintool
Connect to your vCenter Appliance with ssh and user root(if you did not change the initial password, the default password is vmware).
Note: If ssh is not enabled in the vCenter appliance you need to enabled ssh option in the vCenter Appliance Web Console.
https://ip-address:5480 and in the admin tab enable “Administrator SSH login enabled.”
After you are connected to the vCenter Appliance through ssh, the location of the vdcadmintool is: /usr/lib/vmware-vmdir/bin/vdcadmintool
Run the tool and use the same procedure/options that are detailed above for Windows vCenter.
Note: If you customized your vSphere Domain name, provide the customized domain name in the Account DN option.
After these tasks, your account email@example.com password is reset.
Note: After you reset your account if you want to change the password to your company/environment policy, you can connect to your vCenter with vSphere Web Client and edit user(administrator) and change the password for administrator account.
Go to option “Administration; Single Sign-On; User and Groups; Users Tab” then choose administrator user, right mouse click and choose “Edit User”(or use Edit User icon) and change password.
If you have your firstname.lastname@example.org account locked(too many bad password attempts), or any other account, in the “Administration; Single Sign-On; User and Groups Users Tab”, right mouse click and choose “Unlock”(or use Actions – Unlock icon) to unlock the account.
Note: To unlock, or do any changes in the email@example.com, or connect to Single Sign-On area, you need a user with Single Sign-On administration permissions.
Hope this can help you fix your issues with the account firstname.lastname@example.org(or other administration accounts).
Note: Share this article, if you think it is worth sharing.