Error : "Failed to change password' when trying to change password of ESXi local user accounts
search cancel

Error : "Failed to change password' when trying to change password of ESXi local user accounts

book

Article ID: 339980

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides the steps to assign appropriate privileges to the non-administrative users to change their own password.

Symptoms:
  • Users without administrator role fails to change their own password with an error: 
Failed to change password
  • In /var/run/log/hostd.log, you will see entries similar to:
Throw vim.fault.NoPermission
Result:
--> (vim.fault.NoPermission) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> object = 'vim.Folder:ha-folder-root',
--> privilegeId = "Host.Local.ManageUserGroups"


Environment

VMware vSphere ESXi 6.7
VMware vSphere ESXi 6.0
VMware vSphere ESXi 6.5

Cause

Host.Local.ManageUserGroups is a required previlege for a user to change own password in ESXi

Resolution

To resolve this issue, assign appropriate privilege for the user or have an Administrator role user to reset password on behalf of the user:

To assign the required privilege:
  1. Login to the ESXi host web client with root credentials
  2. Select Manage
  3. Click on Security & users tab and in the left page > Select Roles
  4. Find and select the role that is assigned to the non-administrative user in question, and click on Edit role
  5. From the list, scroll down and click on Host > then click on Local > then select ManageUserGroups privilege and click on Save