Error : "Failed to change password' when trying to change password of ESXi local user accounts
Article ID: 339980
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
This article provides the steps to assign appropriate privileges to the non-administrative users to change their own password.
Symptoms:
Symptoms:
- Users without administrator role fails to change their own password with an error:
Failed to change password
- In /var/run/log/hostd.log, you will see entries similar to:
Throw vim.fault.NoPermission
Result:
--> (vim.fault.NoPermission) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> object = 'vim.Folder:ha-folder-root',
--> privilegeId = "Host.Local.ManageUserGroups"
Result:
--> (vim.fault.NoPermission) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> object = 'vim.Folder:ha-folder-root',
--> privilegeId = "Host.Local.ManageUserGroups"
Environment
VMware vSphere ESXi 6.7
VMware vSphere ESXi 6.0
VMware vSphere ESXi 6.5
VMware vSphere ESXi 6.0
VMware vSphere ESXi 6.5
Cause
Host.Local.ManageUserGroups is a required previlege for a user to change own password in ESXi
Resolution
To resolve this issue, assign appropriate privilege for the user or have an Administrator role user to reset password on behalf of the user:
To assign the required privilege:
To assign the required privilege:
- Login to the ESXi host web client with root credentials
- Select Manage
- Click on Security & users tab and in the left page > Select Roles
- Find and select the role that is assigned to the non-administrative user in question, and click on Edit role
- From the list, scroll down and click on Host > then click on Local > then select ManageUserGroups privilege and click on Save
Feedback
Yes
No
Powered by
