Edit password for AD domain user in ESXi fails with error "pam_passwdqc:Error parsing parameter"
search cancel

Edit password for AD domain user in ESXi fails with error "pam_passwdqc:Error parsing parameter"

book

Article ID: 385048

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • On editing the password for a Domain user, fails with following error:

    Error: A general system error occurred: pam_passwdqc: Error parsing parameter "min=16,disabled,disabled,12,7": Invalid parameter value. *** passwd: Critical error - immediate abort

  • This issue can also occur when adding a host to vCenter. 

Environment

VMware vSphere ESXi 7.0.x
VMware vSphere ESXi 8.0.x

Cause

An incorrect value was entered in the Security.PasswordQualityControl field under the ESXi Advance System Settings. This value changed when hardening the password parameters on the ESXi hosts. See vSphere Security

Resolution

To resolve the issue, remove the incorrect entry from Security.PasswordQualityControl field

  • Login to the ESXi host client > Manage > System > Advanced Settings
  • Select Security.PasswordQualityControl and reset to default: retry=3 min=disabled,disabled,disabled,7,7

Additional Information