Changing the password of the localos user created via the vCenter Appliance shell fails on the vCenter 8.0 U3 GUI.
The actual lock / disable status of the user does not reflect in the UI.
"test-user" is a localos user, but sso is trying to change the password as the vsphere.local domain.
/var/log/vmware/sso/ssoAdminServer.log
2025-02-26T00:38:53.797Z ERROR ssoAdminServer[95:pool-2-thread-2] [OpId=m7l5vfjz-993-auto-rp-h5:70000413] [com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl] Error in updateLocalPersonUserDetails. Check if user already exists. Idm client exception.com.vmware.identity.idm.InvalidPrincipalException: user test-user@vsphere.local does not exists
2025-02-26T00:38:53.797Z INFO ssoAdminServer[95:pool-2-thread-2] [OpId=m7l5vfjz-993-auto-rp-h5:70000413] [com.vmware.identity.admin.vlsi.PrincipalManagementServiceImpl] The specified principal (test-user) is invalid.
com.vmware.vim.sso.admin.exception.InvalidPrincipalException: The specified principal (test-user) is invalid.
vCenter Server 8.0 U3 and later patch.
This is a bug in vCenter 8.0 U3 GUI where localos user operations are enabled. In the vCenter 8.0 U2 GUI, all operations for the localos user are grayed out.
From 7U3c, the support for use of localos accounts as an identity source is deprecated. VMware plans to discontinue support for use of the local operating system as an identity source.
This functionality will be removed in a future release of vSphere.
It will be disabled again in the GUI in a future version.
Do not attempt to perform GUI operations with localos users in vCenter 8.0U3 to avoid unexpected behavior or errors.
Operations for localos users must be performed using the vCenter Appliance Shell.