Failed to change password for created localos user on vCenter GUI 8.0U3
Article ID: 389743
Updated On: 04-02-2025
Products
Issue/Introduction
Changing the password of the localos user created via the vCenter Appliance shell fails on the vCenter 8.0 U3 GUI.
The actual lock / disable status of the user does not reflect in the UI.
"test-user" is a localos user, but sso is trying to change the password as the vsphere.local domain.
/var/log/vmware/sso/ssoAdminServer.log
2025-02-26T00:38:53.797Z ERROR ssoAdminServer[95:pool-2-thread-2] [OpId=m7l5vfjz-993-auto-rp-h5:70000413] [com.vmware.identity.admin.server.ims.impl.PrincipalManagementImpl] Error in updateLocalPersonUserDetails. Check if user already exists. Idm client exception.com.vmware.identity.idm.InvalidPrincipalException: user test-user@vsphere.local does not exists
2025-02-26T00:38:53.797Z INFO ssoAdminServer[95:pool-2-thread-2] [OpId=m7l5vfjz-993-auto-rp-h5:70000413] [com.vmware.identity.admin.vlsi.PrincipalManagementServiceImpl] The specified principal (test-user) is invalid.
com.vmware.vim.sso.admin.exception.InvalidPrincipalException: The specified principal (test-user) is invalid.
Environment
vCenter Server 8.0 U3 and later patch.
Cause
This is a bug in vCenter 8.0 U3 GUI where localos user operations are enabled. In the vCenter 8.0 U2 GUI, all operations for the localos user are grayed out.
From 7U3c, the support for use of localos accounts as an identity source is deprecated. VMware plans to discontinue support for use of the local operating system as an identity source.
This functionality will be removed in a future release of vSphere.
Resolution
It will be disabled again in the GUI in a future version.
Do not attempt to perform GUI operations with localos users in vCenter 8.0U3 to avoid unexpected behavior or errors.
Operations for localos users must be performed using the vCenter Appliance Shell.
Feedback
