• Adding host (with password policy enabled) to vCenter fails with error
• Adding host to vCenter with max value specified in the policy also fails with same error 
• Ex: Security.PasswordQualityControl= retry=3 min=disabled,disabled,disabled,disabled,17 max=26

vSphere Esxi 7.0.3

This issue occurs when vCenter is generating an internal service account password with a default length of 32 characters that exceeds the maximum length specified in the policy. In this case, ESXi will reject the password and prevent the change from being applied. Additionally, vCenter periodically updates the password for the 'vpxuser' account by generating a new password with a default max length of 32 characters. Since this new password exceeds the defined limit, it will be rejected by the ESXi host

To resolve this issue  implement below steps either on Esxi host or on vCenter Sever

• On Esxi Host:

1. Remove "max=xx" from the Esxi advanced option. To Navigate  Ref: Configuring advanced options for ESXi 
2. (OR) set "max=40" or higher in the advanced option.

• (OR) On vCenter Advanced settings. Ref: Configure Advanced Settings

         Set the vCenter config setting "vpxd.hostPasswordLength" to the max length value specified in the password policy