This issue is resolved in vCenter Server 6.0 Express Patch 01. For more information, see
Full Patch for VMware vCenter Server 6.0 (2111640).
To work around this issue, change the
Maximum Lifetime value from
0 to
9999.
To change the Maximum Lifetime value via the vSphere Web Client from one of the vCenter Servers (Appliance or Windows) that was successfully upgraded:
- Log in to the vSphere Web Client as the SSO administrator ([email protected]).
- Click Administration.
- Click Configuration under Single Sign-On:
- Click Policies > Edit.
- Change the Maximum Lifetime value from 0 to 9999.
- Click OK.
To change the Maximum Lifetime value via command line using ldifde (Windows) or ldapmodify (VCSA):
For the vCenter Server Appliance running in an embedded configuration or with an External Platform Services Controller:
- Open an SSH connection to the vCenter Server Appliance
- Change the Maximum Lifetime value to 9999:
/Opt/likewise/bin/ldapmodify –h HOST –Y SRP –U [email protected] –W <<EOF<br>dn: cn=password and lockout policy,dc=vsphere,dc=local
changetype: modify
replace: vmwPasswordLifetimeDays
vmwPasswordLifetimeDays: 9999
EOF
For the Windows vCenter Server running in an embedded configuration or with an External Platform Services Controller:
- Open an elevated command prompt.
- Create a temporary directory by running the command:
mkdir c:\temp
- Change directories by running the command:
cd c:\temp
- Create the
AdministratorMaximumChange.ldif
file in Notepad by running the command:
notepad AdministratorMaximumChange.ldif
- Copy and paste the content below into the file:
dn: cn=password and lockout policy,dc=vsphere,dc=local
changetype: modify
replace: vmwPasswordLifetimeDays
vmwPasswordLifetimeDays: 9999
- To modify the user account control configuration and password expiration using the files created earlier in this procedure, run these commands:
Note: If the ldifde
executable is not available, run this command to install:
Servermanagercmd -i RSAT-ADDS-Tools
Note: The Servermanagercmd has been deprecated, and is not available in Windows Server 2012. For more information, see Microsoft TechNet.
Note: The preceding link was correct as of July 15, 2019. If you find the link is broken, provide feedback and a VMware employee will update the link.
- To modify the password expiration, run the command:
ldifde -i -f AdministratorMaximumChange.ldif -s localhost -t 389 -a "cn=Administrator,cn=Users,dc=vsphere,dc=local" *
When prompted, enter the password for [email protected]
.
Once the Maximum Lifetime is set to a value other than 0, perform the upgrade or install again.