By default, the vCenter Single Sign-On password expires every 90 days. To prevent unexpected expiration, the vSphere Client issues a warning when the password is about to expire, however, if you find yourself in a situation where you cannot recall the password or the password has expired, it can be reset. The reset process is performed from an SSH session to vCenter.
Reset SSO Administrator Password
To begin, SSH to the vCenter Server Appliance and log in with the root account.
Next, enable BASH shell access and launch BASH.
shell.set –enabled true
shell
With BASH launched, we will run the vdcadmintool to reset the SSO account password.
/usr/lib/vmware-vmdir/bin/vdcadmintool
Select option 3 to Reset account password.
Enter the Account UPN. After hitting enter, a new password is automatically generated.
NOTE – The account format is SSOusername@vsphereDomain.local. Typically, the account is administrator@vsphere.local.
Navigate back to the vSphere Web Client and log in with the newly generated password.