Now that 5.5 has been out a while and many of you have been making the move to the VMware vCenter Virtual Appliance (a.k.a. VCSA), here’s a friendly reminder to check the password expiration of the root account on the virtual appliance! If you’ve been following my blogs, you’ll remember in Part 2 of the “Virtual Appliances getting more secure with vSphere 5.5” series, I HIGHLY recommended that you check root password expiration ASAP!

The VCSA root password is set to expire 90 days from deployment time. Go to Part 2 of the series to find out how to set your expiration to a longer date. Note that from the VAMI interface, you can supply an email address to notify 7 days prior to expiration of the password. Don’t miss updating this step! Log into the VAMI web interface via https://<vcsa FQDN or IP>:5480. Go to the Admin tab and update whether the password expires, for how long and what email address to notify. Make sure your SMTP configuration works correctly.

Screen Shot 2014-01-06 at 11.23.21 AM

[Update] There has been a KB released on 10-Jan-2014 for those that may be locked out of their appliance or want to disable the forced lockout. I urge you to review KB2069041


About the Author

Mike Foley

Mike Foley is a Staff Technical Marketing Architect for vSphere Security at VMware. His primary goal is to help IT Admins build more secure platforms that stand up to scrutiny from security teams with the least impact to IT Operations. Mike is also the current author of the vSphere Security Configuration (formerly Hardening) Guide. Previously, Mike was on the evangelist team at RSA where he concentrated on virtualization and cloud security. Mike was awarded a patent (8,601,544) in December 2013 for dual-band authentication using the virtual infrastructure Mike has a personal blog at and contributes to the VMware vSphere and Security blogs as well. Follow him at @vSphereSecurity on Twitter