WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / vSphere / Changing "Password will expire in X days" notification for Active Directory users in vSphere Web/H5 Client

Changing "Password will expire in X days" notification for Active Directory users in vSphere Web/H5 Client

11.17.2017 by William Lam // 1 Comment

When logging into the vCenter Server using either the vSphere Web (Flex) or H5 Client, one of the validation checks that is automatically performed by the server is to check the current users password expiry. If you account expiry is less than the current password expiry configuration, then you will see the yellow notification pop up at the top stating:

Password will expire in X days

This is definitely a helpful feature to have automatically built into the vSphere UI and the default expiry actually depends on the type of user logging into the system. This last part is sometimes confusing as folks mix up the default Single Sign-On User Expiry with the Active Directory user expiry which is completely different.

Single Sign-On Users

For SSO Domain (vsphere.local by default) users, the password expiry AND notification by default is 90 days. This can be configured in the vSphere Web Client under Administration->Single Sign-On->Configuration->Password Policy as shown in the screenshot below. For those wanting to automate this configuration, there is currently not an SSO Admin API, but there are some options, have a look at this blog post here.

Active Directory Users

If you are logging in as an Active Directory user, the password expiry notification by default is 30 days but the actual password expiry will obviously depend on your Active Directory system. If you want to change the expiry notification in case your expiry is not 30 days or you wish to notify sooner or later, this is actually controlled by the vSphere Web and H5 Client.

To change the default, you will need to update the following variable:

sso.pending.password.expiration.notification.days = 30

In either:

Web Client - /etc/vmware/vsphere-client/webclient.properties
H5 Client - /etc/vmware/vsphere-ui/webclient.properties

and then restart the vSphere Web and/or H5 Client for the changes to take affect. This can be done using the vSphere Web/H5 Client itself under the Services or you can perform this via the CLI since you are already logged into the VCSA by running one of the following:

Web Client:

service-control --stop vsphere-client
service-control --start vsphere-client

H5 Client:

service-control --stop vsphere-ui
service-control --start vsphere-ui

Note: This is also applicable to the Windows vCenter Server but I do not have their webclient.properties path handy, you can simply do a search on the filesystem.

Local OS Users

Lastly, to be complete, there are also local OS users such as the root account which also has a default password expiry, which is 365 days. To change the expiry settings, you will need to login to the VAMI UI under the Administration tab. For more information, check out the documentation here.

More from my site

  • Automating Active Directory Identity Source & Default Domain in vSphere Web Client
  • How to Add/Remove vCenter SSO Identity Sources Using the Command-Line for Windows vCenter Server & VCSA
  • Specifying Default Domains for vSphere Web Client Login
  • vYetti - Fun animated vSphere Login UI customization
  • Automating Cross vCenter vMotion (xVC-vMotion) between the same & different SSO Domain

Categories // vSphere, vSphere Web Client Tags // active directory, HTML5, sso, vsphere web client

Comments

  1. *protectedqqq says

    08/14/2020 at 4:52 am

    Fantastic! 🙂

    Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...