VMware vCenter: user@vsphere.local password expired - Authentication Failure

SSO log file: C:\ProgramData\VMware\vCenterServer\logs\sso\vmware-sts-idmd.log

[2017-10-15T12:19:28.148+07:00 vsphere.local        e18baecc-2ce5-479a-adec-1bcbef603cdb ERROR] [IdentityManager] Failed to authenticate principal [tuyendq@vsphere.local]. User password expired.
[2017-10-15T12:19:28.148+07:00 vsphere.local        e18baecc-2ce5-479a-adec-1bcbef603cdb INFO ] [IdentityManager] Authentication failed for user [tuyendq@vsphere.local] in tenant [vsphere.local] in [15] milliseconds with provider [vsphere.local] of type [com.vmware.identity.idm.server.provider.vmwdirectory.VMwareDirectoryProvider]
[2017-10-15T12:19:28.148+07:00 vsphere.local        e18baecc-2ce5-479a-adec-1bcbef603cdb ERROR] [ServerUtils] Exception 'com.vmware.identity.idm.PasswordExpiredException: User account expired: {Name: tuyendq, Domain: vsphere.local}'
com.vmware.identity.idm.PasswordExpiredException: User account expired: {Name: tuyendq, Domain: vsphere.local}
at com.vmware.identity.idm.server.provider.vmwdirectory.VMwareDirectoryProvider.checkUserAccountFlags(VMwareDirectoryProvider.java:1351)
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2785)
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:9128)
at sun.reflect.GeneratedMethodAccessor39.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)
at sun.rmi.transport.Transport$2.run(Transport.java:202)
at sun.rmi.transport.Transport$2.run(Transport.java:199)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:198)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:567)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:828)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.access$400(TCPTransport.java:619)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:684)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:681)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:681)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)

Local users created in VMware vCenter Single Sign-On 6.0 fail to log in after modifying the maximum lifetime value for password expiration (2125495)

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2125495

Resetting the vCenter SSO administrator password (2034608)
MUST logon as built-in Administrator account to reset password

Error: "VmDirForceResetPassword failed" while resetting the SSO administrator password using vdcadmintool (2144902)