SSO log file: C:\ProgramData\VMware\vCenterServer\logs\sso\vmware-sts-idmd.log [2017-10-15T12:19:28.148+07:00 vsphere.local e18baecc-2ce5-479a-adec-1bcbef603cdb ERROR] [IdentityManager] Failed to authenticate principal [tuyendq@vsphere.local]. User password expired. [2017-10-15T12:19:28.148+07:00 vsphere.local e18baecc-2ce5-479a-adec-1bcbef603cdb INFO ] [IdentityManager] Authentication failed for user [tuyendq@vsphere.local] in tenant [vsphere.local] in [15] milliseconds with provider [vsphere.local] of type [com.vmware.identity.idm.server.provider.vmwdirectory.VMwareDirectoryProvider] [2017-10-15T12:19:28.148+07:00 vsphere.local e18baecc-2ce5-479a-adec-1bcbef603cdb ERROR] [ServerUtils] Exception 'com.vmware.identity.idm.PasswordExpiredException: User account expired: {Name: tuyendq, Domain: vsphere.local}' com.vmware.identity.idm.PasswordExpiredException: User account expired: {Name: tuyendq, Domain: vsphere.local} at com.vmware.identity.idm.serve
Practice until you can't make it wrong.