Back up the /etc/security/faillock.conf file for the appliance by running the following command.

cp -p /etc/security/faillock.conf /etc/security/faillock.conf-`date +%F_%H:%M:%S`.back

Configure the maximum number of failed log-in attempts by running the following command.

sed -i 's/^\s*#*\s*deny\s*=\s*[0-9]\+/deny=<your_value>/g' /etc/security/faillock.conf

Configure the unlock time for the root account by running the following command.

sed -i 's/^\s*#*\s*root_unlock_time\s*=\s*[0-9]\+/root_unlock_time=<your_value>/g' /etc/security/faillock.conf

Change the unlock time for all other local accounts by running the following command.

sed -i 's/^\s*#*\s*unlock_time\s*=\s*[0-9]\+/unlock_time=<your_value>/g' /etc/security/faillock.conf

Verify the configuration of the desired values by running the following command.

cat /etc/security/faillock.conf

Repeat the procedure for the remaining VMware Aria Automation appliances.

Replace the values in the sample code and run the commands.

$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" 
$sddcManagerUser = "[email protected]" 
$sddcManagerPass = "VMw@re1!" 

$maxFailures = "5" 
$unlockInterval = "900" 
$rootUnlockInterval = "900"

Request-AriaLocalUserAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vra

To configure the local user account lockout policy, run the command.

Update-AriaLocalUserPasswordAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vra -failures $maxFailures -unlockInterval $unlockInterval -rootUnlockInterval $rootUnlockInterval 

Run the command in Step 3 to get the updated configuration.