Quick Tip: Remove NSX-T Password Expiration

VMware NSX-T has a preconfigured password expiration policy of 90 days. When the password expiration day is near, a notification is displayed in the Web interface. There are 3 preconfigured local users: admin, audit, and root. All passwords have to be changed after 90 days. This article explains how to remove the password expiration.

The password for local user 'admin' will expire in [x] days.
The password for local user 'root' will expire in [x] days.
The password for local user 'audit' will expire in [x] days.

Please keep in mind that not only the password for NSX-T Manager expires, but also for Edge Transport Nodes (Edge VMs). When the password has expired, some functions (API / Web-Interface Login) is no longer possible, so make sure you either change the password regularly or remove the expiration policy.

The following commands can be used to remove the password expiration policy. If you have multiple manager appliances, the commands only need to be executed on one node.

  1. Connect to the NSX-T Manager with SSH
  2. Login as admin
  3. Run clear user [username] password-expiration

    nsx-mgt1> clear user admin password-expiration
    nsx-mgt1> clear user root password-expiration
    nsx-mgt1> clear user audit password-expiration
  4. Verify password expiration with get user [username] password-expiration
    nsx-mgt1> get user admin password-expiration
    Password expiration not configured for this user

Don't forget your Edge VMs. You can remove the policy with the same commands.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.