VMware NSX-T has a preconfigured password expiration policy of 90 days. When the password expiration day is near, a notification is displayed in the Web interface. There are 3 preconfigured local users: admin, audit, and root. All passwords have to be changed after 90 days. This article explains how to remove the password expiration.
The password for local user 'admin' will expire in [x] days.
The password for local user 'root' will expire in [x] days.
The password for local user 'audit' will expire in [x] days.
Please keep in mind that not only the password for NSX-T Manager expires, but also for Edge Transport Nodes (Edge VMs). When the password has expired, some functions (API / Web-Interface Login) is no longer possible, so make sure you either change the password regularly or remove the expiration policy.
The following commands can be used to remove the password expiration policy. If you have multiple manager appliances, the commands only need to be executed on one node.
- Connect to the NSX-T Manager with SSH
- Login as admin
- Run clear user [username] password-expiration
nsx-mgt1> clear user admin password-expiration nsx-mgt1> clear user root password-expiration nsx-mgt1> clear user audit password-expiration
- Verify password expiration with get user [username] password-expiration
nsx-mgt1> get user admin password-expiration Password expiration not configured for this user
Don't forget your Edge VMs. You can remove the policy with the same commands.