Avoid password expiry on NSX managers and edges

From Notes_Wiki

Home > VMWare platform > VMWare NSX > Avoid password expiry on NSX managers and edges

Increase no of days to password expiry

To avoid automatic password expiry for root, audit and admin users on both NSX manager and Edges use:

  1. SSH to manager using individual IP (not cluster IP) using admin credentials
  2. Run following commands to prevent password-expiration for the three accounts:
    set user admin password-expiration 9999
    set user audit password-expiration 9999
    set user root password-expiration 9999
    Setting value to 9999 might be better then disabling password expiry all together as some checks might require password expiry to be enabled.
  3. Validate settings have taken effect:
    get user admin password-expiration
    get user audit password-expiration
    get user root password-expiration
  4. Do the same for the Edges


Reset admin or audit passowrd

If root password is expired we can still login into console with old expired password. Immediately after login we would be forced to change the expired password.

Root password can be reset, if forgotten, as explained at:

If we have working root password and we want to reset audit/admin password then:

  1. Login into NSX manager (Any one)
  2. Run:
    /etc/init.d/nsx-mp-api-server stop
    passwd admin
    passwd audit
    touch /var/vmware/nsx/reset_cluster_credentials
    /etc/init.d/nsx-mp-api-server start
  3. Then also do
    su - admin
    set user admin password
    <Enter old and new passwords. Here old password is the one set in above steps>
  4. Reboot at least one of the three network managers
    shutdown -r now
  5. After network manager finishes rebooting, try the web login in a Incognito browser



Home > VMWare platform > VMWare NSX > Avoid password expiry on NSX managers and edges