NSX-T Manager account has been locked


Had a problem today trying to access via the UI to an NSX-T Manager with admin user, received the following error message:

Your login attempt was not successful.
The username/password combination is incorrect or the account specified has been locked.

SHH also gave me errors (If you can’t SSH, don’t forget to test a console session to the VM)

To fix this issue i logged in via SSH as root and reset the admin user password by running the following commands (Note to self, need to be in the NSX CLI):

root@nsxmgr-01:/# su admin

set user admin

Current password: Type the OLD password
New password: enter new password
Confirm new password: re-type new password to confirm

This then allowed access via the UI web interface

It is also possible to modify the default admin password expiration using the following command:

nsxcli> get user admin password-expiration 
nsxcli> set user admin password-expiration <1 - 9999>

To remove the password expiration policy on any NSX Manager simply typing the following command:

nsxcli> clear user audit password-expiration

Hope this helps someone, let know

Some examples of the commands i’d used:

vcf-m1-nsx3> set user admin password-expiration 9999
vcf-m1-nsx3> clear user audit password-expiration

root@vcf-m1-en01:~# set user admin password-expiration 9999

root@vcf-m1-en01:~# set user root password-expiration 9999
root@vcf-m1-en01:~# set user audit password-expiration 9999

nsx-mgt1> clear user admin password-expiration
nsx-mgt1> clear user root password-expiration
nsx-mgt1> clear user audit password-expiration

get user admin password-expiration 

Pam tally 2 is a useful command
pam_tally2 --user root --reset

One response to “NSX-T Manager account has been locked”

  1. Matt Avatar

    Great article! Expiring passwords has been the biggest challenge for VCF, especially the NSX passwords.

Leave a Reply

Your email address will not be published. Required fields are marked *