NSX-T password expired SDDC Manager rotation fails

With VMware Cloud Foundation password management of SDDC components is handed off to the SDDC manager.  The SDDC manager can rotate the passwords for VMware components such as ESXi, Virtual Centre and NSX-T.  A very useful feature and a great way. of keeping admin and root accounts secure in the infrastructure.  So what happens when the rotation is perhaps missed and the NSX-T password does expire?

This is exactly the situation i’d found myself in.  The NSX-T manager policies caused an expiration of the passwords for the root and admin accounts.  This in turn meant that password rotation scripts from the SDDC manager would not run.  Now by logging onto the managers via SSH the accounts prompt for password resets, but wouldn’t that break the SDDC manager? How do I avoid breaking the SDDC manager?

We should be able to reset the passwords via SSH and then set them back to what the SDDC manage expects for password rotation.

This is the error i was getting:

First i’d checked what SDDC thought the password was set too for NSX via SSH to the SDDC manager, using the lookup_passwords command:

This wasn’t the same password as was set and working in NSX-T, so i’d changed the admin password and the root password using the following process:

First the root user, important that you logon as admin when you SSH to NSX:

when the NSX CLi has loaded run the following command:

set user root password NewP@ssword1234 old-password OldP@ssword1234

Optional:
set user root password-expiration 365
get user root password-expriation
clear user root password-expriation
get user root password-expriation

to change the admin password use the following command:

set user admin password NewP@ssword1234

Reminder do not change the root password like this:

Didn’t work for me, the password kept getting set back to the original

Leave a Reply

Your email address will not be published.