NSX-T Password Validity Check Fails When Completing an Upgrade Precheck in SDDC-Manager

NSX-T Password Validity Check Fails When Completing an Upgrade Precheck in SDDC-Manager

When completing an upgrade precheck in SDDC-Manager the NSX-T password validity check fails:
 
Impact - HIgh: Password has expired and upgrade will fail due to this. 

You will see the following in the /var/log/vmware/vcf/lcm/lcm-debug.log:
 
2021-06-17T19:10:20.089+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validation status for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: nsx.corp.local is SUCCEEDED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: nsx.corp.local is in -22 days
2021-06-17T19:10:20.090+0000 INFO  [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK  on resource id nsx.corp.local  with status RED

 
Note: This precheck will also fail if the password expiry is cleared using the command "clear user admin password-expiration". It is a known issue, please refer the KB SDDC manager falsely shows the password for NSXT component as expired for more information.
 
 
 Cause
NSX-T does not support setting password expiry for root or admin to 99999
NSX-T password expiry can be set to a maximum period of 9999
 
 
 Resolution

Set password expiry for root and admin to 9999:

1. SSH to NSX-T VIP with admin credentials

2. Check password expiry for both root and admin accounts

get user admin password-expiration


3. If the password has expired or is set to 99999 use the following command to set password expiry to 9999

set user admin password-expiration 9999


4. Retry upgrade precheck in SDDC-Manager

Version history
Revision #:
1 of 1
Last update:
‎09-04-2021 07:26 PM
Updated by: