By default NSX-T passwords have a 90 day expiration that applies to the NSX-T managers as well as the Edge nodes.
This is something a lot of people are not aware of and often when logging in especially to the Edge nodes you get a password expiry message.
The message alters slightly depending on whether you connect via ssh or via the console. From the console it looks like this.
From an SSH session.
Last login: Mon Dec 21 14:06:15 2020 from 192.168.10.200 NSX CLI (Edge 188.8.131.52.0.17107177). Press ? for command list or enter: help DCA-MulNSXT-ESG01> set user admin password-expiration 1 DCA-MulNSXT-ESG01> You are required to change your password immediately (password aged) * TIPS: To reconfig management interface, please refer to these CLIs 1) stop service dataplane 2) set interface interface-name vlan vlan-id plane mgmt (for creating vlan sub-interface) 3) set interface interface-name ip x.x.x.x/24 gateway x.x.x.x plane mgmt (for static ip) set interface interface-name dhcp plane mgmt (for dhcp) 4) start service dataplane To config in-band management interface, please refer to these CLIs 1) set interface mac mac-addr vlan vlan-id in-band plane mgmt 2) set interface eth0.vlan ip x.x.x.x/24 gateway x.x.x.x plane mgmt (for static ip) set interface eth0.vlan dhcp plane mgmt (for dhcp) Last login: Mon Dec 21 18:16:19 2020 from 192.168.10.200 WARNING: Your password has expired. You must change your password now and login again! Changing password for admin. (current) UNIX password:
To reset the password simply type in the current password then enter a new password twice when prompted, if you are connected via SSH its likely that you will be disconnected after the password change.
Manually change a users password
You can manually set the password for users by running “set user admin/audit/root password” then enter the current users password then the new one twice when promtped.
DCA-MulNSXT-ESG01> set user admin password Current password: New password: Confirm new password: DCA-MulNSXT-ESG01>
Check password expiration
To check a users password expiration time setting type “get user admin/audit/root password-expiration”
DCA-MulNSXT-ESG01> get user admin password-expiration Wed Dec 23 2020 UTC 16:38:51.380 Password expires 90 days after last change. Current password will expire in 90 days.
Set password expiration
To set the password expiration time type “set user admin/audit/root password-expiration 1-9999 for instance to set the admin users password to expire after 10 days they “set user admin password-expiration 10
DCA-MulNSXT-ESG01> set user admin password-expiration 10
Set no password expiration
To set passwords to never expire type “clear user admin/audit/root password-expiration”
DCA-MulNSXT-ESG01> clear user admin password-expiration DCA-MulNSXT-ESG01> get user admin password-expiration Wed Dec 23 2020 UTC 16:44:56.671 Password expiration not configured for this user
To change a users username type “set user admin/audit/root username xxxx” for example “set user audit username audit1”