The issue is resolved in the updated/reposted NSX for vSphere 6.3.3, 6.3.4 releases and newer versions of NSX for vSphere, available at
VMware Downloads.
As a workaround for the existing NSX-v 6.3.3/6.3.4 deployments, and to avoid encountering this issue while upgrading to newer versions of NSX for vSphere, VMware developed a signed script that sets the password for user accounts on the Controller to never expire and if the password has already expired, it will reset the password to the one set by user during initial Controller deployment.
The workaround requires two signed scripts to be executed sequentially using REST API call to NSX Manager.
Download the attached
signed_bsh_download_jar.encoded and
signed_bsh_passwd_expiry_napi.encoded files.
Notes:
Run the following POST calls on NSX Manager:
- Confirm IP connectivity from NSX Manager to all the NSX Controllers using the ping command. Proceed only after the IP connectivity is established.
- Method: POST
URL: https://NSXMGR_IP/api/1.0/services/debug/script
Authentication: Basic authentication (Username : admin)
Headers: content-type - application/xml
Body : copy contents of the attached file signed_bsh_download_jar.encoded.
Expected Response: 200
Note: During copy/paste of the contents into the body, ensure no extra line/characters get added at the end to run the API successfully. Proceed to step-3 only if the response is 200. File a support request with VMware support if the API call fails after multiple attempts. For more information, see How to file a Support Request in Customer Connect (2006985).
- Method: POST
URL: https://NSXMGR_IP/api/1.0/services/debug/script
Authentication: Basic authentication (Username : admin)
Headers: content-type - application/xml
Body : copy contents of the attached file signed_bsh_passwd_expiry_napi.encoded.
Expected Response: 200
Note: As a part of Step 3, the script will set a temporary password on the Controller, log in to the root shell and change the password for the user account back to the original password set during initial Controller deployment. If any or all of the Controllers are re-deployed, repeat the preceding steps again.