NSX-T Password Validity Check Fails When Completing an Upgrade Precheck in SDDC-Manager
Article ID: 322189
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
Symptoms:
When completing an upgrade precheck in SDDC-Manager the NSX-T password validity check fails:
You will see the following in the /var/log/vmware/vcf/lcm/lcm-debug.log:
When completing an upgrade precheck in SDDC-Manager the NSX-T password validity check fails:
Impact - HIgh: Password has expired and upgrade will fail due to this.
You will see the following in the /var/log/vmware/vcf/lcm/lcm-debug.log:
2021-06-17T19:10:20.089+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validation status for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: nsx.corp.local is SUCCEEDED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: nsx.corp.local is in -22 days
2021-06-17T19:10:20.090+0000 INFO [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK on resource id nsx.corp.local with status RED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: nsx.corp.local is SUCCEEDED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: nsx.corp.local is in -22 days
2021-06-17T19:10:20.090+0000 INFO [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK on resource id nsx.corp.local with status RED
Note: This precheck will also fail if the password expiry is cleared using the command "clear user admin password-expiration". It is a known issue, please refer the KB SDDC manager falsely shows the password for NSXT component as expired for more information.
Environment
VMware Cloud Foundation 4.x
Cause
This could be caused either due to account password already expired or the password expiry is set to 99999.
NSX-T does not support setting password expiry for root or admin to 99999, it can be set to a maximum period of 9999.
NSX-T does not support setting password expiry for root or admin to 99999, it can be set to a maximum period of 9999.
Resolution
Set password expiry for root and admin to 9999:
1. SSH to NSX-T VIP with admin credentials
2. Check password expiry for both root and admin accounts
get user admin password-expiration
3. If the password has expired or is set to 99999 use the following command to set password expiry to 9999
set user admin password-expiration 9999
4. Retry upgrade precheck in SDDC-Manager
Feedback
Yes
No
Powered by
