NSX-T Manager credentials are expired - logging in with admin to the NSX-T Managers prompts a change of password
 

SDDC Manager is unable to remediate credentials for the NSX-T Managers
 

Any API calls made to the NSX-T Managers using the proper credentials fail from the SDDC Manager, but work successfully from other sources.
 

The API Calls from SDDC Manager fail with the following errors:

{"module_name":"common-services","error_message":"The credentials were incorrect or the account specified has been locked.","error_code":403}

1. Connect to each of the NSX-T Managers behind the NSX-T Load Balancer via SSH.

2. Login with admin credentials.

3. Run the following commands on each of the NSX-T Managers:

set auth-policy api lockout-period 0
set auth-policy api lockout-reset-period 0

4. Run the REMEDIATE password operation from the SDDC Manager UI against the admin account for NSX-T Manager - This time the operation should complete successfully.
Wait 2 minutes for the password to sync across all the NSX-T Manager nodes.

5. (Optional) Run the REMEDIATE password operation from the SDDC Manager UI against the root account for NSX-T Manager.

6. Restore the lockout-period and lockout-reset-period values back to the original value across all the NSX-T Managers:

set auth-policy api lockout-period 900
set auth-policy api lockout-reset-period 900

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-DB31B304-66A5-4516-9E55-2712D12B4F27.html

Impact/Risks:
NONE: The process involves minimal configuration changes on the NSX-T Managers. There is no risk involved with these configuration changes.

This issue is being checked by Diagnostics for VMware Cloud Foundation.

The check is as follows:

• Product: SDDC
• Log File: operationsmanager.log
• Log Expression Check "The credentials were incorrect or the account specified has been locked"