After the SDDC Manager is upgraded to 4.5, a new status column is visible for all the components in the password management tab. The status can be Active, Disconnected or Expired.
This article covers why some acounts for componentas has the status of ? --

Symptoms:
After upgrading the SDDC Manager to 4.5, the password status for accounts of some components changes to ? -- in the password management tab.

Note: The below snippet is taken from lab environment to display how the status appears as ? --

Vmware Cloud Foundation 4.5

• A status of ? -- indicates that the SDDC Manager is unable to fetch information regarding the expiration of these accounts. There is a scheduled job that runs daily to fetch the latest expiration details of all accounts.

• For service accounts and vcfadmin@local, the Status is never shown by the SDDC Manager as Active, and is always displayed as ? --. This is because the service accounts do not have an expiration date.

• Check passwords via cli

1. ssh to SDDC Manager with vcf account and switch to root using su
2. Run the command lookup_passwords to pull the passwords for the resource type like NSXT_EDGE / NSXT_MANAGER

 

• Check password via API

1. Connect to SDDC Manager UI
2. Click on Developer Center > API Explorer > API for Managing Credentials > Get /v1/credentials
3. Provide the resource_type details and click execute
4. Download the JSON

 

• Validate the credentials gathered from the above steps are the actual passwords in the Environment
• If passwords are matching then Remediate the same password in SDDC Manager Password Management.

 

Impact/Risks:
This status has no impact on the environment, and is safe to ignore.