After a number of failed login attempts, you see this symptom:

The NSX-T Manager or Edge node automatically locks out.

VMware NSX-T

By default, the lockout is triggered after 5 failed attempts and the lockout period is 900 seconds (15 minutes).

The NSX lockout policy is a security feature that disables a user account when a certain number of failed login attempts occur due to wrong passwords within a certain interval of time.

Notes:

• During a lockout period, if a failed login attempt occurs, the lockout period will reset.
• After the lockout period expires (without any failed login attempts), the account is automatically unlocked.

1. The account lockout policy can be checked using this command:
   
   get auth-policy cli lockout-period
   
   
2. To set the lockout period, use the set auth-policy cli lockout-period command.
   
   For example, to set the lockout period to 2 minutes (120 seconds):
   
   set auth-policy cli lockout-period 120
   
   
3. You can also set the Number of authentication failures to trigger lockout with this command.
   
   For example, setting it to two failed attempts:
   
   set auth-policy cli max-auth-failures 2

Note:  All commands provided above are run at the central CLI of an NSX Manager or Edge Node, using the 'admin' account for access.