We are unable to reset password for a user using the passwd command.

Attempting to change the password with the command results in the following error:
 
Password has already been used. Choose another.
passwd: Authentication token manipulation error
passwd: password unchanged

The underlying cause has been resolved in VCF 4.3

However, if the file sections were already in an incorrect order, the update would not resolve that -- that would still require manual intervention with the steps mentioned in the Workaround section.

Workaround:
- SSH to the SDDC Manager
- Make a copy of the system-password file:

cp /etc/pam.d/system-password /home/vcf/system-password.copy

- Edit the file /etc/pam.d/system-password.

The file should look like this (including the actual order of the lines):

# Begin /etc/pam.d/system-password

# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module

password required pam_pwquality.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8 minclass=4 difok=4 retry=3 maxsequence=0 enforce_for_root
password required pam_pwhistory.so enforce_for_root use_authtok remember=5 retry=3
password required pam_unix.so sha512 use_authtok shadow try_first_pass

# End /etc/pam.d/system-password

- Save the file 
- Attempt the password reset operation again

Minimal: Make a copy of the /etc/pam.d/system-password file prior to making any changes to it.
Since we are making changes to a system configuration file, a local copy of the file is advised.