NSX-T Password Validity Check Fails When Completing an Upgrade Precheck in SDDC-Manager
Article ID: 322189
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
Symptoms:
When completing an upgrade precheck in SDDC-Manager the NSX-T password validity check fails:
Impact - High: Password has expired and upgrade will fail due to this.
You will see the following in the /var/log/vmware/vcf/lcm/lcm-debug.log:
2021-06-17T19:10:20.089+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validation status for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: nsx.corp.local is SUCCEEDED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: nsx.corp.local is in -22 days
2021-06-17T19:10:20.090+0000 INFO [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK on resource id nsx.corp.local with status RED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: nsx.corp.local is VALID
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: nsx.corp.local is SUCCEEDED
2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: nsx.corp.local is in -22 days
2021-06-17T19:10:20.090+0000 INFO [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK on resource id nsx.corp.local with status RED
Note: This precheck will also fail if the password expiry is cleared using the command "clear user admin password-expiration".
Environment
VMware Cloud Foundation 4.x
Cause
This could be caused either due to account password already expired or the password expiry is set to 99999.
NSX-T does not support setting password expiry for root or admin to 99999, it can be set to a maximum period of 9999.
NSX-T does not support setting password expiry for root or admin to 99999, it can be set to a maximum period of 9999.
Resolution
Set password expiry for root and admin to 9999:
1. SSH to NSX-T VIP with admin credentials
2. Check password expiry for both root and admin accounts
get user admin password-expiration
3. If the password has expired or is set to 99999 use the following command to set password expiry to 9999
set user admin password-expiration 9999
4. Retry upgrade precheck in SDDC-Manager
Feedback
Yes
No
Powered by
