NSX-T Password Validity Check Fails When Completing an Upgrade Precheck in SDDC-Manager
search cancel

NSX-T Password Validity Check Fails When Completing an Upgrade Precheck in SDDC-Manager

book

Article ID: 322189

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

Symptoms:
When completing an upgrade precheck in SDDC-Manager the NSX-T password validity check fails:
 

The following log snippets will be observed in /var/log/vmware/vcf/lcm/lcm-debug.log:
 

YYYY-MM-DDTHH:MM:SSZ DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-####-####-####-##########a5,resourceType=NSX_T,resourceId=<NSX-FQDN>] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validation status for API credential type of resource: <NSX-FQDN> is VALID
YYYY-MM-DDTHH:MM:SSZ DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-####-####-####-##########a5,resourceType=NSX_T,resourceId=<NSX-FQDN>] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: <NSX-FQDN> is VALID
YYYY-MM-DDTHH:MM:SSZ DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-####-####-####-##########a5,resourceType=NSX_T,resourceId=<NSX-FQDN>] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: <NSX-FQDN> is SUCCEEDED
YYYY-MM-DDTHH:MM:SSZ DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-####-####-####-##########a5,resourceType=NSX_T,resourceId=<NSX-FQDN>] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: <NSX-FQDN> is in -22 days
YYYY-MM-DDTHH:MM:SSZ INFO  [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-####-####-####-##########a5,resourceType=NSX_T,resourceId=<NSX-FQDN>] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK  on resource id <NSX-FQDN>  with status RED
 
Note: This precheck will also fail if the password expiry is cleared using the command "clear user admin password-expiration". 
 



Environment

  • VMware Cloud Foundation 4.x
  • VMware Cloud Foundation 5.x

Cause

This could be caused either due to account password already expired or the password expiry is set to 99999.
NSX-T does not support setting password expiry for root or admin to 99999, it can be set to a maximum period of 9999.
 

Resolution

Set password expiry for root and admin to 9999:

1. SSH to NSX-T VIP with admin credentials

2. Check password expiry for both root and admin accounts

get user admin password-expiration


3. If the password has expired or is set to 99999 use the following command to set password expiry to 9999

set user admin password-expiration 9999


4. Retry upgrade precheck in SDDC-Manager

Powered by Wolken Software