NSX-T user accounts created on an ESXi host when NSX-T VIBs are installed
book
Article ID: 324186
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
The following list of users are automatically created on an ESXi host when NSX-T VIBs are installed and therefore prepared as a transport node:
nsx-user: This user is used for nsx-opsagent to invoke VIM API calls to the hostd agent on the ESX specifically for Layer 2 configuration (create / update of hostswitch configuration, port configuration, etc). NSX logs may refer to this user in logs as nsxuser, please note it is referring to this user.
da-user: This user is used to collect inventory of ESX (VMs, NICs, etc).
mux-user: This user is used for reading/writing into namespace db. For that purpose permission to Host.Local.ReconfigVM is provided for the user.
lldpVim-user: This user is used by lldp app in nsx-opsagent to get lldp neighbor information from hostd
The password generation for all these users is as per the password policy required by ESX:
A valid password should be a mix of upper and lower case letters, digits, and other characters. The password can include characters from 4 character classes (upper case, lower case, digits, special chars). And the password length should be 40 characters.
The password is generated based on the above guidelines during user creation when the corresponding agent starts up and is never stored anywhere. There isn't an option today to manually manage these passwords.