Receiving repeated failed login event on NSX ALB from NSX Manager for nsx-lcm account. ALB is deployed using NSX manager UI.
USER_LOGIN occurred on object None in tenant admin as User nsxt-lcm login (Failure) from <IP> using API NSXT Version: 4.0.1.x
The nsxt-lcm user is created during the onboarding workflow used for deployment of Advanced Load Balancer (ALB) via the NSX manager. This user is not created if the ALB is deployed as an OVA using vCenter to deploy the OVA. The user does not utilize a password. This user employs authentication tokens for system login.
These authentication tokens are created for a duration of 45 minutes and used to fetch cluster information as well as configurations done in ALB via NSX. The authentication tokens are refreshed periodically, and older tokens are deleted in the process. This is by design. The account does not show up in the NSX manager GUI since it this user is specific to the ALB.
The delete operation should be executed only by the leader manager node. However, all three nodes are deleting the token. The old token is deleted in one node and hence the other two nodes received an error when reach out to the controller using the token.