This is a known issue, which will be resolved in future release of NSX.

For a workaround that resolves the issue for LDAP and local users, use only special characters defined in ISO-8859-1 character set in usernames and passwords:

!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~

If a username or password cannot be changed, an alternative workaround will allow correct processing of all special characters for LDAP users. This workaround will not fix the issue for local user. 

1. SSH into the NSX Manager as root
2. Back up the configuration file:
   cp /opt/vmware/proxy-tomcat/webapps/ROOT/WEB-INF/web.xml /root
3. Edit the file:
   1. Find the section that reads:
      <!-- Initializes API leader manager -->
<listener>
        <listener-class>com.vmware.nsx.management.api.leader.ApiLeaderInitializationListener</listener-class>
</listener>
   2. After that section, add the following block:
      <filter>
        <filter-name>encodingFilter</filter-name>
<filter-class>
        org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
        <param-name>encoding</param-name>
        <param-value>UTF-8</param-value>
</init-param>
<init-param>
        <param-name>forceEncoding</param-name>
        <param-value>false</param-value>
</init-param>
</filter>
<filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>
   3. Save the file. 
4. Restart the NSX Manager's authentication service:
   su admin "restart service auth"
5. Repeat these steps on all remaining NSX managers.

In relation to the workaround, please note the following:

• If the workaround is in place, please note that after the Managers will have been upgraded, the upgrade will overwrite the workaround, and it needs to be configured again.
• Also, if a Manager is replaced/re-deployed, workaround needs to be introduced again.
• Restart of Manager's authentication service doesn't impact NSX data plane.