NSX host upgrade failed with error: "Unexpected error while upgrading upgrade unit: Command CreateUser failed on host <UUID>.

Customer recently changed their ESXi password policy making it incompatible with the password policy of the NSX user (created by NSX manager on the host during upgrade).

This is due to password restrictions configured for creating nsxuser (for upgrade flow, NSX creates this user on ESXi). It creates password with 40 characters (lower and upper case alphanumeric with special characters). The ESXi password policy may have been modified such that it does not match the nsxuser password policy.

For example, in the following ESXi password policy there is a max value of 24 that is lower than the nsxuser password policy of 40 characters:

"Security.PasswordQualityControl" min=disabled,disabled,disabled,20,20 max=24

Note: The default ESXi password policy does not have a max value specified.

Ensure the ESXi password policy matches the nsxuser password policy with a length of 40 characters (including lowercase letters, uppercase letters, numbers, special characters). An enhancement to the current behavior is being worked.