VMware NSX 

• Password expiration (90 days by default) was introduced in NSX-T 2.4.0, because of security requirements.
  
  
• By default, password expiration is configured for 90 days.
  Since 2.4.0 Password Policy Enhancements: Enforces minimum password length of 12 characters for default passwords. Introduces ability to set password expiration times and generates alarms when password is about to expire.
• For more details regarding password expiry please see (Modifying the Default Admin Password Expiration)

• The password for root can be set from the admin login by using the command below
• This works if the admin login is accessible and the root password is known.
  
  set user <username> password [<password> [old-password <old-password>]
• If the admin login is unavailable but the root password is known, direct connection (SSH) to the Manager/Edge as root will trigger a reset where password can be reset.
• If the root password and admin password are unknown then to reset the root password of NSX manager/Edge, you need to follow the steps described in the document below,
• In this step, a reboot of the NSX appliance is required and the password can be reset by editing the GRUB boot menu during the reboot process
• Kindly refer to the documentation here :- Resetting the Passwords of an Appliance
  
  
• Post resetting the root/admin password via GRUB boot menu, the password expiry can be extended from default 90 days to 9999 days
  • Login to the NSX manager or Edge as user admin via PuTTY/SSH and run the following commands
    
    set user root password-expiration 9999
set user admin password-expiration 9999
    
    

• Once the password is changed on one NSX appliance, to have that changed password synchronized globally to the remaining two managers in the cluster, follow the steps below.

1. • Log in to the specific NSX Manager node via SSH or Console as root.

   • Enter your current password and then it prompts for new password, once completed the root password is changed successfully

   • Stop the Management Plane API service: /etc/init.d/nsx-mp-api-server stop
     
     Note: If resetting the password on an NSX Edge node, use the following commands instead:_ `/etc/init.d/nsx-edge-api-server stop` ` /etc/init.d/nsx-edge-api-server start`
     

   • Create the trigger file that will be used to propagate the new password to the other NSX Manager Nodes: touch /var/vmware/nsx/reset_cluster_credentials

   • Restart the API service: /etc/init.d/nsx-mp-api-server start

   • Switch to the admin account : su - admin

   • Run the command start search resync all
   • Wait for 2-3 minutes.
   • Log into other 2 managers with root and with the same root password that is set on 1st manager

In case if the password do not get synced across the other NSX manager nodes, follow the KB here NSX credentials are not being synchronized between NSX Managers after manual password reset.

Reference doc to reset the password via Grub Boot Menu: Resetting the passwords of an Appliance
Here is the KB about enabling the ssh and root login on the NSX appliance :- https://knowledge.broadcom.com/external/article/324233/