The audit user account on NSX Manager may display an incorrect password expiry status, indicating that the password is long expired (e.g., "Current password expired ##### days ago"), even after the password has been successfully changed.
search cancel

The audit user account on NSX Manager may display an incorrect password expiry status, indicating that the password is long expired (e.g., "Current password expired ##### days ago"), even after the password has been successfully changed.

book

Article ID: 411591

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • When checking the audit user's password expiry via the NSX Manager CLI (get user audit password-expiration), the output indicates the password expired many days ago (e.g., "Current password expired ##### days ago").

         

  • Related alarms may be generated, indicating issues with the audit account or password expiry.

         

  • Password changes for the audit account do not correctly update the expiry status.

Environment

VMware NSX

Cause

This behavior typically indicates an underlying issue or corruption with the existing audit user's entry or its associated metadata within the NSX Manager's user management system. Despite password changes, the system fails to correctly update or reset the password expiration flag for the affected account.

Resolution

To resolve this issue, the problematic audit account must be deleted and then recreated.

Procedure:

  1. Delete the existing audit user account via CLI:

    • Log in to the NSX Manager CLI as the admin user.
    • Execute the command:
       del user audit
    • Note: Deleting the user will clear any related alarms associated with the old audit account.

  2. Create a new audit user account via NSX Manager UI:

    • Log in to the NSX Manager UI.
    • Navigate to System > User Management.
    • Click Add User.

  3. Activate the new audit user:

    • From the User Management screen, locate the newly created audit user.
    • Click on the three dots (options menu) next to the user entry.
    • Select Activate.

  4. Set the password expiry (Optional but Recommended):

    • To set a specific password expiration period for the new audit account, log in to the NSX Manager CLI as admin.
    • Execute the command (example sets expiry to 9999 days):
       set user audit password-expiration 9999
    • Verify the expiry status:
       get user audit password-expiration
Powered by Wolken Software