• SDDC Manager tasks to NSX Manager fail, such as:
  Password-check: Perform Password expiry status checks on SDDC components
• When querying the password expiration of the affected user via the NSX CLI, the system reports the password expired a long time ago (falling back to Unix Epoch).
  

  Sample output of command: get user audit password-expiration

  > get user audit password-expiration Password expires 60 days after last change, Current password expired 20468 day ago.

• Resetting the password of the affected user in NSX does not clear the corrupted expiration flag.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

When the audit user password has been reset by the admin user, the audit user must login using the new password and change it to a different password, to maintain security, that is that the admin user does not know the audit users password. If the password was reset by the admin user, then in the command line, you run: get user audit password-expiration

You would see the password expired many thousands of days in the past.

Workaround:

1. Log into the NSX manager UI and go to System, User Management, Local Users.
2. Click the 3 dots (Hamburger menu) beside the audit user and select 'Reset Password'.
3. Enter the new password and re-enter to confirm it again and click 'SAVE'.
4. Then you will need to log out of the UI as admin user and login as the audit user, using the password the admin user created.
5. It will then ask you to enter a new password.
6. Once this is complete and login works, on the NSX manager command line as admin user, try running: get user audit password-expiration
7. It should now show a valid expiration date in the future, based on the configured password expiration policy.
8. For more details please review There are many ways to reset your user password or have an administrator reset it for you. This topic describes the scenarios and links to the procedures to complete your password resets.
9. The above page links through to this page with details on changing the password and the requirement to login again Resetting Expired Passwords

If you believe you have encountered this issue and the above steps did not resolve the issue, open a support case with Broadcom Support and refer to this KB article. Creating and managing Broadcom support cases

Note: Deleting a local user account on an edge node, is supported, but you can not recreate it, the edge would need to be redeployed to get the local user back, please see the following guide for further details and limitation of deleting local accounts: Delete a Local User