• SDDC Manager tasks to NSX Manager fail, such as:
  Password-check: Perform Password expiry status checks on SDDC components
• When querying the password expiration of the affected user via the NSX CLI, the system reports the password expired a long time ago (falling back to Unix Epoch).
  

  Sample output of command: get user audit password-expiration

  > get user audit password-expiration Password expires 60 days after last change, Current password expired 20468 day ago.

• Resetting the password of the affected user in NSX does not clear the corrupted expiration flag.

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

The user account metadata within the NSX Manager's user management database became corrupted, preventing standard password management processes from successfully updating the expiration flag.

This is a known issue impacting VMware NSX.

Workaround

For the audit account, you must delete and recreate the user to clear the corrupted metadata.

1. Log in to the NSX Manager CLI as the admin user.
2. Delete the corrupted audit account by executing the following command:

   del user audit
   

3. Log in to the NSX Manager UI as an Administrator.
4. Navigate to System > User Management > Local Users.
5. Click Add User, enter audit as the username, and set a new password.
6. Once the user is created, click the vertical ellipsis (three dots) next to the new audit user in the list and select Activate.
7. (Optional) Return to the NSX Manager CLI and set your desired password expiration policy:

   set user audit password-expiration 90
   

If you believe you have encountered this issue and are unable to apply the workaround, open a support case with Broadcom Support and refer to this KB article. Creating and managing Broadcom support cases