This article describes the mechanism by which NSX synchronizes local user accounts, including their properties and credentials, across all nodes in an NSX Manager cluster.

Overview of Local User Accounts
Each NSX Manager appliance is provisioned with a standard set of local user accounts at deployment time: root, admin, audit, guestuser1, guestuser2.
The root and admin accounts are always enabled during deployment, with their credentials supplied through the appliance deployment parameters.
The audit account can optionally be enabled during deployment or activated later through administrative workflows.
For additional details on local user lifecycle management, refer to the NSX Administrator Guide.

Initialization of Local User Accounts During First Boot
During the first boot sequence, the NSX Manager appliance applies the passwords and account properties specified in the deployment configuration. This initialization sets the baseline values for each local account, including:

• Password expiration
• Expiration warnings
• Other password and related attributes

As part of this process, the NSX Management API service logs a confirmation entry indicating that the default local user set has been initialized. For example:

/var/log/nvpapi/api_server.log
<DATE>T12:05:12.675Z napi.root.node.users.__self__ INFO Initialized proton with 5 default user entries from deployment

This log message confirms that the node has successfully initialized all default user accounts and their associated parameters.

Population of User Accounts into the Cluster Database
Once the appliance has completed its boot process and the management cluster reaches a stable operational state, the NSX user-management service populates the NSX Cluster Database with:

• Local user account properties
• Password policy and related attributes
• Salted and hashed password data

This cluster-wide authoritative store becomes the single source of truth for user-related configuration.

User Synchronization When Additional Nodes Join the Cluster
When additional NSX Manager appliances join the management cluster, the user-synchronization service on those nodes retrieves the authoritative user account data from the cluster database. It then applies these properties and credentials to the local node’s system files.
A log entry similar to the following indicates successful synchronization:

/var/log/nvpapi/api_server.log
<DATE>T12:24:36.118Z napi.root.node.users.__self__ INFO Updated local etc file entries for users: 0, 10000, 10002, 10003, 10004

This confirms that the node has aligned its local user store with the cluster database upon joining the cluster.

Propagation of User Updates Across the Cluster
When a user account update is initiated, whether from CLI, UI, or API, the following workflow occurs:

1. The receiving manager node processes the update and applies the change locally.
2. The node writes the updated user information to the NSX Cluster Database, ensuring that the new state becomes authoritative.
3. Other manager nodes periodically check the cluster database for updated timestamps associated with user records.
4. Upon detecting changes, nodes retrieve the latest user data and apply the updates locally.

Nodes log these updates with messages similar to:

/var/log/nvpapi/api_server.log
<DATE>T12:31:12.089Z napi.root.node.users.__self__ INFO Updated local etc file entries for users: 0, 10000

This confirms that the node has synchronized its local user records with the newly updated cluster-wide data.

Synchronization Interval
User-related updates may take up to 30 seconds to propagate across all nodes in the NSX Manager cluster. This synchronization interval ensures consistency while optimizing system load and cluster performance.