• The NSX-T root account status is Disconnected in SDDC Manager Password Management.
  
  

• Password remediation or rotation for the NSX-T Manager root account fails with an "unable to ssh" error in the SDDC Manager UI.

• The NSX-T Manager UI shows the Compute Manager registration status as "Not Registered".
  
  

• A critical alert: Endpoint Protection: EAM Status Down is found under Alarms.

  

• The following errors are observed in /var/log/vmware/vcf/operationsmanager/operationsmanager.log on the SDDC Manager:
  
  ERROR [vcf_om,################################,####] [c.v.e.s.c.c.v.vsphere.VsphereClient,om-exec-22] Failed to connect to https://<vCenter-fqdn>:443/sdk java.util.concurrent.ExecutionException: (vim.fault.InvalidLogin) {
faultCause = null,
faultMessage = null
WARN [vcf_om,################################,####] [c.v.e.s.c.c.v.vsphere.VsphereClient,om-exec-22] Error logging out of session com.vmware.vim.binding.vim.fault.NotAuthenticated: The session is not authenticated.
at jdk.internal.reflect.GeneratedConstructorAccessor392.newInstance(Unknown Source) at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
ERROR [vcf_om,################################,####] [c.v.e.s.c.c.v.vsphere.VcManagerBase,om-exec-22] Cannot complete login due to incorrect credentials: <vCenter-fqdn>, [email protected].
ERROR [vcf_om,################################,####] [c.v.v.p.u.c.NsxtManagerSshChanger,om-exec-22] The credential test failed for root@<vCenter-fqdn> due to java.util.concurrent.ExecutionException: (vim.fault.InvalidLogin) {
faultCause = null,
faultMessage = null
  
  

• VMware NSX-T Data Center / VMware NSX
• VMware SDDC Manager
• VMware vCenter Server

The ESX Agent Manager (EAM) service is stopped or in an unhealthy state on the vCenter Server where the NSX-T Manager is registered.

To resolve this issue, the EAM service must be restored on the vCenter Server before remediating the password in SDDC Manager.

Step 1: Restart EAM Service on vCenter

1. Log in to the vCenter Server Appliance (VCSA) via SSH using root credentials.

2. Check the status of the EAM service, using below command:
   
   service-control --status vmware-eam

3. If the service is stopped, start it using below command:
   
   service-control --start vmware-eam
   

4. If the service is already running but the NSX-T UI still shows "Down", restart the service using below command:
   
   service-control --restart vmware-eam

Step 2: Re-register Compute Manager in NSX-T

1. Log in to the NSX Manager UI.

2. Navigate to System > Fabric > Compute Managers.

3. Select the affected vCenter and click Edit.
   
   
   

4. Re-enter the SSO credentials (e.g., [email protected]) and click Save.
   
   
   

5. Verify the Registration Status changes to "Registered" and Connection Status is "Up".
   
   
   

Step 3: Remediate Password in SDDC Manager

1. Log in to the SDDC Manager UI.

2. Navigate to Security > Password Management.

3. Locate the NSX-T Manager root credential.

4. Click Update Password or Remediate Password and provide the root credentials of the NSXT Manager.

Because NSX-T relies on the EAM service for integration with vCenter, an EAM failure breaks the trust/registration between the two components. SDDC Manager, which orchestrates password changes by communicating through these established management channels, fails to authenticate or establish an SSH session to the NSX-T Manager because the underlying "Compute Manager" link is broken.