• When you reset the admin password of an NSX Manager, the AVI Load Balancer may lose connectivity to the NSX Manager cluster with the following error:
  
  
  
• This error is found in VMware Avi Load Balancer > Operation > Event:

  NSX-T connection setup failed - reason The credential were incorrect or the account specified has been locked.

VMware Avi Load Balancer with NSX-T Cloud

The NSX Manager account enters a lockout state because the AVI LB is not included in the lockout_immune_addresses parameter. When the password is changed, the automated requests from the AVI LB trigger the NSX lockout mechanism, preventing successful authentication.

To prevent AVI LB from being locked out, you must add its addresses to the immune list on the NSX Local Manager:

1. Log in to the NSX Manager CLI or API as an administrator.
2. Identify the IP addresses of all AVI Load Balancer nodes that communicate with the NSX cluster.
3. Update the lockout_immune_addresses parameter to include the AVI LB IP addresses.
4. For detailed API syntax, refer to the official documentation: Prevent Password Lockout on Local Manager Nodes.

To use the curl command, please follow these steps:
Note: Ensure you have valid backups before proceeding with the following steps.

1. Access the NSX Manager via ssh
2. Export the API result to a file:
   curl -k -X GET -H "Content-Type: application/json" -u 'admin' https://localhost/api/v1/cluster/api-service > api-service.txt
   
   
3. Append lockout_immune_addresses information to the end of the created file:
   sed -i '$i\,\"lockout_immune_addresses\":[ \"IP_Address\", \"IP_Address\", \"IP_Address\" ]' api-service.txt
   
   
4. Import the created file via the PUT curl command:
   curl -k -X PUT -H "Content-Type: application/json" -u 'admin' https://localhost/api/v1/cluster/api-service -d @api-service.txt