When a local user's password expires, the system prompts the user to change the password upon the next CLI login.

If this password change is attempted via a VM Console connection, the system appears to process the update successfully—accepting the new credentials and logging the user into the active CLI session without error. However, the password is not actually updated in the system backend.

Symptoms:

• Subsequent login attempts require the old/expired password, not the new one.

• The system may repeatedly prompt for a password change on every login.

• Command output for user status confirms the expiration has not been reset.

This applies to local users such as admin, audit, and root.

VMware NSX 9.0.1

The root cause is currently unknown.

To successfully update an expired password, please use one of the following methods.

Method 1: Update via SSH (Recommended)

Connect to the CLI using an SSH client (e.g., PuTTY, Terminal) rather than the VM Console. The password change prompt via SSH functions correctly.

1. Initiate an SSH connection to the appliance.

2. Login with the expired credentials.

3. Follow the prompts to update the password.

Method 2: Manual Update via CLI (If SSH is Disabled)

If you must use the VM Console (Serial/Direct) or cannot use SSH:

1. Log in to the CLI as admin (the system will prompt for a password update here).

2. Once logged in as admin, manually run the password set command:

   set user admin password
   

3. Follow the prompts to enter and confirm the new password.

To confirm that the password has been successfully updated and the expiration timer reset, run the following commands in the nsxcli:

get user admin status
get user admin password-expiration

Verify that the password-expiration date has moved forward and the account status is active.