NSX service account is disconnected in SDDC manager Password Management
search cancel

NSX service account is disconnected in SDDC manager Password Management

book

Article ID: 430558

calendar_today

Updated On:

Products

VMware SDDC Manager VMware NSX

Issue/Introduction

  • The NSX svc-vcf-nsxmgr-#### service account shows disconnected in the SDDC manager > Password management


  • Remediation for the NSX svc-vcf-nsxmgr-#### service account password is failing with the error : 
    "Cannot complete login due to an incorrect user name or password." 


  • /var/log/vmware/vcf/operationsmanager/operationsmanager.log (on SDDC Manager) :
    YYYY-MM-DDTHH:MMM:SS ERROR [vcf_om,################################,8bb1] [c.v.v.p.u.c.NsxtManagerApiChanger,om-exec-4] Exception occurred while changing password for user <nsx_service_account>
    YYYY-MM-DDTHH:MMM:SS ERROR [vcf_om,################################,8bb1] [c.v.v.p.u.c.AbstractPasswordChanger,om-exec-4] The credentials were incorrect or the account specified has been locked.
    YYYY-MM-DDTHH:MMM:SS ERROR [vcf_om,################################,8bb1] [c.v.v.p.u.c.AbstractPasswordChanger,om-exec-4] The credentials were incorrect or the account specified has been locked.
    com.vmware.vcf.passwordmanager.exception.PasswordUpdateException: The credentials were incorrect or the account specified has been locked.
    Caused by: org.springframework.web.client.HttpClientErrorException$Forbidden: 403 Forbidden: "{<EOL>  "error_code" : 403,<EOL>  "module_name" : "common-services",<EOL>  "error_message" : "The credentials were incorrect or the account specified has been locked."<EOL>}"
    YYYY-MM-DDTHH:MMM:SS DEBUG [vcf_om,################################,8bb1] [c.v.v.p.u.c.AbstractPasswordChanger,om-exec-4] Error Message : The credentials were incorrect or the account specified has been locked., Error Token : 
    YYYY-MM-DDTHH:MMM:SS DEBUG [vcf_om,################################,8bb1] [c.v.v.p.r.AbstractPasswordTransactionExecutor,om-exec-4] Password operation failed for <nsx_service_account> in stage UPDATE

Cause

The service account shows disconnected, due to credential expiration on the NSX Manager appliance

Resolution

Perform the password remediation for the service account :

On NSX Manager : 

  1. Login to NSX Manager via SSH using root credentials, refer Enable ssh root access for NSX appliances
  2. To stop the service, run the command : 
    /etc/init.d/nsx-mp-api-server stop

  3. To reset the password for service user, run the command :
    passwd <Service_user_username>

  4. Run the command to create the file to reset the password: 
    touch /var/vmware/nsx/reset_cluster_credentials

  5. To start the service, run the command :
    /etc/init.d/nsx-mp-api-server start

On SDDC Manager : 

Remediate the password for the service account, with the password set on the NSX appliance in the Password Management page on SDDC Manage, refer Remediate Passwords

Powered by Wolken Software