Local user account for NSX (example Tanzu) not syncing within NSX
search cancel

Local user account for NSX (example Tanzu) not syncing within NSX

book

Article ID: 431714

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

NSX local user authentication fails and password updates do not sync for external API consumers

  • VMware NSX local user accounts utilized by external platforms (such as Tanzu Cloud Foundry) fail to authenticate.
  • Password updates and non-expiry settings configured in the NSX UI fail to synchronize to the active user account.
  • Deleting and recreating the user via the NSX UI does not resolve the authentication failure, resulting in service control plane detachment.
  • You may see something like this in the NSX UI where the password doesn't expire but shows expired.

Environment

VMware VCF 9.0.0.0

Cause

This issue is caused by the password expiry not being realized by the Central Control Plane.

Resolution

 

  1. Log in to the NSX UI.

  2. Navigate to the user management section.

  3. Toggle the affected account status from Deactivate to Activate. This forces a synchronization task from the Management Plane to the underlying OS configuration files.

  4. Log in to the affected NSX Manager appliance via SSH as an administrator.

  5. Verify the expiration timer is cleared by executing the following command: get user <username> password-expiration

  6. Navigate to System > User Management > Settings in the NSX UI and ensure the global Password Expiration Policy is accurately configured.

  7. The affected local account will resume to:

Additional Information

For more password information see:

Change password expiry:

Powered by Wolken Software