VMware Cloud Foundation (VCF) 9.x
VMware NSX

This issue occurs because the passwords for the NSX accounts (specifically the admin account) have expired. Communication between the SDDC Manager and NSX relies on the admin account for API interactions. Because the credentials have expired, API authentication fails, resulting in the disconnected state and preventing the SDDC Manager from automatically rotating the passwords.

Documented process for resetting of passwords needs to be followed as per Resetting the Passwords of an Appliance

To resolve this issue, you must manually reset the passwords from the backend OS using the root account.

NOTE: You must know the current root password for the NSX Manager.

1. ssh to one of the the NSX Managers as root user using that Managers IP/FQDN and not the VIP

2. Stop the NSX Manager MP API service

  /etc/init.d/nsx-mp-api-server stop

3. If the accounts have been locked out due to repeated failed login attempts, clear the counters for both the admin and audit users:

    Check if the account is having locked out login attempts

   faillock --user admin

   Reset if needed

   faillock --user admin --reset

    Repeat for audit if needed

4. Reset the admin password as you would on any standard Linux system as root:

  root@nsx-mgr:/# passwd admin

5. Create the reset_cluster_credentials file to trigger the necessary configuration update:

  touch /var/vmware/nsx/reset_cluster_credentials

5. Start the NSX Manager API service to apply the changes:

  /etc/init.d/nsx-mp-api-server start

6. Attempt to log in to the NSX Manager UI again. The login should now be successful.

7. Remediate the associated user on SDDC 
    > Navigate back to Password Management in SDDC Manager.
    > Locate the admin and audit accounts that are showing as "Disconnected".
    > Click the three dots next to each and select Remediate.
    > Enter the new passwords you just established via the OS shell.

After completing these steps, attempt to log in to the NSX Manager UI again. The login should now be successful.

If they don't know the root password, they can reset it via the GRUB:

1. Connect to the console of the appliance.
2. Reboot the system.
3. When the GRUB boot menu appears, press the left SHIFT or ESC key quickly. If you wait too long and the boot sequence does not pause, you must reboot the system again.
4. Press e to edit the menu.
   1. Choose the top Ubuntu line then enter the user name root and the GRUB password for root (not the same as the appliance's user root). The default password is NSX@VM!WaR10
5. Press e to edit the selected option.
6. Search for the line starting with linux and add systemd.wants=PasswordRecovery.service to the end of the line.
7. Press Ctrl-X to boot.
8. When the log messages stop, enter the new password for root.
9. Enter the password again.
   1. The boot process continues.
10. After the reboot, you can verify the password change by logging in as root with the new password.

Additional KB reference: https://knowledge.broadcom.com/external/article/314637/root-user-account-is-disconnected-in-sdd.html