• An NSX 4.x local user (e.g., root, admin, or audit) password is reported as expired or needs to be changed.
• After successfully changing the password via the passwd command, the system reverts to the old password or an "expired" state after approximately one minute. 
• The system ignores the new password and only accepts the previous credentials.

NSX 4.x

This issue is caused by a synchronization conflict within the NSX Manager cluster. When a password is changed on a single node while management API services are active, the existing stale credentials stored on peer nodes may overwrite the local change during the next synchronization cycle (which typically occurs every few minutes).

To ensure the password change propagates correctly to the entire cluster, perform a manual reset via CLI with service isolation and a synchronization trigger.

1. Log in to the NSX Manager appliance as root via SSH.
2. Stop the Management Plane API service to prevent peer-node overwrites: /etc/init.d/nsx-mp-api-server stop
3. Reset the local user password (replace [username] with the affected user): passwd [username]
4. Create the synchronization trigger flag: touch /var/vmware/nsx/reset_cluster_credentials
5. Restart the API service: /etc/init.d/nsx-mp-api-server start 

Note: Stopping the nsx-mp-api-server prevents other cluster members from communicating with the node during the reset. The reset_cluster_credentials file forces the cluster to synchronize and accept the credentials defined on the current node upon service startup.

For more information on resetting the passwords of NSX Manager and NSX Edge, please refer to the following technical document.