• Users encounter a "Password Expired" (Error 10006) message when attempting to authenticate to VMware NSX Manager, even after successfully resetting their password.
  
  
• The user account status continues to display as "Expired" in the NSX UI.

VMware NSX

The password expiration counter is not automatically reset upon password change.

Method 1: Fix using CLI (Immediate Method)

1. SSH to the NSX Manager as admin.

2. Verify the expiry date to confirm it is still in the past: get user <USER_NAME> password-expiration

3. Clear the expiration by setting it to never expire (recommended for service accounts): clear user <USER_NAME> password-expiration Alternatively, to set a new 90-day period: set user <USER_NAME> password-expiration 90

4. Confirm the status change: get user <USER_NAME> password-expiration

Method 2: Fix using Deactivate/Activate (UI) If you cannot use SSH, you can toggle the user account status via the UI.

1. Log in to the NSX Manager UI as an admin user.

2. Navigate to System > User Management > Users.

3. Select the affected user, click Deactivate, and then immediately click Activate again. This process forces a reset of the expiration flag (90 days).

Method 3: API Call to Reset Password Expiry

1. Retrieve the User ID by finding the specific userid for the local user.

   • Method: GET

   • Endpoint: https://<NSX_MANAGER_IP>/api/v1/node/users

   • Note: Predefined IDs are typically 10001 (admin), 10002 (audit), 10003 (guestuser1), and 10004 (guestuser2).

2. Update User Status and Expiration to reset the account to ACTIVE and extend the expiration.

   • Method: PUT

   • Endpoint: https://<NSX_MANAGER_IP>/api/v1/node/users/<userid>

   • Payload:

     {
       "status": "ACTIVE",
       "password_change_frequency": 9999,
       "password_reset_required": false
     }

Resetting Expired Passwords