• VCF Operations displays an alert for NSX Manager passwords having expired.
• You have changed the password using the 'Update' button under Fleet Management and can log in as root, admin and audit using the updated passwords.
• However the web interface still shows them as expiring today, and hence alerts are present.
• You have not changed the passwords manually on the nodes.
• You have set the passwords to never expire via CLI directly on the nodes.

VCF Operations 9.1

VCF 9.x is designed with a secure-by-default architectural posture. This framework enforces periodic password rotation for all managed core components to align with modern security standards.

• The internal schema does not support a null or zero (0) value for expiration timers.
• "Never Expire" is not a supported architectural state for core SDDC components within the automated lifecycle management engine

1. Set the password expiry to 90 days for root, audit and admin on all NSX Manager nodes.
2. Open an SSH session to all the NSX nodes:
   
   

   1. Confirm the password expiration is disabled: get user <USER_NAME> password-expiration

   2. Set a new 90-day period: set user <USER_NAME> password-expiration 90

   3. Verify the expiry has been updated: get user <USER_NAME> password-expiration


3. It can take several hours for the change to reflect in the VCF Operations UI.

See Configuring Password Expiration and Rotation in VMware Cloud Foundation (VCF) 9.x for more details.