If you initially deploy NSX(-T) you will notice after 90 days at the latest that VMware has defined a default policy for all passwords in the environment with an expiration of 90 days. This can be quite annoying, especially in Homelab environments like mine. Therefore, in this article, I would like to briefly show you how to reconfigure the policy. Please keep in mind the security impact if you use this setting in production environments.

  1. Connect to NSX(-T) Manager with SSH
  2. Login as „admin“
  3. Run cli commands given:

    get user admin password-expiration
    clear user [username] password-expiration
    get user admin password-expiration
  4. Do the same on all your NSX-Managers & your NSX-Edges
Lab-NSX-Manager-01> get user admin password-expiration
Password expiration not configured for this user
Lab-NSX-Manager-01> clear user admin password-expiration
Lab-NSX-Manager-01> clear user root password-expiration
Lab-NSX-Manager-01> clear user audit password-expiration

Attention: if you have VMware Cloud Foundation, there are two KB articles (KB84190 & KB83855) that indicate there are issues with updates in Cloud Foundation when the expiration of passwords is disabled. Therefore, the setting should be different in a Cloud Foundation environment. Here the password expiration is not disabled but alternatively set to 9999.

Lab-NSX-Manager-01> set user admin password-expiration 9999
Lab-NSX-Manager-01> set user root password-expiration 9999
Lab-NSX-Manager-01> set user audit password-expiration 9999

If you have any questions or suggestions, feel free to contact me or use the comment function here under the post.
In further tutorials, I would like to show you in the future to expand my NSX-Environment to micro-segmentation with the goal of being able to provide a multi-tenant VDI environment.
So check back here from time to time or give me feedback on what you would like to see more tutorials.

No responses yet

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert