If you initially deploy NSX(-T) you will notice after 90 days at the latest that VMware has defined a default policy for all passwords in the environment with an expiration of 90 days. This can be quite annoying, especially in Homelab environments like mine. Therefore, in this article, I would like to briefly show you how to reconfigure the policy. Please keep in mind the security impact if you use this setting in production environments.
- Connect to NSX(-T) Manager with SSH
- Login as „admin“
- Run cli commands given:
get user admin password-expirationclear user [username] password-expirationget user admin password-expiration - Do the same on all your NSX-Managers & your NSX-Edges
Lab-NSX-Manager-01> get user admin password-expiration
Password expiration not configured for this userLab-NSX-Manager-01> clear user admin password-expiration
Lab-NSX-Manager-01> clear user root password-expiration
Lab-NSX-Manager-01> clear user audit password-expirationAttention: if you have VMware Cloud Foundation, there are two KB articles (KB84190 & KB83855) that indicate there are issues with updates in Cloud Foundation when the expiration of passwords is disabled. Therefore, the setting should be different in a Cloud Foundation environment. Here the password expiration is not disabled but alternatively set to 9999.
Lab-NSX-Manager-01> set user admin password-expiration 9999
Lab-NSX-Manager-01> set user root password-expiration 9999
Lab-NSX-Manager-01> set user audit password-expiration 9999If you have any questions or suggestions, feel free to contact me or use the comment function here under the post.
In further tutorials, I would like to show you in the future to expand my NSX-Environment to micro-segmentation with the goal of being able to provide a multi-tenant VDI environment.
So check back here from time to time or give me feedback on what you would like to see more tutorials.
No responses yet