NSX ALB Reset Admin Password

NSX ALB: Invalid credentials

Uh oh. You don't know the NSX ALB admin password, but if you have have another local account with Super User access, you can reset the admin password.

Local account overview

Only the local admin account can SSH to the controller OS. Other accounts marked as a super user can SSH to the Avi Docker CLI.

As long as you have a local account with Super User access, or create one if you can login to the UI with another account that has the System-Admin role.

Resetting the admin account password

Using a local account with Super User access, SSH to the Avi Docker CLI. When prompted for the username, enter the local account.

 1PS C:\> ssh cli@daunce-nsxalb.au.pso
 2
 3Avi Cloud Controller
 4
 5Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
 6All rights reserved.
 7
 8Management:   10.205.85.27/25                UP
 9Gateway:      10.205.85.125                  UP
10
11The copyrights to certain works contained in this software are
12owned by other third parties and used and distributed under
13license. Certain components of this software are licensed under
14the GNU General Public License (GPL) version 2.0 or the GNU
15Lesser General Public License (LGPL) Version 2.1. A copy of each
16such license is available at
17http://www.opensource.org/licenses/gpl-2.0.php and
18http://www.opensource.org/licenses/lgpl-2.1.php
19Last login: Fri Aug 26 02:13:01 2022 from 10.109.145.124
20Launching a CLI shell in a container
21Login: admin2
22Password:
23
24[admin:10-205-85-27]: >

You'll notice Launching a CLI shell in a container just above the login prompt.

Attach to the controller using attach controller <controller ip>.

 1[admin:10-205-85-27]: > attach controller 10.205.85.27
 2FIPS mode initialized
 3Warning: Permanently added '10.205.85.27' (ECDSA) to the list of known hosts.
 4
 5Avi Cloud Controller
 6
 7Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
 8All rights reserved.
 9
10Management:   10.205.85.27/25                UP
11Gateway:      10.205.85.125                  UP
12
13The copyrights to certain works contained in this software are
14owned by other third parties and used and distributed under
15license. Certain components of this software are licensed under
16the GNU General Public License (GPL) version 2.0 or the GNU
17Lesser General Public License (LGPL) Version 2.1. A copy of each
18such license is available at
19http://www.opensource.org/licenses/gpl-2.0.php and
20http://www.opensource.org/licenses/lgpl-2.1.php
21avidebuguser@10-205-85-27:~$

Now you are logged in as the avidebuguser which is a sudo user.

Now change directories to /opt/avi/scripts/ and execute the script sudo ./admin_pwd_reset.py.

If it's a 3 node controller cluster, the output will show all the connections it's making to the other nodes, but for a single controller it will be quite simple as below.

1avidebuguser@10-205-85-27:~$ cd /opt/avi/scripts/
2avidebuguser@10-205-85-27:/opt/avi/scripts$ sudo ./admin_pwd_reset.py
3Please enter new password for user 'admin' : VMware1!VMware1!
4Resetting password for user admin.
5Password reset complete
6avidebuguser@10-205-85-27:/opt/avi/scripts$

The new local admin password should work immediately in the UI and SSH.