So apparently it has been 90 days since the deployment of NSX-T and therefor, time for the admin password to expire ;):

Unfortunately, this doesn’t give you the opportunity to login and then change the password (a feature I would really appreciate), but a reset is necessary. In the online documentation (https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html) the reset is done through a reboot into single user mode of one of the appliances and reset the password.

However, in the online documentation one of the steps is to “touch” a file (which means creating a blank file), through the command:

touch /config/vmware/nsx-node-api/reset_cluster_credentials

But the directory structure doesn’t exist when booting into single mode, so an error is shown. When you let the appliance boot without touching the file, you can log in with the new password, but after a couple of minutes the password of the admin user, is reset to it’s original value. I assume that creating the “reset_cluster_credentials” file, makes the change permanent.

So, what I did in my environment is change the password according to the documentation, but without touching the file in the single user mode. Then reboot the appliance into “normal” operating mode and, within the time-out period (this is a couple of minutes), create the file throught the command:

touch /config/vmware/nsx-node-api/reset_cluster_credentials

After that, the reversal of the password does not happen again and you can log in with the newly set password.