In an automated NXRM deployment model, resetting the admin password using REST may be desirable. When the /service/rest/beta/security/users/admin/change-password API is used to reset the password, the admin.password marker file for onboarding is not deleted.
The presence of this file prompts the first UI login to enter the admin user admin.password file password as part of the admin user credential. However that password will not work, since the password is already reset to something else via REST.
Whenever the default admin user password is reset deliberately by supported methods, such as the REST API, the onboarding feature should detect this and not expect the admin.password file to still be valid.