Thank you for the sample script. With that, I was able to reproduce the behavior you are describing. The Set-NaVfilerPassword cmdlet makes use of the vfiler-setup API, which allows us to set up several properties of the vfiler (Set-NaVfilerAddress, Set-NaVfilerAdminHost, Set-NaVfilerDns, and Set-NaVfilerNis also make use of vfiler-setup). In order for the vfiler-setup API to create the root account, the IP bindings must be passed along in the same API call. This is not currently how the Set-NaVfilerPassword cmdlet works, so the root account is not created.
The good news is, the forthcoming toolkit 1.4 includes a cmdlet Invoke-NaSystemApi which allows you to send raw API requests to Data ONTAP. I've copied a sample script below that I have used to successfully create a vfiler with a root account.
$vfiler = "testvf"
$ip = "10.10.10.25"
$interface = "e0a"
$netmask = "255.255.255.0"
$password = "password2"
$xml = "<vfiler-setup>
<vfiler>$vfiler</vfiler>
<ipbindings>
<ipbinding-info>
<ipaddress>$ip</ipaddress>
<interface>$interface</interface>
<netmask>$netmask</netmask>
</ipbinding-info>
</ipbindings>
<password>$password</password>
</vfiler-setup>"
New-NaVfiler $vfiler -Addresses $ip -Storage /vol/vol3
Invoke-NaSystemApi -Request $xml
Because of the issue I mentioned in my previous post, it is recommended that any subsequent password changes are accomplished by connecting directly to the vfiler and using Set-NaUserPassword.
I hope that helps,
Steven