The APIC in one of the DC's requires domain "LocalAuth" to be specified  when logging in. The ACI Plugin configuration script doesn't provide this parameter.
As a result it fails to log in with incorrect username or password message. 

Release : any supported release of Virtual Network Assurance

Component : Virtual Network Assurance For CA Performance Management

If using TACACS for the LocalAuth, the ACI Plugin configuration should be changed.

If are using TACACS for the LocalAuth the ACI plugin configuration should be changed.

The syntax should be the following:

apic:LOGIN_DOMAIN_HERE\\LOCAL_USERNAME_HERE

for example:

apic:LocalAuth\\guest


Can refer to this Cisco document for more details:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_ACI-TACACS-config.html

This can probably be used not only for TACACS - it could be used for local domain access in general.

From the above mentioned documentation:

If you did not create an additional Login Domain for local authentication, and you forgot your TACACS credentials, ACI includes a fallback Login Domain. The fallback Login Domain cannot be deleted and is set to use local authentication by default. In order to login to the fallback Login Domain you must use this syntax:

APIC GUI: apic:LOGIN_DOMAIN_HERE\\LOCAL_USERNAME_HERE
APIC CLI: apic#LOGIN_DOMAIN_HERE\\LOCAL_USERNAME_HERE

To login to the local admin account you would use the following APIC GUI and CLI syntax's:

APIC GUI: apic:fallback\\admin
APIC CLI: apic#fallback\\admin