API logins to NSX fails for vIDM users with "credentials were incorrect or the account specified has been locked."
search cancel

API logins to NSX fails for vIDM users with "credentials were incorrect or the account specified has been locked."

book

Article ID: 314768

calendar_today

Updated On:

Products

VMware NSX VMware Aria Suite

Issue/Introduction

Symptoms:
  •  After following the documented process to integrate NSX-T with VMware Identity Manager, API logins to NSX-T fail for vIDM users with "credentials were incorrect or the account specified has been locked.".
  • The same vIDM users can access the NSX-T UI without issue.
  • Local users can still authenticate with NSX-T  API.

 

 


Environment

VMware Identity Manager 3.3.x

Cause

The issue occurs when the Directory search attribute for the vIDM Directory is set to UserPrincipalName. This causes the domain name to be appended twice. The UI login is not affected but the API logins will fail as they are processed differently.

Resolution

The issue is resolved in NSX version 4.1.2 as per the release notes .

Workaround:
To workaround the issue select SamAccountName as the directory search attribute when creating the directory in vIDM.