API logins to NSX fails for vIDM users with "credentials were incorrect or the account specified has been locked."
book
Article ID: 314768
calendar_today
Updated On:
Products
VMware NSXVMware Aria Suite
Issue/Introduction
Symptoms:
After following the documented process to integrate NSX-T with VMware Identity Manager, API logins to NSX-T fail for vIDM users with "credentials were incorrect or the account specified has been locked.".
The same vIDM users can access the NSX-T UI without issue.
Local users can still authenticate with NSX-T API.
Environment
VMware Identity Manager 3.3.x
Cause
The issue occurs when the Directory search attribute for the vIDM Directory is set to UserPrincipalName. This causes the domain name to be appended twice. The UI login is not affected but the API logins will fail as they are processed differently.
Resolution
The issue is resolved in NSX version 4.1.2 as per the release notes .
Workaround: To workaround the issue select SamAccountName as the directory search attribute when creating the directory in vIDM.