API logins to NSX fails for vIDM users with "credentials were incorrect or the account specified has been locked."
search cancel

API logins to NSX fails for vIDM users with "credentials were incorrect or the account specified has been locked."

book

Article ID: 314768

calendar_today

Updated On:

Products

VMware NSX VMware Aria Suite

Issue/Introduction

  • After following the documented process to integrate NSX-T with VMware Identity Manager, API logins to NSX-T fail for vIDM users with "credentials were incorrect or the account specified has been locked.".
  • The same vIDM users can access the NSX-T UI without issue.
  • Local users can still authenticate with NSX-T  API.

Environment

VMware Identity Manager 3.3.x

Cause

The issue occurs when the Directory search attribute for the vIDM Directory is set to UserPrincipalName. This causes the domain name to be appended twice. The UI login is not affected but the API logins will fail as they are processed differently.

Resolution

This issue is resolved in VMware NSX 4.1.2, available at Broadcom downloads.

If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

 

Workaround:

To workaround the issue select SamAccountName as the directory search attribute when creating the directory in vIDM.

Additional Information

Also see VMware NSX 4.1.2 release notes.

Powered by Wolken Software