Authentication failure while logging into vCenter Server with AD user.

The authentication to vCenter Server for specific users configured in the AD are failing when the Identity provider is set to "AD over LDAP" or "AD over LDAPS".

The authentication failure displays the message "Invalid credentials"

This issue is occurring specifically to only a few users in the domain which are configured under the protected groups section of the AD.

Due to the presence of the user in "Protected group" the credentials are not validated from the AD and since the vCenter Server does not receive a successful authentication from the AD, vCenter Server displays invalid credentials as the login failure message.

The customer will have to remove the Users from the AD's "Protected Group", so that the Users will to be able to successfully login into the vSphere Client.

It impacts the users environment as many of the Users will not be able to access the vCenter Server, which in turn will cause inability to manage or even view the vCenter Server.