Symptoms:
- You are using NSX-T IDFW (Identity Firewall).
- You are running NSX-T 3.2.x and using LogInsight to register the login/logout events from physical devices.
- The AD (Active Directory) username may start with a upper case letter and the remainder are lowercase.
- The AD user login/logout events are not seen in the NSX-T Active IDFW Sessions tab of the NSX-T UI.
- Firewall rules are not applied correctly to these sessions.
- The login/logout events are correctly seen in Loginsight.
- In the NSX-T manager log syslog and nsxapi show the events received from LogInsight:
2022-05-12T08:53:01.509Z INFO http-nio-127.0.0.1-7440-exec-48 PolicyIdentityFacadeImpl 13474 FIREWALL [nsx@6876 comp="nsx-manager" level="INFO" reqId="4d66c423-fd15-450f-8b2f-6e441441ffff" subcomp="manager" username="admin"] Received response for /api/v1/idfw/user-session-data as IdfwUserSessionDataAndMappingsDto{activeUserSessions='..........
IdfwUserSessionDataDto{id='ffccddvv-467c-46b4-a675-aa1227babe58', domainName='CORP', userName='username', userId='88779900-4a2f-42d9-b4ae-8cad2f9ef3ec', vmExtId='', userSessionId='-444822456', loginTime='1652345418586', logoutTime='1652345421706', sessionSource='ELS'}........