NSX-T login with vIDM fails with: "Unauthorized","error_code":98"
search cancel

NSX-T login with vIDM fails with: "Unauthorized","error_code":98"


Article ID: 322543


Updated On:


VMware NSX Networking


  • vIDM is used to login to the NSX-T managers.
  • You have recently upgraded to 3.2.2.
  • After the upgrade, you are unable to login using a vIDM account and are presented with the following error:
  • If you then open a new tab, it may allow you to login.
  • The following error may be seen in log: /var/log/proxy/reverse-proxy.log
2023-01-06T06:02:38.247Z  INFO grpc-default-executor-124 HttpClientUtil 77154 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] Making request to
2023-01-06T06:02:38.250Z  INFO Processing request 76b27b59-8d98-41db-b972-0fb255bec7a8 CustomOAuth2AuthorizationRequestRedirectFilter 77154 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] OAuth2AuthorizationRequestRedirectFilter will be bypassed
2023-01-06T06:02:38.502Z  INFO grpc-default-executor-124 HttpClientUtil 77154 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] Request executed, response = HttpResponseProxy{HTTP/1.1 401  [Set-Cookie: JSESSIONID=FF10xxxxxxxx1238; Path=/; Secure; HttpOnly; SameSite=Strict, Cache-Control: no-cache, no-store, max-age=0, must-revalidate, Pragma: no-cache, Expires: 0, X-XSS-Protection: 1; mode=block, X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff, Content-Type: application/json;charset=UTF-8, Content-Length: 79, Date: Fri, 06 Jan 2023 06:02:38 GMT, Keep-Alive: timeout=60, Connection: keep-alive] ResponseEntityProxy{[Content-Type: application/json;charset=UTF-8,Content-Length: 79,Chunked: false]}}

Note: The above line is not always an indication you are encountering this issue, it may be due to other reasons.

  • As root user on the NSX-T managers, checking the file '/opt/vmware/proxy-tomcat/conf/context.xml' you will see the following entry:

<CookieProcessor sameSiteCookies="strict" />


VMware NSX-T Data Center


A issue occurred due to some changes made on these versions which prevents vIDM redirect from occurring correctly.


This is a known issue impacting NSX and NSX-T data center.

On each NSX-T manager do the following:
Login as root
cp /opt/vmware/proxy-tomcat/conf/context.xml /root/context.xml.bak
vi /opt/vmware/proxy-tomcat/conf/context.xml
Remove line 14: <CookieProcessor sameSiteCookies="strict" />
systemctl restart proxy
Note: Restarting the service proxy, will impact your ability to connect to the manager until the service completes the restart.
Repeat the steps on all three managers, one by one.
These changes are localized to the NSX-T manager, if a manager is replaced, you will need to apply the changes again.