LDAP or local users with a special character in their username or password cannot login to NSX.
search cancel

LDAP or local users with a special character in their username or password cannot login to NSX.

book

Article ID: 367490

calendar_today

Updated On: 02-21-2025

Products

VMware NSX

Issue/Introduction

  • All NSX versions.
  • LDAP user has a special character in username or password.
  • Local user has a special character in the password.
  • This user does have a special character, such as the British pound sign (£), in their user name or their password.
  • The user will see the message "Your login attempt was not successful. The username/password combination is incorrect or the account specified has been locked." even though the correct username and password were provided.

Environment

VMware NSX 4.2.0.x
VMware NSX 4.1.x
VMware NSX 4.0.x
VMware NSX-T Data Center

Resolution

This issue is resolved in VMware NSX 4.2.1, available at Broadcom downloads.

If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

 

For a workaround that resolves the issue for LDAP and local users, use only special characters defined in ISO-8859-1 character set in usernames and passwords:

!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~

If a username or password cannot be changed, an alternative workaround will allow correct processing of all special characters for LDAP users. This workaround will not fix the issue for local user. 

  1. SSH into the NSX Manager as root
  2. Back up the configuration file:
    cp /opt/vmware/proxy-tomcat/webapps/ROOT/WEB-INF/web.xml /root
  3. Edit the file:
    1. Find the section that reads:
      <!-- Initializes API leader manager -->
      <listener>
              <listener-class>com.vmware.nsx.management.api.leader.ApiLeaderInitializationListener</listener-class>
      </listener>
    2. After that section, add the following block:
      <filter>
              <filter-name>encodingFilter</filter-name>
      <filter-class>
              org.springframework.web.filter.CharacterEncodingFilter
      </filter-class>
      <init-param>
              <param-name>encoding</param-name>
              <param-value>UTF-8</param-value>
      </init-param>
      <init-param>
              <param-name>forceEncoding</param-name>
              <param-value>false</param-value>
      </init-param>
      </filter>
      <filter-mapping>
              <filter-name>encodingFilter</filter-name>
              <url-pattern>/*</url-pattern>
      </filter-mapping>
    3. Save the file. 
  4. Restart the NSX Manager's authentication service:
    su admin "restart service auth"
  5. Repeat these steps on all remaining NSX managers.

In relation to the workaround, please note the following:

  • If the workaround is in place, please note that after the Managers will have been upgraded, the upgrade will overwrite the workaround, and it needs to be configured again.
  • Also, if a Manager is replaced/re-deployed, workaround needs to be introduced again.
  • Restart of Manager's authentication service doesn't impact NSX data plane. 

 

Powered by Wolken Software