• Multiple authentication failure error messages are reported in the vCenter logs.
• User(s) Active Directory (AD) accounts are being locked out due to too many failed login attempts.
• Despite of unlocking the account from the Active Directory, it gets locked out in 5 seconds.
• journalctl log may report below error,
  MM DD HH:MM:SS vCenterIP/FQDN vpxd[#####] : Event [#####] [1-1] [YYYY-MM-DD HH:MM:SS] [vim. event. BadUsernameSessionEvent] [error] [USERNAME@Domain] [] [#####] [Cannot login UserName@Domain@ClientIP]

The credentials stored on one or more integrations with vCenter were not updated after the password change, causing those systems to authenticate with the wrong password.

1. Identify the Client IP that is trying to use wrong credentials and trying to login to vCenter
   
   Review the journalctl logs of the vCenter to determine the source IP.

• • Login to the VCSA using SSH as root.
  • Run the following command:
    # journalctl -b 0|grep BadUsernameSessionEvent|grep Locked_Out_User_Account

In the following example output, the user account is "UserName@Domain" and it shows each time the IP address that is failing to login to the vCenter.
Event [#####] [1-1] [YYYY-MM-DDTHH:MM:SS] [vim. event. BadUsernameSessionEvent] [error] [UserName@Domain] [] [#####] [Cannot login UserName@Domain@ClientIP]


      2.  Update the AD credentials for every application or solution that appears in the logs as reporting a BadUsernameSessionEvent