NSX LDAP user login failed with error code 99
search cancel

NSX LDAP user login failed with error code 99

book

Article ID: 378084

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

After configuring LDAP server with a Windows AD server, the connection check for the LDAP server succeed but the user with an assigned role through group membership could not log on to NSX UI using AD account name such as [email protected]

The NSX UI will change to a simple error output similar to:

Pre NSX 4.2.0 (including NSX-T 3.x):

{
    "module_name": "common-services",
    "error_message": "Internal server error has occurred.",
    "details": "1",
    "error_code": 99
}

Post NSX 4.2.0:

{
    "module_name": "common-services",
    "error_message": "Internal server error has occurred.",
    "details": "Index 1 out of bounds for length 1 ",
    "error_code": 99
}

Checking this user's Windows AD account in a domain controller, we can see that the user has a logon name, aka "userPrincipleName", as simply "username@", instead of "username@domain".

Environment

VMware NSX-T 3.x and VMware NSX 4.x

Cause

This is caused by the user having an incomplete UPN without the domain part after the @. 

Resolution

To resolve this issue, the Windows AD administrator user should update their AD user accounts with proper UPN suffix. 

Powered by Wolken Software