• LDAP/LDAPS is configured in NSX as an identity source
• The LDAP connection shows up and green in NSX UI
• LDAP users are assigned roles in NSX
• However, when a LDAP user with an assigned role attempts to login,
• It fails with the error: "error_message": "Internal server error has occurred." error_code": 99

The NSX UI will change to a simple error output similar to:

Pre NSX 4.2.0 (including NSX-T 3.x):

{
    "module_name": "common-services",
    "error_message": "Internal server error has occurred.",
    "details": "1",
    "error_code": 99
}

Post NSX 4.2.0:

{
    "module_name": "common-services",
    "error_message": "Internal server error has occurred.",
    "details": "Index 1 out of bounds for length 1 ",
    "error_code": 99
}

Checking this user's Windows AD account in a domain controller, we can see that the user has a logon name, aka "userPrincipleName", as simply "username@", instead of "username@domain".

VMware NSX-T 3.x and VMware NSX 4.x

This issue occurs when the user has an incomplete UPN without the domain part after the @. 

To resolve the issue, the Windows Domain administrator will need to review and correct the AD accounts to have a correct UPN suffix.