NSX LDAP user login failed with error code 99
search cancel

NSX LDAP user login failed with error code 99

book

Article ID: 378084

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • LDAP/LDAPS is configured in NSX as an identity source
  • The LDAP connection shows up and green in NSX UI
  • LDAP users are assigned roles in NSX
  • However, when a LDAP user with an assigned role attempts to login,
  • It fails with the error: "error_message": "Internal server error has occurred." error_code": 99

The NSX UI will change to a simple error output similar to:

Pre NSX 4.2.0 (including NSX-T 3.x):

{
    "module_name": "common-services",
    "error_message": "Internal server error has occurred.",
    "details": "1",
    "error_code": 99
}

Post NSX 4.2.0:

{
    "module_name": "common-services",
    "error_message": "Internal server error has occurred.",
    "details": "Index 1 out of bounds for length 1 ",
    "error_code": 99
}

Checking this user's Windows AD account in a domain controller, we can see that the user has a logon name, aka "userPrincipleName", as simply "username@", instead of "username@domain".

Environment

VMware NSX-T 3.x and VMware NSX 4.x

Cause

This issue occurs when the user has an incomplete UPN without the domain part after the @. 

Resolution

To resolve the issue, the Windows Domain administrator will need to review and correct the AD accounts to have a correct UPN suffix.