In VMware Identity Manager (vIDM), the admin account is repeatedly locked despite using the correct credentials. This issue persists even after resetting the password, with the account being locked again after a few successful logins. The problem is often accompanied by logs showing multiple failed login attempts originating from various endpoints integrated with vIDM. These endpoints continue attempting to authenticate using the old admin credentials, causing the account to lock.

VMware Identity Manager (vIDM) 3.3.x

The issue occurs when the admin account password is changed in vIDM, but the new password is not propagated to external endpoints that use vIDM for authentication. These integrated services continue to send API requests using the outdated password, resulting in repeated failed login attempts and subsequent account lockout. The specific error, as seen in the logs, is tied to excessive authentication attempts from the endpoint using the old password.

To resolve this issue, follow these steps:

Update Passwords on Integrated Endpoints:

After changing the admin password in vIDM, ensure that the new credentials are updated in all integrated endpoints (e.g., Skyline Collector, Aria Operations for Logs, Aria lifecycle Manager, Aria operations etc.).
For each integrated service, log in to its configuration settings and update the vIDM admin password.

Monitor for Failed Login Attempts:

Access the Audit Events in vIDM by navigating to Dashboard -> Reports -> Audit Events to check for failed login attempts.
Additionally, monitor the /opt/vmware/horizon/workspace/logs/horizon.log file for log entries like the following:

2024-09-24T02:33:13,046 WARN  (Thread-5) [Hostname;-;xx.xx.xx.xx;] com.vmware.vidm.password.impl.PasswordLocker - User password locked due to maximum attempts: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2024-09-24T03:38:17,689 WARN  (Thread-8) [Hostname;-;xx.xx.xx.xx;] com.vmware.vidm.password.impl.PasswordLocker - User password locked due to maximum attempts: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2024-09-24T05:13:13,889 WARN  (Thread-1013014) [Hostname;-;xx.xx.xx.xx;] com.vmware.vidm.password.impl.PasswordLocker - User password locked due to maximum attempts: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

You can see the IP xx.xx.xx.xx in above messages trying to lock the account due to incorrect passwords. 

WARN com.vmware.vidm.password.impl.PasswordLocker - User password locked due to maximum attempts

Identify the IP addresses associated with failed login attempts and trace them back to specific endpoints and update the password.