HCX - Login is failing with "You don't have permissions to access this HCX system or too many active sessions. Try again after sometime"
search cancel

HCX - Login is failing with "You don't have permissions to access this HCX system or too many active sessions. Try again after sometime"

book

Article ID: 380516

calendar_today

Updated On:

Products

VMware HCX

Issue/Introduction

  • The following error message comes up when trying to login to HCX through vCenter HCX Plugin:

  • Active Directory, LDAP, or LDAPS is configured on vCenter using the domain alias and FQDN, for example: EXAMPLE.NET\group or EXAMPLE\group
  • In HCX Manager 9443, under Configuration > vSphere Role Mapping, the user groups are configured using either the FQDN or the alias/short domain name, but not both.
  • HCX standalone UI fails to authenticate when only alias/short domain name is added in HCX Role Mapping configuration.
  • HCX Plugin UI fails to authenticate when only FQDN is added added in HCX Role Mapping configuration.
  • In /common/logs/appliance-management/appliance-management.log you can see the following error:
     2024-09-13 10:23:53.384 UTC [https-jsse-nio-8443-exec-11, , , TxId: ] ERROR c.v.vchs.hybridity.api.LoginUtil- Could not assign NSP role based on logged in users VCenter user group memberships.
      Logged in user is member of following VCenter groups :
     EXAMPLE\HCX Administrator    <<<<<------------------------------ here
     Role mapping configuration is:
     [
      {
       "role": "System Administrator",
       "userGroups": [
        "EXAMPLE.net\\HCX Administrator",   <<<<<------------------------------ here
       ]
      },

Environment

HCX

Cause

HCX Manager detects that the vCenter user is part of the domain alias but not the FQDN (or vice versa), which causes the error to display on the vCenter plugin.

Resolution

This issue is resolved in VMware HCX 4.10.2 available at Broadcom Downloads.
If you are having difficulty finding and downloading software, please review the Download Broadcom products and software KB.

Workaround:

Login to HCX Manager UI over port 9443 (hcx.manager.fqdn:9443), under Configuration > HCX Role Mapping > Add both short name (alias) and full domain name with the user group for example:

one.example.com\User-Group, one\User-Group

 

Additional Information