Intermittently can not login to vCenter via Active Directory user from third party program. Error : "Cannot complete login due to an incorrect username or password"
search cancel

Intermittently can not login to vCenter via Active Directory user from third party program. Error : "Cannot complete login due to an incorrect username or password"

book

Article ID: 388163

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Issue/Introduction

  • When trigger login with AD user from third party program, then there is intermittent failure with error "Cannot complete login due to an incorrect username or password"
  • vCenter is configured to use external Active Directory over LDAPs as Identity Source, and there are several AD controllers to provide service
  • Below log snippets are observed in vmware-identity-sts.log

YYYY-MM-DDTHH:MM:SS WARN sts[57:tomcat-http--11] [CorId=7e77bdde-0422-4ede-972a-4b6812df9ac1] [com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 49

YYYY-MM-DDTHH:MM:SS WARN sts[57:tomcat-http--11] [CorId=7e77bdde-0422-4ede-972a-4b6812df9ac1] [com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldap://example.com, CN=User,OU=it,OU=internal,DC=example,DC=com]

YYYY-MM-DDTHH:MM:SS ERROR sts[57:tomcat-http--11] [CorId=7e77bdde-0422-4ede-972a-4b6812df9ac1] [com.vmware.identity.idm.server.ServerUtils] cannot establish ldap connection with URI: [ldap://example.com] because [Invalid credentials] therefore will not attempt to use any secondary URIs

YYYY-MM-DDTHH:MM:SS ERROR sts[57:tomcat-http--11] [CorId=7e77bdde-0422-4ede-972a-4b6812df9ac1] [com.vmware.identity.idm.server.IdentityManager] Failed to authenticate principal [[email protected]] for tenant [vsphere.local]
javax.security.auth.login.LoginException: Login failed
Caused by: com.vmware.identity.interop.ldap.InvalidCredentialsLdapException: Invalid credentials

 

Environment

  • VMware vCenter Server Appliance 8.0
  • VMware vCenter Server Appliance 7.0

Cause

  • Issue comes from external AD controllers.
  • Intermittently login failure with mentioned [email protected] from vCenter to AD controllers, and response from AD controller is "Invalid Credential".
  • Use below command to check from vCenter to each back end AD controller separately, and check response from AD controller

 



Resolution

Please reach to AD controller to check further.

Powered by Wolken Software