• Users receive "invalid username or password, or too many active sessions" error when attempting to access the HCX UI
• The following error is observed in the file /common/logs/admin/web.log:

2025-04-13 14:54:42.555 UTC [https-jsse-nio-127.0.0.1-8443-exec-1, , , TxId: ] INFO  c.v.vchs.hybridity.api.LoginUtil- SSO Admin URL : https://"VCenterFQDN"/sso-adminserver/sdk/vsphere.local, username : "Domain\userid"
2025-04-13 14:54:53.317 UTC [https-jsse-nio-127.0.0.1-8443-exec-1, , , TxId: ] ERROR c.v.v.h.a.AccessTokenRestController- Failed to fetch NSP roles com.sun.xml.ws.client.ClientTransportException: HTTP transport error: java.net.UnknownHostException: "VCenterFQDN"
2025-04-13 14:54:53.336 UTC [https-jsse-nio-127.0.0.1-8443-exec-1, , , TxId: ] ERROR c.v.v.h.a.HybridityAuthenticationEntryPoint- Sending Response Error 401 for /hybridity/api/sessions
2025-04-13 14:55:47.651 UTC [https-jsse-nio-127.0.0.1-8443-exec-5, , , TxId: ] ERROR c.v.v.h.adapters.sts.StsAdapter- STS login error: {
    "status": "FAILURE",
    "failure": "UnknownHostException",
    "details": "java.net.UnknownHostException: "VCenterFQDN": Temporary failure in name resolution\n\tat java.base\/java.net.Inet4AddressImpl.lookupAllHostAddr(Native Method)

• DNS resolution fails for the vCenter:

nslookup "VCenterFQDN"
;; communications error to 127.0.0.53#53: timed out
;; communications error to 127.0.0.53#53: timed out

The login fails on the HCX because it must communicate with the vCenter to gather information about the users in the assignment group. Therefore, DNS resolution is necessary for this communication.

Ensure the VCenter FQDN is resolvable. The nslookup command is very helpful for this investigation.

Please note that the error message "Invalid username or password, or too many active sessions" may also occur in HCX 4.10.2 due to the issue described in the Broadcom KB:
Unable to login to HCX UI with the error message "invalid username or password, or too many active sessions"