• SRM adapter instances fail to connect with the SRM server. The following error can be seen for the SRM adapter accounts:
  
  Method drextapi.ServiceInstance.login threw undeclared fault of type drextapi.fault.ConnectionDownFault
  
  
  
  
  
• The /storage/vcops/log/collector.log event shows the following on Aria Operations:
  2025-05-09T07:19:14,392+0000 ERROR [TasksManager-TaskHandler-17556]  com.vmware.srm.vrops.SrmAdapter.onTest - Failed to create authenticated factory com.vmware.vim.binding.vmodl.fault.SystemError: Method drextapi.ServiceInstance.login threw undeclared fault of type drextapi.fault.ConnectionDownFault
• Checking the vCenter logs at the same time /var/log/vmware/sso/vmware-identity-sts.log we see the following:
  2025-05-09T02:18:54.544Z ERROR sts[41:tomcat-http--4] [CorId=uuid] [com.vmware.identity.idm.server.IdentityManager] Failed to authenticate principal [[email protected]] for tenant [vsphere.local]
javax.security.auth.login.LoginException: Login failed
2025-05-09T02:18:54.560Z INFO sts[41:tomcat-http--4] [CorId=uuid] [com.vmware.identity.diagnostics.VmEventAppender] EventLog: source=[VMware Identity Server], tenant=[vsphere.local], eventid=[USER_NAME_PWD_AUTH_FAILED], level=[ERROR], category=[VMEVENT_CATEGORY_STS], text=[ParameterizedMessage[messagePattern=Failed to authenticate principal [{}]. User password expired., stringArgs=[[email protected]], throwable=null]], detailText=[null], corelationId=[uuid], timestamp=[1746757134555]
  
  or in case of missing permission for SRM solution user you see below entries
  
  2024-01-03T14:31:09.895Z INFO sts[48:tomcat-http--10] [CorId=uuid] [com.vmware.identity.sts.impl.STSImpl] Entering issue() token...
2024-01-03T14:31:09.902Z INFO sts[48:tomcat-http--10] [CorId=uuid] [com.vmware.identity.idm.server.IdentityManager] Authentication succeeded for user [[email protected]] in tenant [vsphere.local] in [6] milliseconds with provider [vsphere.local] of type [com.vmware.identity.idm.server.provider.vmwdirectory.VMwareDirectoryProvider]
2024-01-03T14:31:09.913Z ERROR sts[48:tomcat-http--10] [CorId=92a73d98-92bd-4efd-87e5-6b87a26a91db] [com.vmware.identity.sts.impl.STSImpl] Throwing InvalidRequestException! Access not authorized!
2024-01-03T14:31:09.914Z INFO sts[48:tomcat-http--10] [CorId=92a73d98-92bd-4efd-87e5-6b87a26a91db] [com.vmware.identity.sts.ws.SOAPFaultHandler] Returning a SOAP Fault with code: ns0:InvalidRequest and description: Access not authorized!
• Checking further on vCenter logs /var/log/vmware/vmdird/vmdird.log we see the following for password expiration of SRM solution user.
  2025-05-09T05:43:09.445Z:t@140655867188800:ERROR: VmDirSendLdapResult: Request (Bind), Error (LDAP_INVALID_CREDENTIALS(49)), Message (), (0) socket (127.0.0.1)
2025-05-09T05:43:09.445Z:t@140655867188800:ERROR: Bind Request Failed (127.0.0.1) error 49: Protocol version: 3, Bind DN: "CN=SRM-uuid,cn=ServicePrincipals,dc=vsphere,dc=local", Method: SASL


Aria Operations 8.x

• This issue occurs due to SRM solution user authentication failure at vCenter layer.
• Possible causes can be
    1. Password expiration of the SRM Solution user
    2. Missing permissions for the SRM Solution user 

For missing permission of SRM solution user, check the following:

1. Run the following command on SSH session of the vCenter in question:
   /usr/lib/vmware-vmafd/bin/dir-cli service list
   It will ask for credentials "Enter password for [email protected]:"
2. The output will list all the solution users for the vCenter, you will see that the SRM solution user seen in the sts logs will be missing here.
3. Add the SRM solution user to the Act 
   /usr/lib/vmware-vmafd/bin/dir-cli group modify --name ActAsUsers --add SRM-uuid (as seen from vcenter sts logs)
   
   

For the password expired of SRM solution user, re-register SRM with vCenter server as described in SRM documentation

Also check KB for similar issue