Adding LDAP server to IDFW gets error 524007 "The credentials were incorrect or the account specified has been locked."
search cancel

Adding LDAP server to IDFW gets error 524007 "The credentials were incorrect or the account specified has been locked."

book

Article ID: 399446

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

  • When adding an LDAP server for IDFW Configuration you receive the error "Error: The credentials were incorrect of the account specified has been locked. (Error code: 524007)"
  • Attempting to correct the error using different user account, hostname, LDAP/S or confirming user credentials are correct will see the same error. 
  • You may see the following errors in the NSX Manager log file /var/log/syslog

20XX-XX-XXT15:31:59.229Z ######## NSX 76893 FIREWALL [nsx@6876 comp="nsx-manager" level="WARNING" reqId="########-####-####-####-########4901" subcomp="manager" username="######"] Error in IDFW api /api/v1/directory/ldap-server?action=CONNECTIVITY for EP /global-infra/sites/<GlobalSiteName>/enforcement-points/default. Error Message - The credentials were incorrect or the account specified has been locked.

  • From an NSX Manager node, as root user, run the following command and locate any Key "stringId" and this will show a global site name with enforcement-point

/opt/vmware/bin/corfu_tool_runner.py -n nsx -o showTable --tool corfu-browser -t EnforcementPoint

  • Sample output from the above command

Key:
{
  "stringId": "/global-infra/sites/<GlobalSiteName>/enforcement-points/default"
}

And part of payload will show parentPath same as syslog string and isGlobalConfig set to "true"
    },
    "isGlobalConfig": true,
    "parentPath": "/global-infra/sites/<GlobalSiteName>",
    "ownerId": {
  },
  "enforcementPointTypeInfo": {
    "enforcementPointType": "ENFORCEMENT_POINT_TYPE_NSXT"

Environment

VMWare NSX

Cause

During Federation offboarding you may have a case where some objects are left behind after removing Global Manager site from NSX.

Resolution

If you believe you have encountered this issue, please open a support case with Broadcom Support and refer to this KB article.

For more information, see Creating and managing Broadcom support cases.

Additional Information

Powered by Wolken Software