• ^{AD users fail to log in to the vSphere Client.}
• ^{The vCenter Server is integrated with Active Directory over LDAP.}
• ^{The following errors may be observed in the logs:}

/var/log/vmware/Likewise.log

ERROR lwio: [0x#####] GSS-API error calling gss_init_sec_context: ##### (<null>)

ERROR lwio: [0x#####] GSS-API error calling gss_init_sec_context: ##### (<null>)

ERROR lwio: [0x#####] GSS-API error calling gss_init_sec_context: ##### (<null>)

/var/log/vmware/sso/vmware-identity-sts.log

[com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 49

[com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldap://#####.com, #####.#####@#####.com] 

[com.vmware.identity.idm.server.ServerUtils] cannot establish ldap connection with URI: [ldap://#####.com] because [Invalid credentials] therefore will not attempt to use any secondary URIs

[com.vmware.identity.idm.server.provider.ldap.LdapWithAdMappingsProvider] Failed to retrieve upnSuffixes in AD over LDAP provider '#####.com' com.vmware.identity.interop.ldap.InvalidCredentialsLdapException: Invalid credentials

/var/log/vmware/sso/websso.log

 {\"user\":\"#####\",\"client\":\"##.##.##.##\",\"timestamp\":\"##/##/#### ##:##:## GMT\",\"description\":\"User #####@##.##.##.## failed to log in with response code 401\",\"eventSeverity\":\"INFO\",\"type\":\"com.vmware.sso.LoginFailure\"}

^{VMware vCenter Server 7.x}

^{VMware vCenter Server 8.x}

^{The vCenter Server was configured to connect to the LDAP directory using a bind account with invalid or outdated credentials. As a result, the LDAP bind request failed, and AD users were unable to authenticate.}

• ^{Log in to the vCenter Server using the vSphere Client with an account that has administrative privileges ([email protected]).}

• ^{Navigate to: Menu > Administration > Single Sign-On > Configuration > Identity Sources}

• ^{Edit the existing LDAP identity source:}

• ^{Update the bind DN (Distinguished Name) user credentials with valid credentials.}

• ^{Click Save to apply changes.}

• ^{Retry logging in with an AD user to confirm the issue is resolved.}

^{If LDAP bind credentials are invalid, the vCenter Server cannot query the LDAP directory, and all AD-based authentication will fail.}

^{LDAP error code 49 is commonly associated with invalid credentials.}

^{If the credentials change (e.g., due to password expiration), the bind account must be updated in the vCenter Server configuration.}

^{Configuring Active Directory over LDAP authentication: https://knowledge.broadcom.com/external/article/316596}