SRM is trying to connect to vCenter using a disabled account which is flagged in Security Report. The account of the user trying to authenticate is locked : User account locked
Article ID: 406799
Updated On:
Products
VMware Live Recovery
VMware Aria Operations (formerly vRealize Operations) 8.x
Issue/Introduction
Security scans detect anonymous user logins to vCenter by SRM software every 5 minutes.
vmware-dr.log:
2025-07-29T16:08:35.105Z warning vmware-dr[01224] [SRM@6876 sub=Default opID=3e3578e2-login] Error while calling STS
--> N9SsoClient27InvalidCredentialsExceptionE Authentication failed: The account of the user trying to authenticate is locked. :: The account of the user trying to authenticate is locked. :: User account locked: {Name: admin, Domain: addomain.domain.com}
--> [context]zKq7AVECAAQAANjOcAEMdm13YXJlLWRyAAAqIRxsaWJ2bWFjb3JlLnNvAAGRTwFsaWJzc29jbGllbnQuc28AAdeGAwGhfAMBz80CASMJAwHBLAMAzik0ANJCNADgfUkCsI4AbGlicHRocmVhZC5zby4wAAPf+g9saWJjLnNvLjYA[/context]
2025-07-29T16:08:35.105Z verbose vmware-dr[01224] [SRM@6876 sub=Default opID=3e3578e2-login] CloseSession called for session; <52ade5d3-2d21-6e72-9085-be6d3b26702d, <UNIX '/run/vmware/srm/srm-socket'>, <UNIX ''>>
drconfig-audit.log:
2025-07-24T12:39:44.010Z error drconfig[01119] [SRM@6876 sub=Audit opID=8a1cb3ac-fe62-44fd-90c6-f299ffca38b1-getRunningBreakTask] [Failure] User:(null), Method:drConfig.cloud.CloudConnectionManager.getRunni
ngBreakTask, From:10.#.#.#
--> (drConfig.fault.NotAuthenticated) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> object = 'drConfig.cloud.CloudConnectionManager:DrConfigCloudConnectionManager',
--> privilegeId = "System.Read"
--> msg = ""
--> }
vmware-identity-sts.log:
2025-06-16T13:43:21.463Z WARN sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: 49
2025-06-16T13:43:21.463Z WARN sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldaps://addomain.domain.com, CN=Guest,OU=Disabled,OU=addomain,OU=Users,OU=Organization Resources,DC=addomain,DC=ad,DC=com]
2025-06-16T13:43:21.463Z ERROR sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.idm.server.ServerUtils] cannot establish ldap connection with URI: [ldaps://addomain.ad.com] because [Invalid credentials] therefore will not attempt to use any secondary URIs
2025-06-16T13:43:21.463Z ERROR sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.idm.server.IdentityManager] Failed to authenticate principal [admin] for tenant [vsphere.local] javax.security.auth.login.LoginException: Login failed
2025-06-16T13:43:21.583Z INFO sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.diagnostics.VmEventAppender] EventLog: source=[VMware Identity Server], tenant=[vsphere.local], eventid=[USER_NAME_PWD_AUTH_FAILED], level=[ERROR], category=[VMEVENT_CATEGORY_STS], text=[ParameterizedMessage[messagePattern=Failed to authenticate principal [{}]. User account locked., stringArgs=[admin], throwable=null]], detailText=[null], corelationId=[1e6d6953-####-4f57-####-272e1d8eac9f], timestamp=[1750081401583]
2025-06-16T13:43:21.583Z ERROR sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.idm.server.IdentityManager] Failed to authenticate principal [admin]. User account locked.
2025-06-16T13:43:21.583Z INFO sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.idm.server.IdentityManager] Authentication failed for user [admin] in tenant [vsphere.local] in [263] milliseconds with provider [addomain.ad.com] of type [com.vmware.identity.idm.server.provider.ldap.LdapWithAdMappingsProvider]
2025-06-16T13:43:21.583Z ERROR sts[49:tomcat-http--12] [CorId=1e6d6953-####-4f57-####-272e1d8eac9f] [com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.idm.UserAccountLockedException: User account locked: {Name: admin, Domain: addomain.ad.com}'
com.vmware.identity.idm.UserAccountLockedException: User account locked: {Name: admin, Domain: addomain.ad.com}
Environment
VMware vCenter Server 8.x
VMware Live Site Recovery 9.x
Cause
VMware Aria Operations is calling SRM through external APIs every 5 minutes.
Logs from Aria:
2025-07-31T12:58:54,012+0000 ERROR [Collector worker thread 24] (322) com.vmware.adapter3.applicationdiscovery.ServiceDiscoveryAdapter.initSRMData - [vCenter.broadcom.com] Exception occurred while trying to retrieve data from SRM :
java.util.concurrent.ExecutionException: java.lang.reflect.InvocationTargetException
at java.util.concurrent.FutureTask.report(Unknown Source) ~[?:?]
at java.util.concurrent.FutureTask.get(Unknown Source) ~[?:?]
at com.vmware.adapter3.applicationdiscovery.ServiceDiscoveryAdapter.initSRMData(ServiceDiscoveryAdapter.java:1048) ~[ServiceDiscoveryAdapter3.jar:?]
at com.vmware.adapter3.applicationdiscovery.ServiceDiscoveryAdapter.onCollect(ServiceDiscoveryAdapter.java:452) ~[ServiceDiscoveryAdapter3.jar:?]
at com.integrien.alive.common.adapter3.AdapterBase.collectBase(AdapterBase.java:776) ~[vrops-adapters-sdk.jar:?]
at com.integrien.alive.common.adapter3.AdapterBase.collect(AdapterBase.java:548) ~[vrops-adapters-sdk.jar:?]
at com.integrien.alive.collector.CollectorWorkItem3.run(CollectorWorkItem3.java:45) ~[vcops-collector-1.0-SNAPSHOT.jar:?]
at com.integrien.alive.common.util.ThreadPool$WorkerItem.run(ThreadPool.java:275) ~[vrops-adapters-sdk.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) ~[?:?]
at java.lang.Thread.run(Unknown Source) ~[?:?]
Caused by: java.lang.reflect.InvocationTargetException
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
at com.vmware.adapter3.applicationdiscovery.ServiceDiscoveryAdapter.lambda$initSRMData$4(ServiceDiscoveryAdapter.java:1041) ~[ServiceDiscoveryAdapter3.jar:?]
at java.util.concurrent.FutureTask.run(Unknown Source) ~[?:?]
at com.vmware.adapter3.applicationdiscovery.ServiceDiscoveryAdapter.initSRMData(ServiceDiscoveryAdapter.java:1047) ~[ServiceDiscoveryAdapter3.jar:?]
... 8 more
Caused by: com.vmware.adapter3.applicationdiscovery.srm.SRMConnectionException: Cannot log into SRM -- invalid login
at com.vmware.adapter3.applicationdiscovery.srm.SRMConnectionUtil.openSrmPort(SRMConnectionUtil.java:162) ~[?:?]
at com.vmware.adapter3.applicationdiscovery.srm.SRMConnectionUtil.getVMProtectionMap(SRMConnectionUtil.java:182) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
at com.vmware.adapter3.applicationdiscovery.ServiceDiscoveryAdapter.lambda$initSRMData$4(ServiceDiscoveryAdapter.java:1041) ~[ServiceDiscoveryAdapter3.jar:?]
at java.util.concurrent.FutureTask.run(Unknown Source) ~[?:?]
at com.vmware.adapter3.applicationdiscovery.ServiceDiscoveryAdapter.initSRMData(ServiceDiscoveryAdapter.java:1047) ~[ServiceDiscoveryAdapter3.jar:?]
... 8 more
Caused by: com.vmware.srm.InvalidLoginFaultMsg: Cannot complete login due to an incorrect user name or password.
Resolution
Launch VMware Aria Operations to edit and update the Default SRM Username and Password.
Feedback
Yes
No
Powered by
