• After modifying the Service Account for HCX Manager registration with vCenter via HCX Manager Appliance (port 9443) under Configuration > vCenter Server. Users experience HCX Manager login failures with the following error message:
  "Invalid Username or password, or too many active sessions"


• When attempting to use the HCX Plugin via vCenter Server UI, the error below is displayed:
  Http failure response for https://<vc-ip/fqdn>/plugins/com.vmware.hcx.plugin~4.11.2.24933578~511660253/<hcx-ip/fqdn>-443/vsphere-client/ui/hcx/hcx-ui/rest/hybridity/api/sessions: 401 OK

• The HCX web.log file located at /common/logs/admin/ reports the following error:
  YYYY-MM-DD HH:MM:SS.SSS UTC [https-jsse-nio-8443-exec-3, , , TxId: ] INFO  c.v.i.token.impl.SamlTokenImpl- SAML token for SubjectNameId [value=<username>@<domain>, format=http://schemas.xmlsoap.org/claims/UPN] successfully parsed from XML
YYYY-MM-DD HH:MM:SS.SSS UTC [https-jsse-nio-8443-exec-9, , , TxId: ] WARN  c.v.vchs.hybridity.api.LoginUtil- Failed to get domain and alias map
com.vmware.vim.sso.admin.exception.NoPermissionException: null

Ensure the Service Account has the necessary SSO permissions to access identity sources and retrieve domain mappings. Without these privileges, HCX Manager authentication may fail, preventing successful login.

Workaround:

• Update the Service Account to the local vCenter account [email protected] for vCenter registration via HCX Manager Appliance (port 9443) under Configuration > vCenter Server.
• Validate that the Service Account used in HCX 9443 page for VC registration is part of SSO Administrators group.
  
  For detailed account and role requirements, refer to Broadcom's official HCX documentation.
  HCX Manager User Account and Role Requirements