Cannot login to vCenter with Domain user account "Invalid Credentials"
Article ID: 411315
Updated On:
Products
VMware vCenter Server
Issue/Introduction
All the AD user accounts work except one or a few user accounts
Environment
vSphere 7.x
vSphere 8.x
Cause
AD user accounts are set to Expiry in the Active Directory Users and Computers
/var/log/vmware/sso/websso.log
YYYY-MM-DDThh:mm:ss.683Z INFO websso[89:tomcat-http--43] [CorId=d000000e-2000-4000-9000-b00000000000] [auditlogger] \"user\":\"Domain\\\\user_name\",\"client\":\"192.x.x.x\",\"timestamp\":\"09/17/2025 13:46:ss.GMT\",\"description\":\"User Domain\\\\[email protected] failed to log in with response code 401\",\"eventSeverity\":\"INFO\",\"type\":\"com.vmware.sso.LoginFailure\"}
YYYY-MM-DDThh:mm:ss.683Z ERROR websso[89:tomcat-http--43] [CorId=d000000e-2000-4000-9000-b00000000000] com.vmware.identity.samlservice.AuthnRequestState] Caught Exception from authenticate com.vmware.identity.samlservice.SamlServiceException
YYYY-MM-DDThh:mm:ss.683Z INFO websso[89:tomcat-http--43] [CorId=d000000e-2000-4000-9000-b00000000000] com.vmware.identity.samlservice.impl.SAMLAuthnResponseSender] Responded with ERROR 401 message Invalid credentials
YYYY-MM-DDThh:mm:ss.755Z ERROR websso[52:tomcat-http--6] [CorId=d000000e-2000-4000-9000-b00000000000] [com.vmware.identity.idm.server.IdentityManager] Failed to authenticate principal [Domain\\user_name]for tenant [Domain.local]
javax.security.auth.login.LoginException: Login failedResolution
Set the User account "Never" to expire in AD
Feedback
Yes
No
Powered by
