SRM Authentication Failure: The account of the user trying to authenticate is locked. :: User account locked: {Name: SRM-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX, Domain: XXXXXX.FQDN}

Products

VMware Live Recovery

Issue/Introduction

Symptoms:

The srm-server service is in a stopped state.
Reconfiguration of SRM appliance failed with folllowing error :
The following Error is noticed on the SRM UI: Unable to retrieve Site Recovery Manager summary data. Unable to connect to Site Recovery Manager Server at https://srm_FQDN:443/drserver/vcdr/vmomi/sdk. Reason: Unable to download versions file from Site Recovery Manager Server at https://vcenter_domain_FQDN:443/drserver/vcdr/vmomi/sdk. Http response: HTTP/1.1 503 Service Unavailable.
SRM remote connection shows not connected for the local site and unknown for the peer site

The vmware-dr. logs shows below events:

YYYY-MM-DDT13:29:37.841Z error vmware-dr[242214] [SRM@6876 sub=LocalSite.LocalStsServer.ConnHandler] Unable to retrieve token from STS:
--> N9SsoClient27InvalidCredentialsExceptionE Authentication failed: The account of the user trying to authenticate is locked. :: The account of the user trying to authenticate is locked. :: User account locked: {Name: SRM-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX, Domain: XXXXXX.FQDN}
--> [context]zKq7AVECAAQAANjOcAEMdm13YXJlLWRyAAAqIRxsaWJ2bWFjb3JlLnNvAAGRTwFsaWJzc29jbGllbnQuc28AAdeGAwGhfAMBz80CASMJAwHBLAMAzik0ANJCNADgfUkCsI4AbGlicHRocmVhZC5zby4wAAPf+g9saWJjLnNvLjYA[/context]

YYYY-MM-DDT13:29:37.841Z warning vmware-dr[242214] [SRM@6876 sub=LocalSite.LocalStsServer connID=sts-00b7] Failed to connect
--> N9SsoClient27InvalidCredentialsExceptionE Authentication failed: The account of the user trying to authenticate is locked. :: The account of the user trying to authenticate is locked. :: User account locked: {Name: SRM-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX, Domain: XXXXXX.FQDN}
--> [context]zKq7AVECAAQAANjOcAEMdm13YXJlLWRyAAAqIRxsaWJ2bWFjb3JlLnNvAAGRTwFsaWJzc29jbGllbnQuc28AAdeGAwGhfAMBz80CASMJAwHBLAMAzik0ANJCNADgfUkCsI4AbGlicHRocmVhZC5zby4wAAPf+g9saWJjLnNvLjYA[/context]

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242205] [SRM@6876 sub=SamlTokenFactory ctxID=4ea03544] Signing certificates were reset.

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242192] [SRM@6876 sub=LocalSite.LocalAuthzServer connID=authz-d93f ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242209] [SRM@6876 sub=LocalSite.LocalCisLicenseServer connID=license-da75 ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242206] [SRM@6876 sub=LocalSite.LocalSmsServer connID=sms-2b8d ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242211] [SRM@6876 sub=LocalSite.LocalPbmServer connID=pbm-b1cc ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242212] [SRM@6876 sub=LocalSite.LocalSsoServer connID=sso-7baf ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242188] [SRM@6876 sub=LocalSite.LocalDsServer connID=ds-2bd2 ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242186] [SRM@6876 sub=LocalSite.LocalVcServer connID=vc-daed ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:29:37.842Z info vmware-dr[242207] [SRM@6876 sub=LocalSite.LocalSaMgmtServer connID=samgmt-49d6 ctxID=e0ad864b] Received an SSO connection down event

YYYY-MM-DDT13:30:32.790Z verbose vmware-dr[242207] [SRM@6876 sub=LocalSite.LocalAuthzServer connID=authz-d93f] Attempting to connect

YYYY-MM-DDT13:30:32.791Z verbose vmware-dr[242187] [SRM@6876 sub=LocalSite.LocalAuthzServer connID=authz-d93f] Failed to connect
--> N7Vmacore23NotInitializedExceptionE Not initialized: AuthzConnectionHandler STS

YYYY-MM-DDT13:30:32.791Z verbose vmware-dr[242210] [SRM@6876 sub=LocalSite.LocalCisLicenseServer connID=license-da75] Attempting to connect

YYYY-MM-DDT13:30:32.791Z verbose vmware-dr[242210] [SRM@6876 sub=LocalSite.LocalAuthzServer.PropertyFetcher ctxID=2e2e4a2a] Clearing the last effective VMODL version.

YYYY-MM-DDT13:30:32.791Z verbose vmware-dr[242210] [SRM@6876 sub=LocalSite.LocalCisLicenseServer connID=license-da75] Failed to connect
--> N7Vmacore23NotInitializedExceptionE Not initialized: CisLicenseConnectionHandler STS

Environment

VMware Live Site Recovery 9.x

Cause

SRM became non-operational because the SRM service principal account in vCenter Single Sign-On was locked.
Since SRM authentication depends on this auto-generated managed account, a locked state prevented STS token retrieval, causing the SRM server service to fail at startup.

“InvalidCredentialsException: Authentication failed: The account of the user trying to authenticate is locked.”
“User account locked: {Name: SRM-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}”
Shortly after authentication failure, all internal SRM components reported SSO connection down events (e.g., AuthzServer, LicenseServer, PBM, SMS, VC server connectors).
Additional entries showed:
“NotInitialized: AuthzConnectionHandler STS”
This confirmed that SRM could not initialize because SSO authentication was blocked, resulting in the SRM service failing to start.

Resolution

Remove the Existing SRM User in vCenter

Navigate to vCenter UI → Administration → Access Control → Global Permissions
Locate the SRM service user:
SRM-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Delete the entry

2. Reconfigure the SRM Appliance

Access the SRM Appliance Management UI:
https://<SRM-FQDN>:5480
Open the Summary page, select RECONFIGURE
Complete the guided reconfiguration workflow.

The reconfiguration recreates the SRM service principal account with a fresh password and restores authentication linkage between SRM and vCenter.

Additional Information

VMware Live Site Recovery Authentication