NSX "/data/nsx.py": "The credentials were incorrect or the account specified has been locked."
search cancel

NSX "/data/nsx.py": "The credentials were incorrect or the account specified has been locked."

book

Article ID: 429672

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • The following error is observed when running the /data/nsx.py script:
    "/data/nsx.py", line 527, in _nsx_query
    raise NSXException("Unable to communicate with NSX-T manager: error code: %d, message: %s" %(response.status_code, response.text))
    nsx.NSXException: Unable to communicate with NSX-T manager: error code: 403, message: {"module_name":"common-services","error_message":"The credentials were incorrect or the account specified has been locked.","error_code":403}
  • From the NSX Manager logs /var/log/syslog, the following errors are observed:

    <timestamps> <hostname> NSX 74375 - [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="http"] Account <account-name>@<LDAPS-FQDN>@<IP> has been temporarily locked for 900 seconds after 3 consecutive failed login attempts.

    <timestamps>  INFO grpc-default-executor-965961 HttpClientUtil 74375 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] Making request to http://127.0.0.1:6565/api/v1/<API>
    <timestamps>  INFO Processing request ########-####-####-####-############ NsxBasicAuthenticationFilter 74375 - [nsx@6876 comp="nsx-manager" level="INFO" subcomp="http"] Account is temporarily locked

     

  • In some cases, you may still observe connectivity issues to the LDAPS server, similar to the following:
    <timestamps>  WARN Processing request #######-####-####-####-############ DelegatingLdapAuthProvider 74375 - [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="http"] Cannot connect to LDAP server: Connect timed out
    org.springframework.ldap.CommunicationException: <LDAP-Server-FQDN>:636; nested exception is javax.naming.CommunicationException: <LDAP-Server-FQDN>:636 [Root exception is java.net.SocketTimeoutException: Connect timed out]
    Caused by: java.net.SocketTimeoutException: Connect timed out

Environment

VMware NSX

Resolution

Ensure there are no connectivity issues from the NSX Manager to the LDAP server.

If the error persists:

  1. Engage the Active Directory team to identify the source of the account lockouts.
  2. Update the correct credentials wherever necessary.

If you believe you have encountered this issue, open a support case with Broadcom Support and refer to this KB article.

For more information, see Creating and managing Broadcom support cases.

Powered by Wolken Software