VMware NSX

The exact root cause for this behavior could not be determined. Despite a thorough investigation of the NSX Manager logs (including auth.log and syslog), no specific error messages, timeouts, or authentication failures were recorded for the affected user.

To resolve this, you must refresh the user's identity mapping by removing and re-adding them within the NSX identity management settings.

Step-by-Step Fix:

1. Log in to the NSX Manager UI using an account with Enterprise Administrator privileges.

2. Navigate to System > User Management (or Users and Roles depending on your version).

3. Locate the Users tab.

4. Find the affected LDAP user in the list.

5. Select the user and click Delete.

   • Note: This only removes the user's mapping/permissions within NSX; it does not delete the user from your actual LDAP/Active Directory server.

   • If the affected user account is utilized by third-party tools (e.g., monitoring software, backup solutions) or other internal Broadcom products (e.g., vRealize Operations, vRealize Automation, or VMware Aria), ensure that the removal and re-addition of the user does not break the synchronization or API authentication for those products. You may need to re-validate the connection or update the credentials within the integrated tool's configuration immediately after the user is re-added in NSX.

6. Click Add > Role Assignment for LDAP User.

7. Search for the user again, select the appropriate Domain, and re-assign the required Roles.

8. Click Save.

9. Ask the affected user to clear their browser cache and attempt to log in again.

If the issue is not fixed by following the above steps, please open a Support Case with Broadcom with NSX Manager support bundle that includes the auth.log and syslog files covering the timeframe of the failed login attempts.