• STS is a web service that issues, validates, and renews security tokens. 
• STS service starts but after some time becomes degraded.

vCenter 7.x

vCenter 8.x

vCenter 9.x

STS service is being overwhelmed by failed login from user account that has bad password.

vmware-identity-sts.log 

YYYY-MM-DDTHH:MM:SS.###Z ERROR sts[###:tomcat-http--###] [CorId=########-####-####-####-############] [com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.idm.PasswordExpiredException: User account expired: {Name: svc_lm, Domain: <domain>}'

vmdird-syslog.log

YYYY-MM-DDTHH:MM:SS.######-##:## err vmdird  t@############: VmDirSendLdapResult: Request (Bind), Error (LDAP_INVALID_CREDENTIALS(49)), Message ((49)(SASL step failed.)), (0) socket (###.###.###.###)
YYYY-MM-DDTHH:MM:SS.######-##:## err vmdird  t@############: Bind Request Failed (###.###.###.###) error 49: Protocol version: 3, Bind DN: "cn=<user>,cn=Users,dc=<domain>,dc=<domain>", Method: SASL
YYYY-MM-DDTHH:MM:SS.######-##:## err vmdird  t@############: SASLSessionStep: sasl error (-13)(SASL(-13): authentication failure: client evidence does not match what we calculated. Probably a password error)

Update credentials in vCenter to match credentials that are being used by service or application.