Domain Authentication Fails with Incorrect Username or Password in VMware Identity Manager
search cancel

Domain Authentication Fails with Incorrect Username or Password in VMware Identity Manager

book

Article ID: 440184

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Domain account authentication to vIDM fails with "incorrect username/password" errors for all domain user IDs, despite confirming the credentials are valid.

A review of the /opt/vmware/horizon/workspace/logs/horizon.log reveals following events:

com. vmware. horizon. directory. ldap. LdapDirectoryService - User <Username> not found under base DN - FAILURE
com. vmware. horizon. adapters.passwordAdapter. PasswordIdpAdapter - attribute : email
com. vmware . horizon. adapters . passwordAdapter. PasswordIdpAdapter - User Email attribute :
com. vmware. horizon. adapters . passwordAdapter. PasswordIdpAdapter - outside if email HIDDEN
com. vmware . horizon. adapters. passwordAdapter. PasswordIdpAdapter - attribute : userInput
com. vmware. horizon. adapters . passwordAdapter . PasswordIdpAdapter - outside if userInput HIDDEN

Environment

VMware Identity Manager 3.3.7

Cause

Domain authentication fails because Active Directory is synchronized using the userPrincipalName (UPN) rather than the sAMAccountName.

Resolution

  • To resolve this issue, ensure you are using the correct username format based on your Active Directory synchronization method:

    • If synced via SAM Account Name: Enter the username in the standard USERNAME format.

    • If synced via User Principal Name (UPN): Enter the username in the USERNAME@DOMAIN format. A UPN combines the user account name (prefix) and the DNS domain name (suffix) separated by an @ symbol (for example, [email protected]).

    Additional Information

    Active Directory sync and authentication with multiple domains

    Powered by Wolken Software