• When the certificate for an Active Directory server is modified, the configuration must be updated in NSX Manager.
• Until it is updated, attempting to log into NSX Manager with an AD user fails with below.
  Your login attempt was not successful. 
The username/password combination is incorrect or the account specified has been locked.
  
• In the NSX UI, testing the 'Connection Status' for the LDAP Server(s) under System > User Management > LDAP shows it is in 'Success' state.
  
  
  
  
• NSX Manager command line we would notice below error for "openssl" output.
  
  
  
• NSX manager var/log/syslog contains logs similar to below
  2025-10-21T03:31:35.799Z nsxmgr-01 NSX 1734427 - [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="http"] Cannot connect to LDAP server: No issuer certificate for certificate in certification path found.
2025-10-21T03:31:35.815Z nsxmgr-01 NSX 1734427 - [nsx@6876 comp="nsx-manager" level="WARNING" subcomp="http"] password grant flow authentication failed
2025-10-21T03:31:35.818Z nsxmgr-01 NSX 1734427 SYSTEM [nsx@6876 audit="true" comp="nsx-manager" level="INFO" subcomp="http"] UserName="a_a#######.com.au@10.##.##.26", ModuleName="ACCESS_CONTROL", Operation="LOGIN", Operation status="failure"

VMware NSX

NSX manager's connection to an LDAP server fails due to a mismatch between the certificate information stored in NSX Manager and the active certificate on the LDAP server LDAP server should also have a complete chain of trust certificates before importing to NSX Manager. NSX requires complete chain of trust certificates " Server, Intermediate, Root " for LDAPS to work.

• Obtaining the LDAP Server certificate. Run command on NSX manager command line : "openssl s_client -connect <LDAP server FQDN or IP>:636 -showcerts"
• Checked the certificate information from the output and compared it to the certificate information saved in NSX Manager. In the NSX Manager UI log in as admin, navigate to System > User Management > Authentication Providers > LDAP and expand the details for the LDAP Server.
• After verifying that the certificate information does not match, NSX requires complete chain of trust certificates " Server, Intermediate, Root " from the LDAPS server [ LDAPS server should also be holding complete chain of trust certificates before importing to the NSX UI].
• After verifying that the certificate information does not match, edit the LDAP Server configuration in NSX Manager. Paste in the new certificate information obtained in step 1, fill in the credentials for the LDAP Server, click Add at the bottom, then Save.
• Verify that the connection is now successful by refreshing the test of the Connection Status.
• Ensure that the AD user(s) from the LDAP Server is now able to log into NSX Manager successfully.