I have had a strange thing happend in our 5.1 environment.
A specific AD user group had admin access to the whole environment. After renaming this group in AD and some waiting time, the access was still possible, but this groups members could not see anything else then the vCenter in their client. I thought, the SSO server is contacting the AD for any user logon procedures. The waiting time whos that there is still some replication happening and the permissions are not using the AD ID of the user but its exact name. Are there any way to rename groups and not to loose the permissions?
Just ran into a similar issue. After renaming a few AD user accounts, they were unable to login in the vsphere client anymore.
Contacted the VMWare support and their technician ran a few query on our SSO database (RSA) through SQL Management Studio.
He first retrieved the ID of the user by searching the old username :
SELECT ID,LOGINUID from IMS_PRINCIPAL_DATA where LOGINUID like 'old_username'
Then he ran these 2 queries to delete any references of the user's ID :
DELETE from IMS_PRINCIPAL_DATA where ID = 'retrieved_user_id'
DELETE from IMS_PRINCIPAL_LOGIN_DATE where PRINCIPAL_ID = 'retrieved_user_id'
We were then able to login with the new username.
Hope this helps.
6.0 U2. Same problem here. AD is configured as LDAP access (non-integrated). Renaming AD group breaks permissions. Unfortunately SQL solution no longer works as database structure seems to be different.