PROBLEM: no domain user can login in vSphere Client, no backup process (Veeem) started with domain user account work.

SOLUTION: vCenter - lost SSO login capability (Authorize Exception Error) - Spiceworks

As Jeff I found on ssoAdminServer.log the following error:

"[2018-09-27 00:31:04,680 WARN  opID= DomainKeepAliveThread  com.vmware.vim.sso.admin.server.impl.KeepAlive] Unexpected exception in KeepAlive attempt.

com.rsa.common.ConnectionException: Error connecting to the identity source

Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://CONTROLLER.xxxxxx.yyy:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection CONTROLLER.xxxxxx.yyy:3269"

Then I run query over RSA Database in the table IMS_CERTIFICATES

SELECT [ID],[PURPOSE],[REF_ID],[DATA] FROM [RSA].[dbo].[IMS_CERTIFICATES]where [purpose] = 'LDAP_TRUSTED_CERT'

and the query give me 4 rows back.

At the time I copy&paste DATA column in a text file (renamed cacert.cer) to view what kind of certificate are inside to this column, and I found all four certificates are expired on 2014!

QUESTION: How it's possible only from 2018-09-27 we have the error if my certificate are expired 4 years ago

At the last I update the four rows of the table with my last domain ca certificate (in bas64) and restart all Vmware services.

After that change on RSA db, in the table IMS_CERTIFICATES all work without any problem.

QUESTION: Exist an vmware kb article or other vmware official docs to resolve this problem without change by hands the db ?