I just bumped into a very strange behaviour after enabling FIPS Mode on vRLI 8.4.0 - so I wanted you to let you know the details before you go ahead and activate this Mode as well.
After the upgrade to version 8.4.0 (we were on 8.3.0) you have the option to Activate FIPS Mode under the Administration tab in vRLI (Configuration -> General). We wanted to activate this for security reasons. We use Active Directory as authentication method on vRLI.
So, we did a snapshot of the vRLI appliance first (lucky me!), activated the FIPS Mode and waited. (Note that after you activate the FIPS Mode, the appliance will restart but the Web UI stays) After the restart was complete we were not able to login through the Web UI anymore. We tried with several AD-accounts but had no luck. The only way was to login through SSH with the local admin account. After collecting a support bundle we reverted to the latest snapshot and everything worked fine again. The VMware Support had a look at the logs and found following very strange entry in runtime.log:
com.vmware.loginsight.rbac.RBACException: User [abcdefghi] not found in domain yyyyyy.xx.
We than doublechecked the settings under Administration -> Management > Access Control and under “Users and Groups” there was still an entry of a user that did not exist anymore (he left the company a couple of months ago). So it looks like that after enabling FIPS Mode, vRLI checks for all the accounts that you see in this view and if there is no such user in you AD environment, FIPS mode prevents you from logging in. After removing this user we did another attempt and now it worked as expected. Finally we are able to use vRLI as usual with FIPS mode enabled.
I do not know if this behaviour is also seen if you use VMware Identity Manager as Authetnication method. However, just make sure you clean up the entries under Access Control before activating FIPS Mode.