NetWorker: Invalid Username Or Password Error When Logging Into VCUI

Summary: Active Directory (AD) user cannot log in to Virtual Computer User Interface (VCUI) at https://nsr:9090/vcui, receiving "Invalid Username or Password" error, despite being part of Application Administrator Group and able to log in to Network Management Console (NMC) and NetWorker User Interface (NWUI) ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The user receives an error message when attempting to log in to VCUI.

The user is part of AD/LDAP, integrated in NetWorker.

The error message is seen as a pop-up in the VCUI web page: "OK - Invalid Username or Password."

The same user can successfully log in to NWUI.

The vcui.log file shows:

2025-07-03 07:23:32,642 [https-jsse-nio-9090-exec-7] INFO c.e.n.c.n.i.NwRestApiBase.buildWebResourceFromUri 171 - Call NW: [https://nsr:9090/nwrestapi/v3/]
2025-07-03 07:23:32,663 [https-jsse-nio-9090-exec-7] INFO  c.e.n.c.n.impl.GlobalApi.validateNwLogin 58 - Got response.
2025-07-03 07:23:32,663 [https-jsse-nio-9090-exec-7] INFO  c.e.n.c.n.impl.GlobalApi.validateNwLogin 68 - isValidated: true
2025-07-03 07:23:32,664 [https-jsse-nio-9090-exec-7] INFO  c.e.n.c.n.i.InternalApi.validateAdminLogin 36 - Testing provided credentials for nwcalls
2025-07-03 07:23:32,664 [https-jsse-nio-9090-exec-7] DEBUG c.e.n.c.u.IPAddressUtility.formatHostnameForURL 221 - Returning formatted url: nsr
2025-07-03 07:23:32,664 [https-jsse-nio-9090-exec-7] DEBUG c.e.n.c.n.i.NwRestClientSingleton.getInstance 54 - getInstance() method started: check INSTANCE: com.emc.nw.common.nwrestapi.impl.NwRestClientSingleton@77d9c8bb
2025-07-03 07:23:32,665 [https-jsse-nio-9090-exec-7] INFO  c.e.n.c.n.i.NwRestApiBase.buildWebResourceFromUri 171 - Call NW: [https://nsr:9090/nwrestapi/v3/internal/users/default%255Camer.lan%255Ctest_user]
2025-07-03 07:23:32,678 [https-jsse-nio-9090-exec-7] INFO  c.e.n.c.n.i.InternalApi.validateAdminLogin 44 - Got response.
2025-07-03 07:23:32,681 [https-jsse-nio-9090-exec-7] ERROR c.e.n.c.n.i.InternalApi.validateAdminLogin 94 - Login user 'default\amer.lan\test_user' is missing the NetWorker privileges: [ViewSecuritySettings, ViewApplicationSettings, MonitorNetWorker, OperateNetWorker, OperateDevicesAndJukeboxes, BackupLocalData, RecoverLocalData, RecoverRemoteData, RemoteAccessAllClients]
2025-07-03 07:23:32,681 [https-jsse-nio-9090-exec-7] ERROR c.e.n.c.n.i.InternalApi.validateAdminLogin 106 - Admin status was not able to be determined for given user and group.
2025-07-03 07:23:32,681 [https-jsse-nio-9090-exec-7] ERROR c.d.e.n.s.AuthenticationServiceImpl.assertValidNetWorkerLogin 82 - NetWorker login failed for administrator

restapi.log shows:

2025-07-03 07:23:32.674 TRACE [https-jsse-nio-9090-exec-4] c.e.n.w.WebApiRequest -Request method 'GET', URL 'v3/internal/users/default%255Camer.lan%255Ctest_user', headers '{Accept=[application/json], accept-language=[en], Authorization=[Basic ZGVmYXVsdFxhbWVyLmxhblx0ZXN0X3VzZXI6Y3Rjdm13YXJl], cache-control=[no-cache], connection=[keep-alive], content-type=[application/json], emc-nwrestapi-verbose=[false], host=[nsr:9090], pragma=[no-cache], user-agent=[Java/1.8.0_411]}'.
2025-07-03 07:23:32.677 TRACE [https-jsse-nio-9090-exec-4] c.e.n.w.WebApiResponse -Response status '200', headers '{Content-Type=[application/json], Date=[Thu, 03 Jul 2025 11:23:32 GMT], Cache-Control=[no-cache,no-store,must-revalidate], Pragma=[no-cache], Expires=[0]}'.
2025-07-03 07:23:32.677 DEBUG [https-jsse-nio-9090-exec-4] o.a.c.j.i.JAXRSOutInterceptor -Response content type is: application/json
2025-07-03 07:23:32.677 DEBUG [https-jsse-nio-9090-exec-4] o.a.c.j.i.WriterInterceptorMBW -Response EntityProvider is: com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider
2025-07-03 07:23:32.677 TRACE [https-jsse-nio-9090-exec-4] c.e.n.w.WebApiResponse -Response payload: '{"authId":"default\\amer.lan\\test_user","dn":"cn=test_user,cn=Users,dc=amer,dc=lan","domain":"amer.lan","enabled":true,"expirationTime":"2025-07-03T07:25:30-04:00","userGroups":[]}'
 

Cause

This is a Product Bug.

The root cause of the issue is that the REST API returns the group that the user is part of, but the configuration is done through User DN, not through group DN.

This means that the REST API is not able to find the external roles of the passed DN, resulting in the error.

The REST API response contains the following information:

{
  "authId": "default\\amer.lan\\test_user",
  "dn": "cn=test_user,cn=Users,dc=amer,dc=lan",
  "domain": "amer.lan",
  "enabled": true,
  "expirationTime": "2025-07-03T07:25:30-04:00",
  "userGroups": []
}
The userGroups field is empty, indicating that the REST API is not able to find the external roles of the passed DN.

Resolution

Bug fix: NETWORKER-122832

This KB will be updated when Engineering knows the versions that will contain a fix for this issue.

Affected Products

NetWorker
Article Properties
Article Number: 000371304
Article Type: Solution
Last Modified: 22 Sept 2025
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.