NetWorker: VMware vCenter Authentication Failing When Using Microsoft Entra ID
Summary: A VMware vCenter server is added to NetWorker using an AD account. The vCenter is integrated with Azure Entra ID and the account used within NetWorker is from Entra ID. NetWorker Authentication with the VMware vCenter fails, resulting in failed inventory processing and NetWorker VMware Protection (NVP) backups. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
A VMware vCenter is added to NetWorker using a domain account.
NetWorker inventory (nsrvim) of the vCenter server fails; later, NetWorker VMware Protection (NVP) Virtual Machine (VM) backup workflows fail. The following error is observed in the NetWorker server's daemon log:
- Linux:
/nsr/logs/daemon.raw - Windows (default):
C:\Program Files\EMC NetWorker\nsr\logs\daemon.raw - NetWorker: How to use nsr_render_log to render .raw log files
MM/DD/YY HH:mm:SS 1 3 0 1861961472 3051286 0 NW_SERVER_NAME nsrdisp_nwbg RAP notice job 'nsrvim' progress message: Cannot complete login due to an incorrect user name or password..
The credentials are correct and can be used to log in to the vSphere web client.
The domain integration in the VMware vCenter uses Azure Entra ID; example: Configuring Microsoft Entra ID for vCenter Server
The vCenter server's /var/log/vmware/vpxd/vpxd.log shows the following:
YYYY-HH-MMTHH:mm:SSZ error vpxd[06328] [Originator@6876 sub=UserDirectorySso opID=OPERATION_ID] AcquireToken exception: N9SsoClient27InvalidCredentialsExceptionE(Authentication failed: Invalid credentials) --> [context]zKq7AVEC-TOKEN_STRING-8uNgA=[/context] YYYY-HH-MMTHH:mm:SSZ error vpxd[06328] [Originator@6876 sub=User opID=OPERATION_ID] Failed to authenticate user <DOMAIN_USERNAME@DOMAIN>
Cause
NetWorker leverages basic authentication when interacting with VMware API, it only supports AD/LDAP-based authentication mechanisms.
Microsoft Entra ID (formerly Azure AD) is a cloud-based identity platform that uses authentication methods not supported by NetWorker.
Resolution
Request For Enhancement (RFE) iZone 292 was opened requesting NetWorker to support Entra ID authentication for VMware vCenter resources. To track this RFE, engage your Dell account or sales representative regarding this RFE.
Workaround:
If it is not possible to configure a basic AD/LDAP-based authentication account, create a VMware Single Sign On (SSO) account and use this to authenticate NetWorker within VMware. The permissions required by the account are documented in the Creating a dedicated vCenter user account section of the NetWorker VMware Integration Guide. Support for NetWorker | Manuals & Documents
Additional Information
If you would like to add support for Microsoft Entra ID authentication with VMware into NetWorker, contact your Dell Sales or Account representative regarding a Request For Enhancement.
Affected Products
NetWorkerProducts
NetWorker FamilyArticle Properties
Article Number: 000372981
Article Type: Solution
Last Modified: 23 Oct 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.