I had an interesting issue.
In an environment I have multiple NSX Managers with domain and sub-domain user groups made Enterprise Admins in NSX
However, when I logged in to the web client using said user (who is also admin in vCenter), I received the following error
After a logged call with VMware I found out that
a. I miss-spelled my domain user (d’oh) but more importantly (even though my sub-domain user was spelled correctly)
b. In order to authenticate with sub-domain users, the LDAP port needs to be changed to 3268 !
So in addition to adding the domain users who are already added to vCenter Admins, I had to add the domain (can be either TLD or Sub-Domain) to the specific NSX Manager.
Click Domains
Now add the domain details by specifying the LDAP port of 3268
And et’voila I was able to see my NSX Managers when logging into the web client using my (sub)domain user.
I have asked the guy from GSS for an official KB article but I was told that he has already submit the KB, but it is so far only available internally.
(Thx. Florian Caprarescu @ GSS)