Search the VMware Knowledge Base (KB)
View by Article ID

Authentication to VMware vRealize Log Insight fails with the error: DuplicateUserException: A matching user already exists (2120135)

  • 1 Ratings
Language Editions


  • Authenticating to VMware vRealize Log Insight 2.5 fails.

  • During login, you see one of these errors:

    • Incorrect username or password
    • Unable to Authenticate user

  • In the /storage/core/loginsight/var/runtime.log file, you see entries similar to:

    Caused by: com.vmware.loginsight.rbac.DuplicateUserException: A matching user already exists.
     at com.vmware.loginsight.database.dao.RBACUserDAO.createUser(
     at com.vmware.loginsight.database.dao.RBACUserDAO.createAdUser(


This issue occurs when VMware vRealize Log Insight 2.5 access control is configured with an Active Directory Group, and the affected user was a member of that group. When the user logs in, an explicit record is created in the users list with a group-based role. If a Log Insight administrator deletes this record from the users list, but keeps the group, subsequent authentication attempts by this user fails.


This is known issue affecting VMware vRealize Log Insight 2.5 when using Active Directory integration and group-based user roles. When a user is deleted using the access control user interface, the user's records in the the logdb.user_auth table are not removed.

This issue is resolved in VMware vRealize Log Insight 3.0, available from VMware Downloads.

To work around this issue, fully remove the affected user's records from the logdb.user_auth table using the attached shell script within the Log Insight virtual appliance.

Validation of user record

To identify whether there are affected user records in the logdb.user_auth table, use the attached script with no arguments.

  1. Determine the SAM Account Name (for example, DOMAIN\Username) and User Principle Name (UPN) (for example, Username@domain) of the affected user.

  2. Open a console or SSH connection to the Log Insight appliance and login as root user.

  3. Download the file attached to this article and extract it. Copy the script file to the Log Insight virtual appliance.

  4. Make the shell script executable with this command:

    chmod +x ./

  5. Run the script with no arguments. No changes are made to the system. A list of all user_auth records is displayed.

    For example:

    # ./
    Usage: ./ USER_NAME DOMAIN [UPN]

    If UPN is not provided, USER_NAME@DOMAIN will be used instead.

    Known user_auth records:

     user_name   | type | domain      | upn
                 |    1 | |
            user |    1 | |
                 |    1 | |
        USERACCT |    1 | |
           admin |    0 |             |

  6. Validate that the affected user is listed.

Deleting a user record

To delete the affected user records from the logdb.user_auth table, use the attached script.

Warning: Once the user account is deleted, it cannot be recovered. A new user account can be created with the same name.

  1. Use the script to delete the affected user_auth record, specifying the Username and Domain name. For example:


    If the UPN does not match the format username@domain, specify it explicitly. For example:


  2. The script displays a list of records which it deletes, and ask for confirmation. Review the output.

  3. To delete the user records, type y and press enter.

  4. Run the script with no arguments again. A list of all user_auth records is displayed. Validate that the affected user is no longer listed.

  5. If the user's Active Directory group is still permitted to authenticate, the user should be able to authenticate to Log Insight using their Domain credentials and a new user account is created.

See Also

Update History

10/09/2015 - Log Insight 3.0 released. 11/05/2015 - Attachment updated. 04/05/2017 - Attachment updated.


Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 1 Ratings