We worked couple of issues in past where Active directory OR similar LDAP application configured as identity source for external user login may complain excessive login request from vCenter. This could happen because of application configured with vCenter that need successful authentication. E.g. backup, monitor & log collector application etc.
Following points can be helpful to investigate it further.
Below link may give no of logins ( section Client Communication (invocations/min))
https://vCenterNameORIP/vod/index.html
Using SSH session, explore to VPXD log location
root@vcenter [ /var/log/vmware/vpxd ]#
Run less to see content of VPXD.log & VPXD profile.log to see if you see any user repeatedly coming.
Following command may help you to increase the scope of your troubleshooting.
Review number of failed login
grep -i vim.fault.InvalidLogin vpxd-????.log | wc -l
Based on VPXD.log & VPXD profile log if you see user coming continuesoly then run following command to total no of request.
This will scan all profile log and give no of login attempts of affected user.
grep -i culpritusername vpxd-profiler-???.log|wc -l
This will scan all vpxd log and give no of login attempts of affected user.
grep -i culpritusername vpxd-????.log | wc -l
This will give log attempts of give day (give today/yesterday day in appropriate format).
grep -i culpritusername vpxd-????.log | grep -i 2019-02-11| wc -l
Based on above information, you can decide to contact vendor for affected user to see what operation they are doing that causing excessive login to external identity source via vCenter. In one of the our situation vROps application using connectors that has setting “Enable Actions” set to allow that meaning when vROps sees an issue if this is enabled vROps can take measures to resolve the issue in an automated fashion. Disabling this feature reduced no of log in attempts. Many time backup OR monitoring application also make excessive request because of their privous failed attempts.
