for me this solved the problem:
Regardless of the cause of NetUserGetLocalGroups failure, removing the local identity source will allow domain users to log in. Before doing this, you must ensure that at least one domain user has full Administrator privileges for the vCenter Server. By default, only the local Administrators group has these privileges. Removing the local identity source causes local users to be unable to log in to vCenter Server. All permissions associated with local users and groups will be deleted when vCenter Server is next restarted.