Customer using Active directory integration function in 4.1. the user logged in is DOMAIN/user_name, and since the user is not in the sudoer file, they can not view logs
You can add AD groups into sudoer file
for example, you have a domain called "MYDOMAIN" and the group call "ESX Admins" (or MYDOMAIN\ESX Admins)
you add this under group %wheel:
%MYDOMAIN//ESX/ Admins ALL=(ALL) ALL
Note: if it did not prompt for password, you may need to restart the server, and everything will work from here)