[VMware Identity Manager] Directory Sync fails with Error 'Response from connector: Failed to complete dry run'
book
Article ID: 314594
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
Directory sync fails with below errors: Response from connector: Failed to complete dry run. Failed to parse the response received from connector.
Unable to sync the domain users and groups from the VIDM connectors
Unable to login to vRA and LCM using domain user.
Environment
VMware Identity Manager 3.3.x
Cause
This may be caused by:
Incorrect credentials in the Base DN / Bind DN section of the sync settings for this domain in vIDM
Invalid permissions on 'krb5.conf' file- /usr/local/horizon/conf/krb5.conf
- We see below exception under /opt/vmware/horizon/workspace/logs/connector.log on vIDM node:
ERROR (pool-158-thread-1) [;;;] com.vmware.horizon.connector.rest.DirectoryRestController - Failed to resolve and save domains. com.vmware.horizon.directory.DirectoryServiceException: Unable to populate KDCs at com.vmware.horizon.directory.ldap.dc.service.KerberosConnectServiceWithOptimizedKDCLookup.initializeKdcs(KerberosConnectServiceWithOptimizedKDCLookup.java:69) ~[adapter-ldap-0.1.jar:3.3.5.0 Build 18049997] at com.vmware.horizon.directory.ldap.dc.service.KerberosConnectServiceWithOptimizedKDCLookup.getKerberosAuthenticatedSubject(KerberosConnectServiceWithOptimizedKDCLookup.java:86) ~[adapter-ldap-0.1.jar:3.3.5.0 Build 18049997] at Caused by: java.nio.file.AccessDeniedException: /usr/local/horizon/conf/krb5.conf at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:1.8.0_292] at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_292]
Resolution
Enter the password for the configured user under the Base DN / Bind DN settings for this domain in vIDM. If entering the correct password does not resolve the issue, continue with these remaining steps:
Check the permissions of conf folder on primary node and replica nodes
ls -l /usr/local/horizon
if they are not same then set the appropriate permissions to conf folder on replica nodes using chmod command.
chown root:www /usr/local/horizon/conf
chmod 775 /usr/local/horizon/conf
Then permissions should be
drwxrwxr-x 11 root www 4096 Nov 19 17:15 conf
Save 'Domains' tab after setting the permissions and resync the directory.