[VMware Identity Manager] Directory Sync fails with Error 'Response from connector: Failed to complete dry run'
search cancel

[VMware Identity Manager] Directory Sync fails with Error 'Response from connector: Failed to complete dry run'

book

Article ID: 314594

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
-Directory sync fails with below errors:
 Response from connector: Failed to complete dry run.
 Failed to parse the response received from connector.


-Unable to sync the domain users and groups from the VIDM connectors 
-Unable to login to vRA and LCM using domain user.

Environment

VMware Identity Manager 3.3.x

Cause

- This is caused due to invalid permissions on 'krb5.conf' file- /usr/local/horizon/conf/krb5.conf.

- We see below exception under /opt/vmware/horizon/workspace/logs/connector.log on vIDM node:

ERROR (pool-158-thread-1) [;;;] com.vmware.horizon.connector.rest.DirectoryRestController - Failed to resolve and save domains.
com.vmware.horizon.directory.DirectoryServiceException: Unable to populate KDCs
at com.vmware.horizon.directory.ldap.dc.service.KerberosConnectServiceWithOptimizedKDCLookup.initializeKdcs(KerberosConnectServiceWithOptimizedKDCLookup.java:69) ~[adapter-ldap-0.1.jar:3.3.5.0 Build 18049997]
at com.vmware.horizon.directory.ldap.dc.service.KerberosConnectServiceWithOptimizedKDCLookup.getKerberosAuthenticatedSubject(KerberosConnectServiceWithOptimizedKDCLookup.java:86) ~[adapter-ldap-0.1.jar:3.3.5.0 Build 18049997]
at
Caused by: java.nio.file.AccessDeniedException: /usr/local/horizon/conf/krb5.conf
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:1.8.0_292]
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_292]

Resolution

  • Check the permissions of conf folder on primary node and replica nodes
    • ls -l /usr/local/horizon
  • if they are not same then set the appropriate permissions to conf folder on replica nodes using chmod command.
    • chown root:www /usr/local/horizon/conf
    • chmod 775 /usr/local/horizon/conf 
  • Then permissions should be
    • drwxrwxr-x 11 root    www  4096 Nov 19 17:15 conf
  • Save 'Domains' tab after setting the permissions and resync the directory.