Inventory Sync of VMware Identity Manager Services fails in vRealize Suite Lifecycle Manager
search cancel

Inventory Sync of VMware Identity Manager Services fails in vRealize Suite Lifecycle Manager

book

Article ID: 322681

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction


  • Inventory Sync of VMware Identity Manager Services fails with vRealize Suite Lifecycle Manager
  • You see an error similar to:

    Unable to login to the vIDM <FQDN of VIDM node> using the provided defaultConfigurationUsername <configadmin> and defaultConfigurationPassword
      
    INFO  [http-nio-8080-exec-1] c.v.v.l.r.c.RequestController -  -- Retry error cause data : [ {
  "messageId" : "LCMVIDM70000",
  "message" : "Invalid vIDM credentials provided / host not reachable. Please retry after providing a valid vIDM host and credentials.",
  "eventId" : "2df037d1-####-xxxx-yyyyyyyyyyyyyyy",
  "retry" : true,
  "exceptionMessage" : "Unable to login to the vIDM <FQDN of VIDM node> using the provided defaultConfigurationUsername <configadmin> and defaultConfigurationPassword",
  "exceptionStackTrace" : "com.vmware.vrealize.lcm.common.exception.LcmException: Unable to login to the vIDM <vidm-hostname> using the provided defaultConfigurationUsername <configadmin> and defaultCon
figurationPassword\n\tat YXYXYXYX com.vmware.vrealize.lcm.platform.automata.service.Task.retry(Task.java:156)\n\tat com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:43)\n\tat java.base/jav
a.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\n\tat java.base/java.lang.Thread.run(Unknown Source)\n",
  "properties" : {
    "hostName" : "XXXX",
    "defaultConfigurationUsername" : "<configadmin>",
    "defaultConfigurationPassword" : "JXJXJXJX"
  }
} ]


    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment


Environment

VMware Identity Manager 3.3.x

Cause

This issue occurs because the local user is not able to log in

Resolution

To resolve this issue, reset the local user password in VMware Identity Manager Service with Rest API

As an alternative you can reset the password using an Email Server following this article Resetting vIDM Default Configurator Admin password


Workaround:
To work around this issue, reset the local user password using API by changing the vidm hostname

Note 1: API Calls with Post can be run with tools such as Postman

Note 2:  The Authorization Field in Postman needs an authorization cookie. (HZN-Browser-Cookie) Getting this is a multi-step process

  1. Login to vIDM node as an admin user. Use https://<FQDN of VIDM node>/SAAS/login/0 using Google Chrome (we are taking chrome as an example here, for other browsers, please use similar approach)

  2. Once prompted, enter the user name as admin and the relevant password

  3. Click on identity & access management-> Now Press Ctrl+Shift+I to open the developer tools on Chrome browser

  4. Navigate to Applications on the top->Then select Cookies on the left side->Click on HZN Cookie->Copy the entire value

Sample:

 

Reset Steps:

Get the Local User, sending the username (configadmin) of local user in the filter of which password needs to reset

  1. POST-
    https://<FQDN of VIDM node>/SAAS/jersey/manager/api/scim/Users/.search/

  2. Params-
    Accept: application/json
    Content-Type: application/json

  3. Authorization-
    In the Type column Select ‘Bearer Token’ and place the value from the <HZN-Browser-Cookie> above in the Token field. Ensure there are no spaces or extra characters.

  4. Body-
    Select ‘raw’ then in drop down select ‘JSON’{ "filter" : "userName eq \"configadmin\" and domain eq \"System Domain\"" } ensure that beginning and ending brackets {} and quotes “” are present.

  5. Click ‘Send’
  6. Successful response

 

Example:


POST https://<FQDN of VIDM node>/SAAS/jersey/manager/api/scim/Users/.search/ 
Authorization: HZN <HZN-Browser-Cookie>
Accept: application/json
Content-Type: application/json
{ "filter" : "userName eq \"admin\" and domain eq \"System Domain\"" 

  1. Take the ID (number only no quotes) from the above result and update the local User ID password: The steps are similar to above.
  2. Patch-
    https://<FQDN of VIDM node>/SAAS/jersey/manager/api/scim/Users/2194e6b2-2367-4ae6-8b3b-5d37f546e829
  3. Params-
    Accept: application/json
  4. Authorization-
    Bearer Token: (Same cookie as above)
  5. Body
    raw: JSON
    { “password”: “new password” }

    Example:

    PATCH  https://<FQDN of VIDM node>/SAAS/jersey/manager/api/scim/Users/248ffe02-9485-4584-bc41-f06d926db194
    Authorization: HZN <HZN-Browser-Cookie>
    Accept: application/json
    { "password": "<PASSWORD>" }
  6. Successful result

Next Steps

Update the password information on VMware Aria Suite Lifecycle following this article: Remediating passwords updated outside of VMware Aria Suite Lifecycle

Additional Information

Powered by Wolken Software