Identity Provider (IDP) connectors are missing in vRealize Automation
search cancel

Identity Provider (IDP) connectors are missing in vRealize Automation

book

Article ID: 324807

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
When VMware vRealize Automation is configured in High Availability mode, you experience these symptoms:
  • Few Identity Provider (IDP) connectors are missing
  • Navigating to Administration > Directories Management > Connectors page, you see this message:

    There are missing connectors for some of the non-primary VA nodes.


Environment

VMware vRealize Automation 7.0.x

Cause

This issue occurs when the connector on the non-primary VA node is misconfigured during the initial Join Cluster operation.

Resolution

This issue is resolved in vRealize Automation 7.1, available at VMware Downloads.

To work around this issue if you do not want to upgrade, complete the following steps:

Prerequisites

  • Check the following prerequisites on the VA nodes that you cannot see in the Connectors page:

    • In /usr/local/horizon/conf/states there should be directories for the tenants in the vRA/vIDM. At least VSPHERE.LOCAL directory, that contain subdirectory with 4-digits number (for example, 3001, 3502) should be present, that contains file config-state.json. The correct files should be similar to:

      /usr/local/horizon/conf/states/VSPHERE.LOCAL/3001/config-state.json
      /usr/local/horizon/conf/states/VSPHERE.LOCAL/3005/config-state.json
      /usr/local/horizon/conf/states/CORPTENANT/3107/config-state.json
      /usr/local/horizon/conf/states/CORPTENANT/3109/config-state.json


      Notes:
      • The folder numbers should be the same between appliances.
      • If this is the case or if the folder numbers are different between appliances then this workaround should not be applied.
      • If there are different directories/files or no files at all then this workaround can be applied.

  • If these files are missing or empty then this workaround should not be applied:

    • /usr/local/horizon/conf/flags/sysconfig.mac_address
    • /usr/local/horizon/conf/flags/sysconfig.hostname

      Note: On working environment those files should not be empty.
Procedure
  1. Log in to shell using console or SSH session.
  2. Stop vIDM and the services that depend on it by running the command:

    /usr/sbin/vcac-vami service-manage stop vco-server vcac-server horizon-workspace
  3. Create a temporary directory by running this command:

    mkdir /root/tmp-bck
  4. Move the existing files and directories to temporary directory by running these commands:

    mv /usr/local/horizon/conf/flags/sysconfig.mac_address /root/tmp-bck
    mv /usr/local/horizon/conf/flags/sysconfig.hostname /root/tmp-bck
    mv /usr/local/horizon/conf/states/* /root/tmp-bck
  5. Start the services by running this command:

    /usr/sbin/vcac-vami service-manage start vco-server vcac-server horizon-workspace

  6. Perform Join Cluster operation from the Management Console Cluster page.
  7. Verify the connector status:
  • Files in / usr/local/horizon/conf/states directory are present.
  • The connector is shown in the Connectors page.
  • Try to use the new connector for login (disable it from the load-balancer) or sync.
Note: If required, repeat for the other VA nodes that are not present in the Connectors page.
If the Join Cluster operation from the preceding procedure is complete, but you still do not see the Connector listed on the Connectors page or if the Directory sync is not working, complete the following procedure:
  1. Ensure that the hostname of the appliances is a FQDN and not a short hostname.

    1. Log in to each appliance and type hostname.
    2. If the hostname is shortname and not FQDN, update it from VAMI.

  2. Ensure that the following tables display all the appliances with the FQDN.

    1. Connect to the database by running this command:

      su - postgres /opt/vmware/vpostgres/current/bin/psql vcac

    2. Set schema as SaaS by running this command:

      set schema 'saas';

    3. Verify the appliances hostnames in the ServiceInstance table by running this command:

      select * from "ServiceInstance";

      If the hostnames in the table are short, update the hostnames to FQDN by running this command:

      update "ServiceInstance" set "hostName"='<new_hostname>' where "id"='<row_id>';

    4. Verify the appliances hostnames in the Connector table by running this command:

      select * from "Connector";

      If the hostnames in the table are short, update the hostnames to FQDN by running this command:

      update "Connector" set "host"='<new_hostname>' where "id"='<row_id>';

  3. Regenerate the certificates on each appliance by running this command:

    /usr/local/horizon/scripts/secure/wizardssl.hzn


Powered by Wolken Software