vRA login is very slow or fails when the primary domain controller is unavailable
search cancel

vRA login is very slow or fails when the primary domain controller is unavailable

book

Article ID: 324881

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • When a primary Domain Controller fails, you are unable to login or login will take a long time depending on the load on the system.
  • In the /opt/vmware/horizon/conf/logs/connector.log file, you see the entries similar to:
com.vmware.horizon.directory.ldap.LdapConnector - Failed to connect to <Domain Controller Host Name:Port>
javax.naming.CommunicationException: <Domain Controller Host Name:Port> [Root exception is java.net.ConnectException: Connection timed out (Connection timed out)]


Environment

VMware vRealize Automation 7.3.x
VMware vRealize Automation 7.4.x

Cause

When an attempt to contact the primary domain controller fails, vIDM contacts the secondary domain controller. Because vIDM always contacts the primary domain controller before contacting the secondary domain controller, there is a delay in processing the login requests. This causes the requests to pile up and slow down the system.

Resolution

This is a known issue affecting VMware vRealize Automation versions 7.3, 7.3.1, and 7.4.
Currently, there is no resolution.

Workaround:
To work around this issue:
  1. In the domains where the primary domain controller fails, open the /usr/local/horizon/conf/domain_krb.properties file and replace the value of the failed domain controller with the value of a secondary domain controller.
  2. Check whether the failed domain controller is present in any of the config-state.json files present in the /usr/local/horizon/conf/states/tenant_name/ directory.
  3. If the failed domain controller is present, replace the failed domain controller name with the name of the secondary domain controller.
  4. Restart the virtual appliance.