"Could not resolve domains" when trying to add additional domains in vRealize Automation Integrated Windows Authentication (IWA) directory
search cancel

"Could not resolve domains" when trying to add additional domains in vRealize Automation Integrated Windows Authentication (IWA) directory

book

Article ID: 325909

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • Unable to sync vRealize Automation Integrated Windows Authentication directory when trying to add additional domains.  Receive error "Could not resolve domains"
  • Errors found in Connector.log:
2018-08-17 15:17:27,279 ERROR (pool-90-thread-2) [[email protected];[email protected];127.0.0.1] com.vmware.horizon.directory.ldap.Pinger - AD <domain name>:null is not reachable. java.security.PrivilegedActionException: com.vmware.horizon.directory.DirectoryServiceException: Authentication failed for the given user using authentication mechanism - GSSAPI 2018-08-17 15:17:27,408 ERROR (tomcat-http--44) [[email protected];[email protected];127.0.0.1] com.vmware.horizon.directory.ldap.LdapCrossRefService - Unresolvable host and port for cross ref object for - <domain name> 


Environment

VMware vRealize Automation 7.x

Resolution

For each appliance in the vRealize Automation cluster:
  1. Check locations to see if there are two krb5.conf files on the appliance:
    1. find /-iname krb5.conf
      1. /usr/java/jre-vmware/lib/security/
      2. /etc/krb5.conf
  2. If both exist rename one and restart the horizon service:
    1. Rename the wrong krb5.conf: (Location: /usr/java/jre-vmware/lib/security/)
      1. mv krb5.conf krb5.conf.bak
      2. service horizon-workspace restart
  3. Login to vRealize Automation portal and re-sync the directory with additional domains.


Powered by Wolken Software