/var/log/vmware/sso/vmware-identity-sts.log
: YYYY-MM-DDTHH:MM:SS ERROR sts[77:tomcat-http--30] [CorId=########-####-####-####-########b77a] [com.vmware.identity.idm.server.IdentityManager] Failed to get attributes for principal [[email protected]] in tenant [vsphere.local]
YYYY-MM-DDTHH:MM:SS ERROR sts[77:tomcat-http--30] [CorId=########-####-####-####-########b77a] [com.vmware.identity.idm.server.ServerUtils] Exception 'java.lang.IllegalStateException:Internal error : duplicate entries were found
Remove the stale machine account which has the same value for the sAMAccountName attribute as the PNID from the VMDIRD DB using the below command:
# SSO_DOMAIN_DN="dc=$(/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost | sed -e 's/\./,dc=/g')"; ldapsearch -LLL -h localhost -b "ou=Domain Controllers,$SSO_DOMAIN_DN" -D "cn=administrator,cn=users,$SSO_DOMAIN_DN" sAMAccountName -W
Enter LDAP Password:
dn: ou=Domain Controllers,dc=vsphere,dc=local
dn: cn=x.x.x.x,ou=Domain Controllers,dc=vsphere,dc=local
sAMAccountName: vcsa.example.com
dn: cn=vcsa.example.com,ou=Domain Controllers,dc=vsphere,dc=local
sAMAccountName: vcsa.example.com
# ldapdelete -h localhost -D "cn=administrator,cn=users,$SSO_DOMAIN_DN" -W "cn=x.x.x.x,ou=Domain Controllers,dc=vsphere,dc=local"
Alternate option: Using any LDAP browser ( Jxplorer in this use case )