Unable to search certain users & groups in vIDM UI or assign users & groups to policies
search cancel

Unable to search certain users & groups in vIDM UI or assign users & groups to policies

book

Article ID: 336977

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Symptoms:

  • Searching for groups within the vIDM admin console do not work
  • The analytics health shows connected.
  • Groups have been synced successfully within vIDM, but do not show up when searching


As per analytic-service.log:

2020-04-08 22:39:26,175 GMT ERROR hostname:analytics (vert.x-eventloop-thread-0) [;;;] com.vmware.vidm.common.async.RetryCompletableFuture - Failed after max retries: 0 java.util.concurrent.CompletionException: com.vmware.vidm.common.http.client.HttpException: io.vertx.core.VertxException: Connection was closed
        at java.util.concurrent.CompletableFuture.encodeRelay(CompletableFuture.java:326)

Environment

VMware Identity Manager 3.3.x

Cause

Specific groups & users not searchable, possible cause is that some search records were lost due to issues with Elasticsearch/Opensearch and delete unassigned shards

Resolution

  1. Create snapshot on all vIDM nodes.
  2. Find the VIDM primary node
    • Log into the FQDN of the primary node directly, do not use the VIP FQDN
      • Select System domain log in as admin
  3. Use the developer tab in your browser to find the cookies (eg for Firefox, select Web Developer→Network.  Then load a page and select the first request.  Then select the Cookies tab and scroll down to the HZN cookie).
    Copy the value of the HZN cookie.
  4. Using the SSH open above make the following REST API call, replacing <cookie_value> with the HZN cookie value obtained from the browser.
    • curl -k -XPUT -H "Authorization:HZN <cookie_value>" -H "Content-Type: application/vnd.vmware.horizon.manager.systemconfigparameter+json" https://localhost/SAAS/jersey/manager/api/system/config/SearchCalculatorMode -d '{ "name": "SearchCalculatorMode", "values": { "values": ["REINDEX"] } }'
  5. After initiating "REINDEX", you can check the log to confirm it is started
    • cat /opt/vmware/horizon/workspace/logs/horizon.log | grep REINDEX
  6. The users and groups should be searchable after a few minutes.
Powered by Wolken Software