Group does not show any members in vRA UI
search cancel

Group does not show any members in vRA UI

book

Article ID: 339011

calendar_today

Updated On:

Products

VMware VMware Aria Suite

Issue/Introduction

Symptoms:

When configuring user/group permissions in VMware Identity Manager, you experience these symptoms:
 
  • Active Directory Sync runs successfully without observing any error.
  • When adding user to a group, user gets added to the group. However, the group does not show any members in the vRealize Automation UI.

    For example:

    When adding user, J ohn in Group Group-A. In the /storage/log/vmware/horizon/connector.log of vRealize Automation Appliance, you see entries similar to

    com.vmware.horizon.connector.admin.SyncScheduleService - Directory sync method: begin.
    com.vmware.horizon.dirsync.PushEngine - ADD john (430a80a5-c2cf-####-####-########db4) to Group-A (6e477b1a-8dd3-####-####-########62e)
    com.vmware.horizon.connector.admin.SyncScheduleService - Directory sync method: end.
  • The vRA nodes are using different time servers.
  • Health check of calculators using https://hostname/SAAS/API/1.0/REST/system/health/calculators reported no errors/issues.
 



Environment

VMware vRealize Automation 7.0.x

Cause

This issue occurs when the difference in clock time of vRealize Automation nodes is more than 5 seconds at the upper limit in a multi node vRA environment.

Resolution

To resolve the issue, ensure that time on all vRealize Automation(vRA) nodes/servers are matching. If the time is not synchronized, configure the vRealize Automation Appliances to synchronize the time against an NTP provider.
Note: The maximum time drift allowed is 5 seconds.
To ensure that the time on all vRA nodes/servers are matching:
  1. Connect to SSH shell using root credentials to each node in the vRA cluster.
  2. In each vRA console, report the time and confirm that they are within two seconds by running this command:

    watch -n 1 'date'

  3. Press Ctrl+C to cancel the previous command.


    If the time is not in sync, follow the steps to configure the vRealize Automation Appliances to sync time against an NTP provider.
To configure the vRealize Automation Appliances to sync time against an NTP provider:

  1. Log in to each vRA Appliance on the port 5480 as root.
  2. Click Admin tab.
  3. Click Time Settings.
  4. For Time Sync Mode, ensure to select Use Time Server.
  5. Click the Green Plus icon to add a time server.
  6. For each vRA node, check for NTP messages in the appliance SSH session by running this command:

    grep -i ntp /var/log/messages

  7. For each vRA node, check the messages log history by running this command:

    bunzip2 -cd /var/log/messages* | grep -i ntp

  8. Validate that the appliance time clocks are in sync within 5 seconds.
  9. After adjusting the time on both nodes, restart workspace by running this command:

    service horizon-workspace restart


Additional Information

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box..


Impact/Risks:



Powered by Wolken Software