Identity Manager Directory Sync Failure Notification related to Safeguards
search cancel

Identity Manager Directory Sync Failure Notification related to Safeguards

book

Article ID: 367346

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Identity Manager Directory Sync Failure Notification related to Safeguards.  Error received is:

Directory sync for directory <domain> on tenant <tenantname> has failed. Please click here to log in to the VMWare Identity Manager admin console to check your Sync Logs. You can view your directories in the Identity &amp; Access Management &gt; Directories tab.

Last failed sync time: <Timestamp will be mentioned in the UTC timezone>

Sync failure reason: Failed to complete sync. Please check safeguards in the sync logs.

Environment

VMware Identity Manager 3.3.x

Cause

This is caused to the number of changes (user Additions/ Deletions/  Modifications) breaching the configured safeguards for the directory.  

Resolution

To resolve this issue, first log in to the VMware Identity Manager portal. Navigate to the Safeguards under Identity & Access Management > Directory Service > Sync Settings > Safeguards.  Try increasing the safeguards to 100% and then try to do manual sync.

However, as the this mechanism of the safeguards preventing a directory sync from running, is a preemptive mechanism to avoid unreviewed changes on the Directory to be synced into viDM, we can workaround this error without having to modify the safeguards. 
If the changes being prompted are expected changes, to override the safeguard setting and complete the sync you can schedule a dry run of the sync and check Ignore Safeguards.


Procedure:

  1. In the VMware Identity Manager console Identity & Access Management tab select Manage > Directories.
  2. Select the directory that did not complete the sync and go to the Sync Log page.
  3. To see the type of safeguard violation, in the Sync Details column, click Failed to complete sync. Please check safeguards.
  4. Click OK.
  5. To continue the sync without changing the safeguard settings, click Sync Now.
  6. On the Review page, select the check box Ignore Safeguards.
  7. Click Sync Directory.

Additional Information

Ensure that network connectivity between VMware Identity Manager and the directory service is stable.

Verify that the credentials used for synchronization are valid and have the necessary permissions.

Check for any recent changes in the directory schema that might affect the sync process.

Regularly monitor the sync status and logs to proactively address any issues.