Identity Manager Directory Sync Failure Notification related to Safeguards. Error received is:
Directory sync for directory <domain> on tenant <tenantname> has failed. Please click here to log in to the VMWare Identity Manager admin console to check your Sync Logs. You can view your directories in the Identity & Access Management > Directories tab.
Last failed sync time: <Timestamp will be mentioned in the UTC timezone>
Sync failure reason: Failed to complete sync. Please check safeguards in the sync logs.
VMware Identity Manager 3.3.x
This is caused to the number of changes (user Additions/ Deletions/ Modifications) breaching the configured safeguards for the directory.
To resolve this issue, first log in to the VMware Identity Manager portal. Navigate to the Safeguards under Identity & Access Management > Directory Service > Sync Settings > Safeguards. Try increasing the safeguards to 100% and then try to do manual sync.
However, as the this mechanism of the safeguards preventing a directory sync from running, is a preemptive mechanism to avoid unreviewed changes on the Directory to be synced into viDM, we can workaround this error without having to modify the safeguards.
If the changes being prompted are expected changes, to override the safeguard setting and complete the sync you can schedule a dry run of the sync and check Ignore Safeguards.
Procedure:
Ensure that network connectivity between VMware Identity Manager and the directory service is stable.
Verify that the credentials used for synchronization are valid and have the necessary permissions.
Check for any recent changes in the directory schema that might affect the sync process.
Regularly monitor the sync status and logs to proactively address any issues.