/opt/vmware/horizon/workspace/logs/connector-dir-sync.log
will report following error:Caused by: com.vmware.horizon.directory.DirectoryServiceException: Problem connecting to directory.
..
Caused by: com.vmware.horizon.directory.ldap.exceptions.DirectoryConnectionException: Could not connect to the Domain Controller.
..
Caused by: javax.naming.CommunicationException: simple bind failed: ####.####.####.####:####
..
Caused by: javax.net.ssl.SSLHandshakeException
..
Caused by: java.security.cert.CertificateException
or
com.vmware.horizon.directory.ldap.dc.service.DirectoryConnectService - AD connection failed for <domain-controller>:<port>
com.vmware.horizon.directory.ldap.exceptions.DirectoryConnectionException: Could not connect to the Domain Controller.
..
Caused by: javax.naming.CommunicationException: <domain-controller>:<port>
at com.sun.jndi.ldap.Connection.<init>(Connection.java:233) ~[?:1.8.0_292]
..
Caused by: java.net.ConnectException: Connection timed out (Connection timed out)
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_292]
VMware Identity Manager 3.3.x
The issue can occur due to various reasons:
- Recent changes in AD certificates
- Change in bind user credentials or expired bind user password.
- Incorrect Base DN used for AD integration.
- Network isolations of Active Directory Domain Controller servers
curl -v telnet://<domain-controller-ip>:<domain-controller-port>
connector-dir-sync.log
contains the message Could not connect to the Domain Controller
followed by javax.net.ssl.SSLHandshakeException
, update the Active Directory root certificate in vIDM by following the KB 388265 .