When we try to scale out the existing vIDM setup to 3 node cluster or new clustered deployment from Aria lifecycle manager fails with error:

Error Code: LCMVIDM71043
Unable to update vIDM FQDN. Ensure the vIDM is able to resolve to the new host and retry.
Failed to apply FQDN on the vIDM host-<vIDM_node_FQDN> due to exception. Exception message: Error while validate FQDN for VIDM:<vIDM_node_FQDN>, Message: {"message":"Error validating Identity Manager url.","code":2,"success":false,"results":null,"resultObj":null,"fieldMessages":null,"redirectUrl":null}

VMware Identity Manager 3.3.x

This issue may arise due to:

1. DNS Issues: Missing or incorrect DNS entries for:
   • Individual vIDM nodes
   • Virtual IP (VIP) used for load balancing
2. Certificate Issues:
   • The CA certificate does not include the FQDNs of all vIDM nodes and the VIP in its SAN (Subject Alternative Name).
   • The CN (Common Name) of the certificate is not pointing to the VIP FQDN.
3. Load Balancer Misconfiguration: Improper configuration in one or more areas, including:
   • Application Profiles
   • Health Monitors
   • Server Pools (and their members)
   • Virtual Servers

Follow these steps to address the issue:

1. Validate DNS Configuration

• Verify that DNS records exist for:
  • Each vIDM node
  • The VIP
• Use the nslookup command to confirm DNS resolution for all relevant FQDNs:
  bash

   

  nslookup <vIDM_node_FQDN> nslookup <VIP_FQDN>

   
• Ensure reverse DNS (PTR) records are also configured if required.

2. Verify the SSL Certificate

• Check that the certificate used for vIDM has:
  • SAN: Includes FQDNs of all vIDM nodes and the VIP.
  • CN: Points to the VIP FQDN.
• If the certificate is missing these, regenerate it and replace the existing one.

3. Correct the Load Balancer Configuration

Ensure the LB is configured correctly according to VMware documentation. For specific LB types:

• F5 BIG-IP: Follow the integration guide: F5 BIG-IP VMware Workspace ONE Integration Guide
• NSX: Refer to the VMware Identity Manager documentation: NSX Load Balancer Configuration for vIDM

Key areas to verify:

• Application Profiles: Ensure SSL passthrough or termination is configured as needed.
• Health Monitors: Verify the health monitoring URL and response.
• Server Pools: Confirm the pool members (vIDM nodes) are correctly added.
• Virtual Servers: Check the virtual server configuration for VIP.

By ensuring the DNS, certificate, and LB configurations align with best practices, the error should be resolved.

• After making the changes, retry the deployment from Aria Lifecycle Manager.
• If the issue persists, review the vIDM logs and ensure network connectivity between all nodes and the VIP.