Error Failed to query for domains while adding the new active directory in VMware Identity Manager 3.3.7
search cancel

Error Failed to query for domains while adding the new active directory in VMware Identity Manager 3.3.7

book

Article ID: 387652

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • When attempting to add a new Active Directory in VMware Identity Manager (vIDM) 3.3.7, the error message "Failed to query for domains" appears. This occurs using the following methods:

      1. Active Directory over LDAP
      2. Active Directory with Integrated Windows Authentication (IWA)

  • The C:\VMware\VMwareIdentityManager\Connector\connector.log on the Windows Server shows errors related to LDAP URL parsing.

     Cannot parse url: ldap://<Your Domain Name>:-1 [Root exception is java.net.MalformedURLException: unsupported authority: <Your Domain Name>:-1]
        at com.sun.jndi.ldap.LdapURL.<init>(LdapURL.java:115)
        at com.vmware.horizon.svadmin.Main.main(Main.java:6)
    Caused by: java.net.MalformedURLException: unsupported authority: <Your Domain Name>:-1
        at com.sun.jndi.toolkit.url.Uri.parseCompat(Uri.java:373)
        at com.sun.jndi.toolkit.url.Uri.parse(Uri.java:233)

  • It is important to note that the connector is a domain-joined Windows machine (Server 2019 and later). This issue has been observed specifically with the external Windows connector version 3.3.7

Environment

VMware Identity Manager 3.3.7

Resolution

The issue stems from how vIDM 3.3.7 parses LDAP URLs, specifically when dealing with Subject Alternative Names (SANs) containing the domain name and other aliases. The resolution involves modifying the Java options for the vIDM connector service to use legacy LDAP URL parsing.

  • Modify setenv.bat: On the Windows connector machine, navigate to C:\VMware\VMwareIdentityManager\Connector\opt\vmware\horizon\workspace\bin. Edit the setenv.bat file.

  • Add Legacy Parsing Option: Add the following line to the setenv.bat file:

    -Dcom.sun.jndi.ldapURLParsing=legacy ^

  • Save and Close: Save the changes to setenv.bat and close the file.

  • Restart vIDM Connector Service: Open Windows PowerShell and execute the following commands:

    cd C:\VMware\VMwareIdentityManager\Connector\usr\local\horizon\scripts
.\horizonService.bat stop
.\horizonService.bat start

Wait for the service to stop completely before starting it again. The service startup may take approximately one minute.

  • Add Directory in vIDM UI: After the service restarts, log in to the vIDM UI and attempt to add the Active Directory again.

Powered by Wolken Software