Error: "Call to Directory service failed" while trying to access Identity manager using AD user credentials
search cancel

Error: "Call to Directory service failed" while trying to access Identity manager using AD user credentials

book

Article ID: 388265

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • Accessing Identity manager using local configuration credentials works fine.
  • Health of the appliance as per the Diagnostic dashboard is green.
  • Error while trying to test connection of the AD directory added over LDAP.
    Connector communication failed because of invalid data: Problem connecting to directory: Host {0}, Reason - {1}
  • Same error as above appears for communication over port 636 or 3269.
  • connector.log & connector-dir-sync.log will report following error:
    Caused by: com.vmware.horizon.directory.DirectoryServiceException: Problem connecting to directory.
    ..
    Caused by: com.vmware.horizon.directory.ldap.exceptions.DirectoryConnectionException: Could not connect to the Domain Controller.
    ..
    Caused by: javax.naming.CommunicationException: simple bind failed: xxx.xxxxx.xxxx.xxx:3269
    ..
    Caused by: javax.net.ssl.SSLHandshakeException
    ..
    Caused by: java.security.cert.CertificateException
    

Environment

VMware Identity Manager 3.3.7

Cause

Due to the missing root certificate of the Active Directory.

Resolution

Resolution:

1) Use following openssl command to fetch the certificate of the AD server, replace the AD_FQDN with actual fully qualified domain name.

openssl s_client -connect AD_FQDN:443 2> /dev/null | openssl x509

2) Capture the output and create the .cer certificate.
3) Fetch the root certificate out of the .cer certificate as per the following screenshots.
     a) Open the certificate
     b) Go to "Certification path" tab.
     c) Select the top most root certificate.
     d) Click "View Certificate"

     e) In new dialog box, go to "Details" tab and click "copy to file".

     f) Click "Next"

     g) Select "Base-64" option and click next.
     h) Save file with new name to desired path and click next.
     i) Click Finish.
4) Open this new certificate using notepad and copy the certificate to the Directory configuration.
5) Test connect with the User credentials and save.