• In a clustered VMware Identity Manager (vIDM) environment, attempts to log in via the VIP URL (e.g., https://vIDMVIPFQDN/) may intermittently fail when traffic is routed to a specific node.
  • Affected users may see the /hc/error page after login attempts once the domain selection dropdown is selected.
• /opt/vmware/horizon/workspace/logs/horizon.log / connector.log indicate an AuthN mismatch error where the node’s hostname is used instead of the configured VIP FQDN.
• This scenario parallels the known issue outlined in HW-134096 - VMware Identity Manager Connector may fail to communicate due to config-state.json corruption.

VMware Identity Manager 3.3.x

The affected node’s config-state.json has an outdated or corrupted version containing the local appliances hostname entry instead of the VIP address for the cluster. In comparison, healthy connectors in the same cluster have correct entries for the VIP address.

Prerequisites

• You have recent snapshots or backups to restore to if needed.
• You have identified the config-state.json file contains individual hostnames.
• The config-state.json file on the problematic node may be of a smaller size than the backup copy where the VIP addresses reside.
• You see AuthN mismatch errors in the previously discussed logs.

Procedure

1. Restore the config-state.json file on the problematic connector by following the instructions located in: HW-134096 - VMware Identity Manager Connector may fail to communicate due to config-state.json corruption.
2. If none of the backup config-state.json files contain the VIP address for the vIDM cluster on this node, follow the instructions outlined in Steps to re-create embedded connector in vIDM for this problematic node.