vIDM does not work with Kerberos Authentication
search cancel

vIDM does not work with Kerberos Authentication

book

Article ID: 417900

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • After updating the Active Directory configuration to use Kerberos, vIDM cannot sync with Active Directory
  • In the workspace log, 'workspace.log', found in the directory '/opt/vmware/horizon/workspace/logs', the following errors can be seen; 
    • 2025-11-04T11:46:09,524 INFO : com.vmware.horizon.adapters.kerberosAdapter.KerberosIdpAdapter - Initiating authentication using Kerberos
2025-11-04T11:46:09,561 INFO : com.vmware.horizon.adapters.kerberosAdapter.KerberosIdpAdapter - Kerberos authentication failure: null
2025-11-04T11:46:09,561 INFO : com.vmware.horizon.adapters.kerberosAdapter.KerberosIdpAdapter - Cause: Unsupported mechanism requested: 1.3.6.1.5.5.2

Environment

VMware Identity Manager 3.3.7

Cause

The 'idm_fips.security' or 'idm_non_fips.security' file are corrupt, possibly by a recent upgrade.

Resolution

  1. If VIDM is deployed in FIPS mode
    1. Check the File Permission
      ls -lrth /opt/vmware/horizon/workspace/conf/idm_fips.security

      Example:
      -r--r----- 1 horizon www 847 Aug 22 09:42 /opt/vmware/horizon/workspace/conf/idm_fips.security
    2. Take the backup of the file       
      cp -a /opt/vmware/horizon/workspace/conf/idm_fips.security /opt/vmware/horizon/workspace/conf/idm_fips.security.bak
    3. Copy the attached file[idm_fips.security] to vIDM Node/Nodes and replace   
      cp [idm_fips.security] /opt/vmware/horizon/workspace/conf/
    4. Check the file permission and set as per step a.
      chmod 440 /opt/vmware/horizon/workspace/conf/idm_fips.security
chown horozon:www /opt/vmware/horizon/workspace/conf/idm_fips.security
  1. If VIDM is deployed in Non FIPS mode
    1. Check the File Permission
      ls -lrth /opt/vmware/horizon/workspace/conf/idm_non_fips.security

      Example: 
      -r--r----- 1 horizon www 847 Aug 22 09:42 /opt/vmware/horizon/workspace/conf/idm_non_fips.security
    2. Take the backup of the file       
      cp -a /opt/vmware/horizon/workspace/conf/idm_non_fips.security /opt/vmware/horizon/workspace/conf/idm_non_fips.security.bak
    3. Copy the attached file[idm_non_fips.security] to vIDM Node/Nodes and replace      
      cp [idm_non_fips.security] /opt/vmware/horizon/workspace/conf/
    4. Check the file permission and set as per step a.
      chmod 440 /opt/vmware/horizon/workspace/conf/idm_non_fips.security
chown horozon:www /opt/vmware/horizon/workspace/conf/idm_non_fips.security

Attachments

idm_non_fips.security get_app
idm_fips.security get_app
Powered by Wolken Software