AD Directory Sync fails with error: "Failed to parse the response received from connector."
search cancel

AD Directory Sync fails with error: "Failed to parse the response received from connector."

book

Article ID: 422605

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Failing Directory Sync with error: "Failed to parse the response received from connector."
  • When attempting to test the connection with the Bind Credentials in the configured Directory it fails with: "Connector communication failed with response: for the connector <Connector_FQDN>."
  • Directory is configured with "Active Directory (Integrated Windows Authentication)"
  • /opt/vmware/horizon/workspace/logs/connector-dir-sync.log contains entries similar to:
    2025-11-17T16:55:48,453 ERROR (Timer-4) [;;;] com.vmware.horizon.connector.admin.SyncScheduleService - Unable to fetch config status for service initiated sync.
    com.vmware.horizon.connector.exception.HorizonException: Could not get the Suite Token from Service.
            at com.vmware.horizon.connector.admin.service.impl.TokenGenerationServiceImpl.getSuiteToken(TokenGenerationServiceImpl.java:46) ~[connector-service-api-0.1.jar:3.3.7.0 Build 21173100]
            at com.vmware.horizon.connector.admin.SyncScheduleService.isServiceInitiatedFlow(SyncScheduleService.java:220) ~[classes/:3.3.7.0 Build 21173100]
            at com.vmware.horizon.connector.admin.ScheduleService$2.run(ScheduleService.java:256) ~[classes/:3.3.7.0 Build 21173100]
            at java.util.TimerThread.mainLoop(Timer.java:555) ~[?:1.8.0_352]
            at java.util.TimerThread.run(Timer.java:505) ~[?:1.8.0_352]
    Caused by: com.vmware.horizon.client.rest.Exception.ApiException: Request failed: Connect to localhost:443 [localhost/127.0.0.1] failed: connect timed out
  • /opt/vmware/horizon/workspace/logs/connector.log contains entries similar to:
    2025-11-17T16:55:44,449 INFO  (Timer-4) [;;;] org.apache.http.impl.execchain.RetryExec - I/O exception (org.apache.http.conn.ConnectTimeoutException) caught when processing request to {s}->https://localhost:443: Connect to localhost:443 [localhost/127.0.0.1] failed: connect timed out
    2025-11-17T16:55:44,449 INFO  (Timer-4) [;;;] org.apache.http.impl.execchain.RetryExec - Retrying request to {s}->https://localhost:443
    2025-11-17T16:55:48,451 WARN  (resourceSyncTaskExecutor-4) [;;;] com.vmware.horizon.client.rest.Utils - Request failed: Connect to localhost:443 [localhost/127.0.0.1] failed: connect timed out
    org.apache.http.conn.ConnectTimeoutException: Connect to localhost:443 [localhost/127.0.0.1] failed: connect timed out

 

Environment

Identity Manager 3.3.7

Cause

Directory Sync configured with Integrated Windows Authentication requires the connector to be joined to the AD domain so it can use the machine account to do the AD searches.

The Likewise application is used within our appliances for the AD connection from Linux.  At times this connection gets disrupted causing unexpected communication issues with AD.

The status of the connection can be checked from the command line by doing an SSH into the appliance that is used for the Sync process and running a likewise query:
This is the output if the server is not currently joined to a domain.

# /opt/likewise/bin/domainjoin-cli query
Name = <IDM_Hostname>
Domain =

Resolution

  1. Edit the configured Directory to use one of the other connectors as a Sync.
    • Navigate to the VIDM in Administration Console > Identity & Access Management > Select appropriate directory under Directory Name.  Once in the directory you should see a section labeled "Directory Sync and Authentication" and an entry of "Sync Connector".  Select the drop down and if another connector is available switch to that and put in the Bind User Password, do a Test Connection and Save the Directory if it passes.
  2. If you don't have another connector then leave the domain with the existing connector with the intent to rejoin it.  You can use the command line tool to leave the domain if the UI isn't working cleanly.
    # /opt/likewise/bin/domainjoin-cli leave
  3. Join the connector back to the domain through the Administrator Console > Identity & Access Management > Setup (upper right corner) > Connectors.
  4. Retest the Directory Sync