Inventory synchronization for VMware Identity Manager (vIDM) fails from VMware Aria Suite Lifecycle (LCM). The failure occurs while attempting to trust the vIDM certificate and update the authentication provider for the vIDM load balancer (LB).

The following error messages are observed:

Error Code: LCMVIDM70020 Unable to fetch vIDM certificate. Ensure to specify a valid vIDM host and that the host has a certificate to be trusted in VMware Aria Suite Lifecycle. Unable to get the vIDM certificate on the host LB.domanin.com.  java.security.cert.CertificateException: Unable to get the vIDM certificate on the host LB.domanin.com     at com.vmware.vrealize.lcm.vidm.request.common.util.VidmCommonUtil.trustCertificateInLcmByHostName(VidmCommonUtil.java:162) at com.vmware.vrealize.lcm.vidm.core.task.TrustVidmCertificateInLCMTask.execute(TrustVidmCertificateInLCMTask.java:72) at com.vmware.vrealize.lcm.platform.automata.service.Task.retry(Task.java:158) at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:60) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source)

When attempting to sync or re-register the authentication provider for the vIDM load balancer, the following error is also seen:

• Error Code: LCMVIDM71147 Failed to update Auth provider with VMware Aria Suite Lifecycle hostname. Failed to login to VMware Identity Manager LB.domanin.com.

Additional observations:

• nslookup from the LCM appliance to the vIDM LB times out
• openssl and curl commands to the LB fail from LCM

VMware Identity Manager 3.3.7

VMware Aria Suite Lifecycle 8.18 (PATCH5)

The VMware Aria Suite Lifecycle (LCM) appliance is configured to use an obsolete or incorrect DNS server. As a result, DNS resolution for the vIDM load balancer FQDN fails.

Update the DNS configuration on the VMware Aria Suite Lifecycle appliance to point to the correct and currently active DNS server by following the official Broadcom documentation:

Change in DNS Server for VMware Aria Suite Lifecycle

https://techdocs.broadcom.com/jp/ja/vmware-cis/aria/aria-suite-lifecycle/8-18/vmware-aria-suite-lifecycle-installation-upgrade-and-management-8-18/troubleshooting/change-in-dns-server.html

After updating the DNS settings, revalidate DNS resolution and retry the vIDM inventory synchronization.

IMPORTANT:

• Do not proceed with any DNS changes without taking a valid snapshot and/or backup of the VMware Aria Suite Lifecycle appliance.

• If resolvectl status continues to show old DNS server entries after applying the DNS change, reboot the VMware Aria Suite Lifecycle appliance from vCenter and verify the DNS settings again.

• Ensure no active LCM workflows are running before performing DNS changes.