Unable to sync VMware Identity Manager with AD
Article ID: 423069
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
While running the sync from Directory in vIDM we get error:
Response from connector: Failed to complete dry run.
In /opt/vmware/horizon/workspace/logs/connector.log we see errors like below:
YYYY-MM-DDTHH:MM:SS,### ERROR (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.directory.ldap.dc.service.context.JNDIContextFetcher - Failed to connect to <LDAP-server>javax.naming.CommunicationException: simple bind failed: <LDAP-server>Caused by: javax.net.ssl.SSLHandshakeException at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:1.8.0_352]Caused by: java.security.cert.CertificateException at com.vmware.horizon.dirsync.ExplicitX509TrustManager.checkServerTrusted(ExplicitX509TrustManager.java:108) ~[commons-connector-0.1.jar:3.3.7.0 Build 21173100]YYYY-MM-DDTHH:MM:SS,### ERROR (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.directory.ldap.dc.service.DirectoryConnectService - AD connection failed for <LDAP-server>com.vmware.horizon.directory.ldap.exceptions.DirectoryConnectionException: Could not connect to the Domain Controller. at com.vmware.horizon.directory.ldap.dc.service.context.JNDIContextFetcher.handleLdapExceptions(JNDIContextFetcher.java:130) ~[adapter-ldap-0.1.jar:3.3.7.0 Build 21173100]Environment
VMware Identity manager 3.3.7
Cause
Certificate changed on Active Directory end but not updated in the vIDM
Resolution
- Login to vIDM UI using admin credentials from System domain.
- Go to Identity and Access Management -> Directories and select your AD which has sync issues.
- Scroll down in the Settings tab and on the Encryption section update the SSL certificate field with the new Root certificate of the AD in PEM format.
- Provide Bind user password and click Save
Feedback
Yes
No
Powered by
