In VMware Identity Manager 3.3.7, you may experience a situation where the environment becomes inaccessible at seemingly random intervals, often requiring a weekly restart of the horizon-workspace service.

Symptoms include:

• "vIDM Messaging Server Test Connection failed" errors in the UI.
• Health status of the vIDM instance appears as "Degraded".
• In connector.log, you observe the following error:

  2025-10-22T20:30:00,005 ERROR (pool-640757-thread-7) [;;;] com.vmware.horizon.directory.ldap.dc.commons.LdapPingChecker - Communication Error connecting to dc DC.domain for domain Domain.local javax.naming.CommunicationException: DC.domain:389

VMware Identity Manager 3.3.7.0

This issue is caused by inconsistent or incorrect NTP (Network Time Protocol) settings across the infrastructure. When the time on the VMware Identity Manager appliance drifts out of sync with the Domain Controller or other identity sources, LDAP communication and authentication tokens fail. This leads to a high number of waiting threads, eventually causing the service to become unresponsive.

To resolve this issue, you must ensure consistent time synchronization across your environment:

1. Log in to each VMware Identity Manager appliance via SSH.
2. Verify the current time and NTP synchronization status using the date or timedatectl commands.
3. Update the NTP configuration to point to a valid, consistent time source used by your Domain Controllers.
4. Ensure firewall rules allow NTP traffic (UDP 123) between the appliances and the NTP server.
5. Restart the workspace service to clear hung threads:

   service horizon-workspace restart

• Subscribe to this knowledge article to get updates on this issue.
• If the issue persists after synchronizing time, verify DNS health as outlined in KB 371733 to ensure the appliance can consistently resolve Domain Controller FQDNs.