Error "Primary tenant.xxx redirected you too many times" while accessing "Users and groups" in VMware Identity Manager.

search cancel

Error "Primary tenant.xxx redirected you too many times" while accessing "Users and groups" in VMware Identity Manager.

book

Article ID: 426210

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Tab "Users and groups" and "Identity & Access Management" in VMware Identity Manager fails to load with an error "Primary tenant.xxx redirected you too many times" .

Accessing "Roles" tab fails with an error "An unexpected error has occurred. Please try again later".

/opt/vmware/horizon/workspace/logs/horizon.log

YYYY-MM-DD ERROR (tomcat-http--29) [test-tenant;-;Site-X-AVN.19;] com.vmware.horizon.components.identity.acsdomesscontrol.acsdomessControlGateway - Failed to make a request to ACS.
com.vmware.vidm.common.http.client.HttpException: javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source) at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source) at java.base/java.security.acsdomessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source) at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1548) at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1394) at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235) ... 20 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found. at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source) at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at java.base/sun.security.validator.Validator.validate(Unknown Source) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

Environment

VMware Identity Manager 3.3.7

Cause

Invalid certificates on VIDM nodes.

Resolution

Renew VIDM certificate with valid details of all 3 nodes referring below KB using Aria Suite Lifecycle Manager.
Certificate Replacement for VMware Identity Manager deployed from Aria Suite Lifecycle

Feedback

thumb_up Yes

thumb_down No