• The Identity Broker was deployed with 3-node cluster structure;
• Sometimes, when trying to login VCF component, such as VCF Operations or Fleet Management, during redirecting the login request to Identity Broker, the web page was redirected to an error page with "VCF Identity Broker encountered an issue during authentication"
  
  
  
  
• When synchronizing with domain controller, it may return "Sync Failed" intermittently. On the title bar, there is error as "LDAP server is not reachable".
  
  
  
  
  
• In vidb-service log, there is entry like:
  
  YYYY-MM-DDTHH:MM:SS stdout F YYYY-MM-DDTHH:MM:SS ERROR vidb-service-<vidb pod id>:usergroup (usergroup-business-pool-0) [CUSTOMER;-;127.0.0.1;xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx;-] com.vmware.vidm.usergroup.service.broker.connector.ActiveDirectoryServiceImpl - Failed to connect to Active Directory socket (<Domain Controller IP or FQDN>:389)

VMware Cloud Foundation 9

Identity Broker

At least one identity broker node failed to connect to TCP port 389 of the domain controller.

Please make sure all identity broker nodes can access TCP port 389 of the domain controller.