NSX Login Fails with HTTP 500 Error via vIDM due to Domain controller communication timeout
search cancel

NSX Login Fails with HTTP 500 Error via vIDM due to Domain controller communication timeout

book

Article ID: 435280

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Intermittent authentication failures when logging into NSX Manager using Active Directory (AD) credentials through VMware Identity Manager (vIDM).
  • Users receive the error: The credentials were incorrect or the account specified has been locked.
  • The horizon.log on the vIDM appliance shows HTTP 500 Internal Server Error and Error communicating with connector messages.

Environment

VMware Identity Manager 3.3.7

Cause

This issue is typically caused by vIDM attempting to communicate with an unreachable or invalid Domain Controller (DC). 

Resolution

If the domain controllers selected by default are not the optimal ones for your configuration, edit the domain_krb.properties file and specify the domain controllers to use.

  1. Log in to the VMware Identity Manager appliance as root.
  2. Navigate to the directory: cd /usr/local/horizon/conf.
  3. Edit the domain_krb.properties file to add or edit the list of domain to host values.

    Use the following format:
    domain=host:port,host2:port,host3:port

    For example:
    example.com=examplehost1.example.com:389,examplehost2.example.com:389
  4. Change the owner of the domain_krb.properties file to horizon and group to www.
    chown horizon:www /usr/local/horizon/conf/domain_krb.properties
  5. Restart the service.
    service horizon-workspace restart

Additional Information

Verify Network Connectivity

curl -v telnet://<DC_FQDN_OR_IP>:389
curl -v telnet://<DC_FQDN_OR_IP>:636

Editing the domain_krb.properties file

Powered by Wolken Software