Active Directory synchronization fails and users cannot log in after implementing Channel Binding Token (CBT) or LDAP sealing
search cancel

Active Directory synchronization fails and users cannot log in after implementing Channel Binding Token (CBT) or LDAP sealing

book

Article ID: 435810

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

In VMware Identity Manager, Active Directory synchronization stops functioning. As a result, users are unable to log in or authenticate to the environment.

Environment

  • VMware Identity Manager 3.3.7

  • Active Directory over IWA

Cause

A change to the Active Directory environment implementing Channel Binding Token (CBT) enforcement (also known as "LDAP sealing") causes corruption in the existing directory configuration.

Resolution

To resolve this issue, delete and recreate the directory configuration.

  1. Log in to the VMware Identity Manager administration console.

  2. Navigate to the Directories configuration section.

  3. Delete the existing Active Directory over IWA directory.

  4. Recreate the directory using the Active Directory over IWA configuration.

  5. Initiate a directory synchronization to verify the connection is restored.

Powered by Wolken Software