VMware Aria Automation 8.18.x (formerly vRealize Automation)
VMware Identity Manager (vIDM) 3.3.x

The issue is caused by a communication failure between VMware Identity Manager (vIDM) and Active Directory (AD). A network interruption triggers a cascading failure:

TLS Connection Drop: The secure connection to the AD host (typically on port 636) is severed.
Thread Deadlock: The hc/connector service fails to gracefully close pending LDAP requests, causing Tomcat threads to become permanently stuck.
Memory Leak: The stuck threads trigger warnings regarding unremoved ThreadLocal variables and probable memory leaks.
Authentication Freeze: All subsequent password-based authentication requests queue up indefinitely in a BEGIN state, causing the UI to hang.

/opt/vmware/horizon/workspace/logs, you may see below:

connector.log: Action:TLS_CONNECTION_DROPPED, Message:TLS Connection Dropped to host - (IP_ADDRESS:636)
connector.log: javax.naming.CommunicationException: simple bind failed: [FQDN]:636 ... Caused by: java.net.SocketException: Connection reset
workspace.log: WARNING ... The thread [tomcat-http-###] of web application [hc] is still processing a request that has yet to finish. This is very likely to create a memory leak.

To resolve the issue and restore service, follow these steps:

• Investigate Network/AD Connectivity:

Engage your Internal Active Directory and Network teams to investigate and resolve timeout or connectivity issues. Ensure that LDAPS traffic (Port 636) is stable and not being dropped by load balancers or firewalls.

• Restart the Connector Service:

Once the network is stabilized, perform a manual restart of the Horizon/vIDM services (specifically the hc service). This clears the deadlocked threads and allows the system to process new authentication requests.

• Verify Service Status:

Confirm that the connector service is running and that new authentication requests in the logs move beyond the BEGIN state.