HW-134096 - VMware Identity Manager Connector may fail to communicate due to config-state.json corruption
search cancel

HW-134096 - VMware Identity Manager Connector may fail to communicate due to config-state.json corruption

book

Article ID: 322679

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • VMware Identity Manager Connector may fail to communicate with the tenant nodes. This issue is observed when the config-state.json file gets corrupted. An error message similar to com.vmware.horizon.connector.utils.ServiceUtils - Failed to check service health: invalid MOL url this is seen in the /opt/vmware/horizon/workspace/logs/connector.log and/or /opt/vmware/horizon/workspace/logs/horizon.log  
  • Connector Failed to load Auth Adapters | Auth Adapters are missing from vIDM Node as per kb 
  • LCM shows VIDM environment as healthy
  • Connector sync issue reported when checking VIDM health in VIDM 
  • Corrupted config.json file also results in AD login failures
  • The UI will not load and the URL will be redirected to https://<vIDMFQDN>/hc/error where it may show an error similar to Error: You do not have permission to access this page: /hc/3104/authenticate/ 

Environment

VMware Identity Manager 3.3.x

Cause

This may occur when the disk space is full .

Resolution

Broadcom Product team has been notified and is working to address this issue in a timely manner. Please subscribe to this article to receive updates when they are available.

Workaround:

Before following the steps below, make sure to take a snapshot of the virtual appliance(s)
 
Note that if there are multiple directories in vIDM there will be a directory for each <WORKER_ID> in the <TENANT_NAME> directory. In this case it is necessary to check the config-state.json in every <WORKER_ID> directory and restore the latest stable version for any affected directory . 

  1. SSH to VMware Identity Manager Appliance(s) using root credentials. Change the directory to the location of the config-state.json file by running the command:

cd /usr/local/horizon/conf/states/<TENANT_NAME>/<WORKER_ID>
 
For example  cd /usr/local/horizon/conf/states/VSPHERE.LOCAL/3001      

  1. Stop the service before doing anything.

service horizon-workspace stop

  1. Back up the current configuration file by running the command:

mv config-state.json config-state.json.1

  1. Copy application backup of the configuration file by running the command:

cp -p config-state.json.backup_<latest-stable-version> config-state.json

  1. Change the owner of the config-state.json to horizon user by running the command:

chown horizon:www /usr/local/horizon/conf/states/<TENANT_NAME>/<WORKER_ID>/config-state.json

  1. Change the permission of the config-state.json file by running the command:

chmod 640 /usr/local/horizon/conf/states/<TENANT_NAME>/<WORKER_ID>/config-state.json

  1. Start vIDM/Workspace service by running the command:

service horizon-workspace start
  1. Go to Directory Setting and for each tab do the save operation by navigating to Identity & Access Management > YOUR DIRECTORY > Sync Settings

  1. Navigate each of the tabs and click on Save.
  2. If the "Groups" page refuses to save due to an error about the Bind DN: come back to the directory settings, enter the Bind DN password, validate & save.
    Then come back to save the remaining tabs in Sync Settings.










  1. To avoid the issue for re-occurring please apply vIDM root partition is full on one node of the cluster

Additional Information

Impact/Risks:

The config-state.json has been corrupted and needs to be restored. If not restored, the connectors are not going to work in the existing condition


Powered by Wolken Software