Prerequisites

• You have access to root, admin, and sshuser passwords.
  • If necessary, reset the password using VMware Workspace One Access and IDM, resetting admin and configurator passwords
  • In vCF-mode enabled environments, the root and admin (443) password are managed by SDDC Manager.

Validating Health from the User Interface (UI)

1. Login to the Admin Console using the admin user account https://vIDMFQDN

2. Access the System Diagnostic page to validate the appliance health.
3. If configured in a cluster, validate that Postgres is reporting healthy.
   1. Login to VMware Aria Suite Lifecycle and validate the Global Environment Health.
   2. Trigger a Postgres Cluster health.
   3. Confirm there is no Health Notification.
      1. If one exists, access the notification pane and confirm if the problem is due to the root password not updated in Locker. If required, remediate the passwords following Remediating passwords updated outside of VMware Aria Suite Lifecycle.
      2. If the root password is updated in Locker, Troubleshooting VMware Identity Manager postgres cluster deployed through vRealize Suite Lifecycle Manager, 
   4. If you receive a message similar to the image below, validate the config-state.json file is not corrupted by following instructions found in HW-134096 - VMware Identity Manager Connector may fail to communicate due to config-state.json corruption.

Validating Services from the Command Line Interface (CLI)

1. Confirm available disk space by reviewing the output of the below command:

   df -h

2. Confirm the below services are running.

   service horizon-workspace status; service elasticsearch status; /etc/init.d/opensearch status; service pgService status; service vpostgres status
   

3. Confirm DNS is configured properly by running the following commands and validating their output:

   nslookup $( iface-ip eth0); nslookup $( uname -n)

VMware Identity Manager Best Practices

• Keep all passwords updated in VMware Aria Suite Lifecycle Locker. Operational maintenance of the root password should be done within Aria Suite Lifecycle Locker exclusively, unless absolutely necessary. Aria Suite Lifecycle has scheduled health replication delays between nodes in a cluster. For more information see:
  • VMware Workspace ONE Access Postgres cluster outage due to loss of delegate IP
  • Analyzing root causes of Postgres Cluster issues on Workspace One (vIDM Vmware identity Manager)
  • Troubleshooting VMware Identity Manager postgres cluster deployed through vRealize Suite Lifecycle Manager
  • Scheduled Health Checks
• Graceful Power ON and Power OFF the appliances from VMware Aria Suite Lifecycle, otherwise, follow the article Graceful Shutdown and Power On of a VMware Identity Manager PostgreSQL cluster.
• Remove old snapshots from any appliances. Snapshots should only be used temporarily for changes if daily backups are not available. Snapshots are not a long-term backup solution. See Best practices for using VMware snapshots in the vSphere environment for additional information.
• Create frequent backups of the appliances.
• Remove log bundles and database dumps. These files should not persist on the appliances and should be removed after they are generated and copied to support or offline for review.
  • VMware Aria Suite Lifecycle can be used to collect a log bundle from a cluster. It can be requested from the globalenvironment. Once the log bundle is collected, delete it from the appliance.
• VMware Identity Manager clusters are SSL-terminated. During a certificate replacement:
  • Place the CA and Certificate Chain in the Load Balancer.
  • Appy them to the VIP.
  • Then, request the certificate replacement.
  • The wizard will suggest to re-trust the VMware Aria Products that are integrated with vIDM. This will cause downtime. This is required in other to avoid authentication issues. Optionally, you may trigger the re-trust later on the product page.
  • Then, submit the certificate replacement request.

• Custom modifications to the underlying operating system are not supported. See VMware Virtual Appliances and customizations to operating system and included packages.