Unable to access the configurator page in vIDM 3.3.5
During the preperation of the upgrade for vRA, we stumbled on a vIDM (VMware Identity Manager) problem. The vIDM appliance couldn’t finished an inventory sync in vRSLCM (vRealise Suite Lifecycle Manager). The inventory sync failed with the following error message:
2023-01-19 15:12:18.648 ERROR [pool-3-thread-43] c.v.v.l.v.d.h.VidmImportUtil - -- Unable to login to configurator page using the specified systemAdminPassword YXYXYXYX FQDN-vIDM-SERVER
So the first thing that came in my mind, can I login to the configurator page manually?
When I tried to access the vIDM configurator page by the following URL: https://fqdn-vIDM-server:8443/cfg/, I was getting the following error.
I was also getting some strange errors when i tried to access the system diagnostics of the vIDM appliance:
I tried multiple reboots on the vIDM appliance for troubleshooting purposes, but unfortunately that didn’t fixed the issue.
Resolution – Fixing vIDM
This problem is caused by not having the correct permissions and/or ownership of the files in /opt/vmware/certproxy/ and /opt/vmware/certproxy/conf directories on the vIDM appliance. This is described in the following VMware KB article.
Note:
Make a snapshot of the vIDM appliance before performing any changes on the appliance.
Expected permissions and ownership of files in the directory /opt/vmware/certproxy/
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 bin
drwxr----- 2 horizon www 4096 Jan 22 2021 conf
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 lib
in my case it was:
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 bin
drwxr----- 2 sshuser www 4096 Jan 22 2021 conf
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 lib
Also files in directory /opt/vmware/certproxy/conf were having incorrect permissions and ownership
Expected permissions and ownership:
-rw-r----- 1 horizon www 184 Jan 22 2021 cert-proxy-ehcache.xml
-rw-r----- 1 horizon www 1592 Jan 22 2021 cert-proxy-log4j.properties
-rw-r----- 1 horizon www 1506 Jan 22 2021 cert-proxy.properties
-rw-r----- 1 horizon www 1506 Jan 22 2021 cert-proxy.properties.bk
-r-------- 1 horizon www 611 Jan 22 2021 idm_fips.security
in my case it was:
-rw-r----- 1 sshuser www 184 Jan 22 2021 cert-proxy-ehcache.xml
-rw-r----- 1 sshuser www 1592 Jan 22 2021 cert-proxy-log4j.properties
-rw-r----- 1 sshuser www 1506 Jan 22 2021 cert-proxy.properties
-rw-r----- 1 sshuser www 1506 Jan 22 2021 cert-proxy.properties.bk
-r-------- 1 sshuser www 611 Jan 22 2021 idm_fips.security
To get this fixed we can use the following commands:
chown horizon:www /opt/vmware/certproxy/conf
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy-ehcache.xml
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy-log4j.properties
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy.properties
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy.properties.bk
chown horizon:www /opt/vmware/certproxy/conf/idm_fips.security
These commands should be sufficient according to VMware their KB article, but in my case I needed to restart the horizon-workspace service.
systemctl restart horizon-workspace.service
I was able to access the system diagnostics and the configurator (on port 8443) after the reboot.