Unable to access the configurator page in vIDM 3.3.5 1

Unable to access the configurator page in vIDM 3.3.5

During the preperation of the upgrade for vRA, we stumbled on a vIDM (VMware Identity Manager) problem. The vIDM appliance couldn’t finished an inventory sync in vRSLCM (vRealise Suite Lifecycle Manager). The inventory sync failed with the following error message:

2023-01-19 15:12:18.648 ERROR [pool-3-thread-43] c.v.v.l.v.d.h.VidmImportUtil -  -- Unable to login to configurator page using the specified systemAdminPassword YXYXYXYX FQDN-vIDM-SERVER

So the first thing that came in my mind, can I login to the configurator page manually?
When I tried to access the vIDM configurator page by the following URL: https://fqdn-vIDM-server:8443/cfg/, I was getting the following error.

error configurator page vidm
An error message in vIDM without any usefull information.

I was also getting some strange errors when i tried to access the system diagnostics of the vIDM appliance:

error system diagnostics vidm
Another error message in vIDM without any usefull information.

I tried multiple reboots on the vIDM appliance for troubleshooting purposes, but unfortunately that didn’t fixed the issue.

Resolution – Fixing vIDM

This problem is caused by not having the correct permissions and/or ownership of the files in /opt/vmware/certproxy/ and /opt/vmware/certproxy/conf directories on the vIDM appliance. This is described in the following VMware KB article.

Note:

Make a snapshot of the vIDM appliance before performing any changes on the appliance.

Expected permissions and ownership of files in the directory /opt/vmware/certproxy/

dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 bin
drwxr----- 2 horizon www 4096 Jan 22 2021 conf
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 lib

in my case it was:

dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 bin
drwxr----- 2 sshuser www 4096 Jan 22 2021 conf
dr-xr-x--- 2 horizon www 4096 Jul 20 13:28 lib

Also files in directory /opt/vmware/certproxy/conf were having incorrect permissions and ownership

Expected permissions and ownership:

-rw-r----- 1 horizon www 184 Jan 22 2021 cert-proxy-ehcache.xml
-rw-r----- 1 horizon www 1592 Jan 22 2021 cert-proxy-log4j.properties
-rw-r----- 1 horizon www 1506 Jan 22 2021 cert-proxy.properties
-rw-r----- 1 horizon www 1506 Jan 22 2021 cert-proxy.properties.bk
-r-------- 1 horizon www 611 Jan 22 2021 idm_fips.security

in my case it was:

-rw-r----- 1 sshuser www 184 Jan 22 2021 cert-proxy-ehcache.xml
-rw-r----- 1 sshuser www 1592 Jan 22 2021 cert-proxy-log4j.properties
-rw-r----- 1 sshuser www 1506 Jan 22 2021 cert-proxy.properties
-rw-r----- 1 sshuser www 1506 Jan 22 2021 cert-proxy.properties.bk
-r-------- 1 sshuser www 611 Jan 22 2021 idm_fips.security

To get this fixed we can use the following commands:

chown horizon:www /opt/vmware/certproxy/conf 
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy-ehcache.xml
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy-log4j.properties
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy.properties
chown horizon:www /opt/vmware/certproxy/conf/cert-proxy.properties.bk
chown horizon:www /opt/vmware/certproxy/conf/idm_fips.security

These commands should be sufficient according to VMware their KB article, but in my case I needed to restart the horizon-workspace service.

systemctl restart horizon-workspace.service

I was able to access the system diagnostics and the configurator (on port 8443) after the reboot.

Leave a Comment