Hello!
We are having issues syncing our view environment with Vmware Identity Manager. When we enable view pools, it identifies all of our connection servers, but the hourly sync action fails. Looking at the alerts we only get a generic error (Failed Sync Action: Failed to complete sync due to Exception: {0} ) but it does not expound on that exception. Has anyone found anything that could help us resolve our issue? I have specified the domain_krb.properties and the krb5.conf files, but nothing has resolved our issue.
I am having the same issue testing out Identity Manager 2.8. I am unable to a manual sync. The schedule sync will give the same error as you are getting. Our Horizon deployment is version 7.0.2. Having no issues syncing to Active Directory. Our production workspace 2.1.1 currently has no issues syncing the view pools.
We have not changed the krb or domain files manually on the appliance.
I think this might be the actual error found in connector.log :
2016-11-22 23:59:11,505 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] net.shibboleth.utilities.java.support.xml.BasicParserPool - XML Parsing Error
org.xml.sax.SAXParseException; lineNumber: 6; columnNumber: 20; The entity "nbsp" was referenced, but not declared.
2016-11-22 23:59:11,525 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.view.impl.ViewSyncScheduleService - Unable to parse message into a DOM
com.tricipher.tacsag.exception.SamlException: Unable to parse message into a DOM Status code response is 0. (TriCipher errorCode=0)
Caused by: org.xml.sax.SAXParseException; lineNumber: 6; columnNumber: 20; The entity "nbsp" was referenced, but not declared.
2016-11-22 23:59:11,528 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.mvc.UIAlerts - message.syncerror.exception
2016-11-22 23:59:11,529 INFO (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.admin.StateService - Saving config for 3002@WORKSPACEPORTAL to file /usr/local/horizon/conf/states/WORKSPACEPORTAL/3002/config-state.json
2016-11-22 23:59:11,539 INFO (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.admin.StateService - Saving state config to disk DONE.
2016-11-22 23:59:11,539 INFO (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.view.impl.ViewSyncScheduleService - View sync completed with status : message.viewSync.failure
2016-11-22 23:59:11,505 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] net.shibboleth.utilities.java.support.xml.BasicParserPool - XML Parsing Error
Some things I would check:
1.) Are the Desktop Pools assigned to the root (/ ) access group in the Horizon Administrator. If not move them to there. I believe Identity Manager documentations says to have to them there (not 100% sure)
2.) Does the account you are using to do the View Application sync and import have administrator access into the Horizon View Administrator? Under the Horizon Administrator check View Configuration > Administrators.
3.) Have you trusted the View Connection Server Certificates in Identity Manager before trying to sync (Where it lists all the connection servers in the View Pod it will say Invalid SSL Cert as a red hyperlink. Click each one and accept the certificate.
4.) Have enabled the SAML Authenticator on each Connection Server in the Pod? Under the Horizon Administrator, View Configuration > Servers > Connection Servers. Edit Each Server and update the Authentication Tab with your IdM as a SAML Authenticator.
Another thing I would check is time on the the View connection servers and the VIDM servers. The systems have a very low tolerance for out of sync time.
Where you able to resolve this?
I was able to resolve this by checking the box that reads 'sync local entitlement'. It's funny how it's a check box which means its optional but not selecting causes issues.
Hey i have been having the "Unable to parse message into a DOM" error, so the check local entitlement fixed it for you? were you using an on-prem IDM or WS1 IDM?
thanks
Thanks.
In my case I have 2 Connection Servers with only one SAML enabled.
When I enabled SAML on the other Connection Server the "Unable to parse message into a DOM" issue is gone.