VMware Workspace ONE Community
DustinEnfinger
Contributor
Contributor

Identity Manager with View Sync failure

Hello!

     We are having issues syncing our view environment with Vmware Identity Manager. When we enable view pools, it identifies all of our connection servers, but the hourly sync action fails. Looking at the alerts we only get a generic error (Failed Sync Action: Failed to complete sync due to Exception: {0} ) but it does not expound on that exception. Has anyone found anything that could help us resolve our issue? I have specified the domain_krb.properties and the krb5.conf files, but nothing has resolved our issue.

7 Replies
mmason2358
Contributor
Contributor

I am having the same issue testing out Identity Manager 2.8.  I am unable to a manual sync.  The schedule sync will give the same error as you are getting. Our Horizon deployment is version 7.0.2.  Having no issues syncing to Active Directory.  Our production workspace 2.1.1 currently has no issues syncing the view pools.

We have not changed the krb or domain files manually on the appliance.

I think this might be the actual error found in connector.log :

2016-11-22 23:59:11,505 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] net.shibboleth.utilities.java.support.xml.BasicParserPool - XML Parsing Error

org.xml.sax.SAXParseException; lineNumber: 6; columnNumber: 20; The entity "nbsp" was referenced, but not declared.

2016-11-22 23:59:11,525 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.view.impl.ViewSyncScheduleService - Unable to parse message into a DOM

com.tricipher.tacsag.exception.SamlException: Unable to parse message into a DOM Status code response is 0. (TriCipher errorCode=0)

Caused by: org.xml.sax.SAXParseException; lineNumber: 6; columnNumber: 20; The entity "nbsp" was referenced, but not declared.

2016-11-22 23:59:11,528 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.mvc.UIAlerts - message.syncerror.exception

2016-11-22 23:59:11,529 INFO  (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.admin.StateService - Saving config for 3002@WORKSPACEPORTAL to file /usr/local/horizon/conf/states/WORKSPACEPORTAL/3002/config-state.json

2016-11-22 23:59:11,539 INFO  (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.admin.StateService - Saving state config to disk DONE.

2016-11-22 23:59:11,539 INFO  (Timer-11) [3002@WORKSPACEPORTAL;;] com.vmware.horizon.connector.view.impl.ViewSyncScheduleService - View sync completed with status : message.viewSync.failure

2016-11-22 23:59:11,505 ERROR (Timer-11) [3002@WORKSPACEPORTAL;;] net.shibboleth.utilities.java.support.xml.BasicParserPool - XML Parsing Error

Reply
0 Kudos
cdubz
Enthusiast
Enthusiast

Some things I would check:

1.) Are the Desktop Pools assigned to the root (/ ) access group in the Horizon Administrator.  If not move them to there.  I believe Identity Manager documentations says to have to them there (not 100% sure)

2.) Does the account you are using to do the View Application sync and import have administrator access into the Horizon View Administrator?  Under the Horizon Administrator check View Configuration > Administrators.

3.) Have you trusted the View Connection Server Certificates in Identity Manager before trying to sync (Where it lists all the connection servers in the View Pod it will say Invalid SSL Cert as a red hyperlink.  Click each one and accept the certificate.

4.) Have enabled the SAML Authenticator on each Connection Server in the Pod?  Under the Horizon Administrator, View Configuration > Servers > Connection Servers.  Edit Each Server and update the Authentication Tab with your IdM as a SAML Authenticator.

rene_iti
Contributor
Contributor

Another thing I would check is time on the the View connection servers and the VIDM servers.    The systems have a very low tolerance for out of sync time.

Reply
0 Kudos
cbaptiste
Hot Shot
Hot Shot

Where you able to resolve this?

Reply
0 Kudos
cbaptiste
Hot Shot
Hot Shot

I was able to resolve this by checking the box that reads 'sync local entitlement'. It's funny how it's a check box which means its optional but not selecting causes issues.

Reply
0 Kudos
dgrinnell
Enthusiast
Enthusiast

Hey i have been having the "Unable to parse message into a DOM" error, so the check local entitlement fixed it for you? were you using an on-prem IDM or WS1 IDM?

thanks

Reply
0 Kudos
RGrabovskiy
Contributor
Contributor

Thanks.

In my case I have 2 Connection Servers with only one SAML enabled.

When I enabled SAML on the other Connection Server the "Unable to parse message into a DOM"  issue is gone.

Reply
0 Kudos