VMware Cloud Community
milesthomp
Enthusiast
Enthusiast
Jump to solution

Changing ActiveDirectory Identity Source to use LDAPS - error

Hello,

I'm in the last step of hardening our domain network to use LDAPS rather than LDAP and the only thing left I need to reconfigure is the vCenter Identity source.

But, when I change the settings to use LDAPS, I get this error:

Check the network settings and make sure you have network access to the identity source.

Where can I look (logs etc) to see why this is failing?

I've searched high and low but can't find any solution to this and have updated vcenter to latest version (6.7.0.42100)

Reply
0 Kudos
1 Solution

Accepted Solutions
stevenbright
Enthusiast
Enthusiast
Jump to solution

The username does indeed need to be provided in either the principal name format (username@domainname) or as a UPN.

Did you provide the certificate for the CA that signed your domain controller certificates? It looks like the signing CA is mox-MOX-DC1-CA.Mox.local.

I receive the same error "ERROR com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] 'IdentityStore certificates' value should not be empty" when I didn't select an SSL Certificate for the authentication provider. Once I select the CA cert, the error goes away.

View solution in original post

6 Replies
stevenbright
Enthusiast
Enthusiast
Jump to solution

Check the logs within the folder /var/log/vmware/sso. When attempting to add an authentication source that fails, I see information related to the failure specifically in  /var/log/vmware/sso/vmware-identity-sts-default.log.

Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee
Jump to solution

Moderator: Moved to vCenter Server


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
milesthomp
Enthusiast
Enthusiast
Jump to solution

Thanks.

I pulled the log and see here's a chunk of it where it shows changing from ldap to ldaps and changing the AD than for ldap://mox.local to ldaps://MOX-DC1.MOX.LOCAL:3269,

It doesn't like it. I tried changing my username to distinguished name as I see there's a bunch of UPN errors but it still fails.

Any ideas?? I can ping the DC from vcenter with no issues and can telnet from my pc to that port on that DC..

[2020-02-07T21:16:23.354Z pool-2-thread-5                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'ServiceInstance.retrieveServiceContent'

[2020-02-07T21:16:23.366Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdapAuthnType'

[2020-02-07T21:16:23.375Z pool-2-thread-5                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:23 UTC","description":"Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

[2020-02-07T21:16:23.375Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'

[2020-02-07T21:16:23.385Z pool-2-thread-5 vsphere.local        56222754-62ae-4e93-bcf2-9ae550c28bc0 ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:23.385Z pool-2-thread-5                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:23.657Z pool-2-thread-5 vsphere.local        78cdedd8-9df8-4230-8fa9-60e8901b0735 INFO  com.vmware.identity.idm.server.IdentityManager] Provider [MOX.LOCAL] successfully set for tenant [vsphere.local]

[2020-02-07T21:16:23.657Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] Vmodl method IdentitySourceManagementService.updateLdapAuthnType return value is null

[2020-02-07T21:16:23.751Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdap'

[2020-02-07T21:16:23.753Z pool-2-thread-5                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:23 UTC","description":"Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@3b887329 friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

[2020-02-07T21:16:23.753Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@58e9ef4e friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false'

[2020-02-07T21:16:23.773Z pool-2-thread-5 vsphere.local        6c53f85e-f7d5-4ea0-bb37-14c40bd10086 ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:23.774Z pool-2-thread-5                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:23.784Z pool-2-thread-5 vsphere.local        f5d62f07-54f6-4373-bc5b-08fd3ea5867d ERROR com.vmware.identity.idm.ValidateUtil] 'IdentityStore certificates' value should not be empty

[2020-02-07T21:16:23.784Z pool-2-thread-5 vsphere.local        f5d62f07-54f6-4373-bc5b-08fd3ea5867d ERROR com.vmware.identity.idm.server.IdentityManager] Failed to set Ldap provider for tenant [vsphere.local]

[2020-02-07T21:16:23.784Z pool-2-thread-5 vsphere.local        f5d62f07-54f6-4373-bc5b-08fd3ea5867d ERROR com.vmware.identity.idm.server.ServerUtils] Exception 'java.lang.IllegalArgumentException: 'IdentityStore certificates' value should not be empty'

java.lang.IllegalArgumentException: 'IdentityStore certificates' value should not be empty

at com.vmware.identity.idm.ValidateUtil.logAndThrow(ValidateUtil.java:475) ~[vmware-identity-idm-interface-7.0.0.jar:?]

at com.vmware.identity.idm.ValidateUtil.validateNotEmpty(ValidateUtil.java:237) ~[vmware-identity-idm-interface-7.0.0.jar:?]

at com.vmware.identity.idm.server.IdentityManager.probeProviderConnectivity(IdentityManager.java:2841) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:2540) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:9547) [vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.client.CasIdmClient.setProvider(CasIdmClient.java:929) [vmware-identity-idm-client-7.0.0.jar:?]

at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:536) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

[2020-02-07T21:16:23.784Z pool-2-thread-5                                                           ERROR com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl] 'IdentityStore certificates' value should not be empty

[2020-02-07T21:16:23.785Z pool-2-thread-5                                                           ERROR com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] 'IdentityStore certificates' value should not be empty

java.lang.IllegalArgumentException: 'IdentityStore certificates' value should not be empty

at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:546) ~[sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) ~[sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) ~[sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

[2020-02-07T21:16:29.446Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'ServiceInstance.retrieveServiceContent'

[2020-02-07T21:16:29.458Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdapAuthnType'

[2020-02-07T21:16:29.464Z pool-2-thread-5                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:29 UTC","description":"Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

[2020-02-07T21:16:29.465Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'

[2020-02-07T21:16:29.477Z pool-2-thread-5 vsphere.local        86b4675d-1aa5-4287-a3e1-aea9dfda1272 ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:29.477Z pool-2-thread-5                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:29.630Z pool-2-thread-5 vsphere.local        5e83383a-e100-41de-9508-a027eb7c8f9f INFO  com.vmware.identity.idm.server.IdentityManager] Provider [MOX.LOCAL] successfully set for tenant [vsphere.local]

[2020-02-07T21:16:29.630Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] Vmodl method IdentitySourceManagementService.updateLdapAuthnType return value is null

[2020-02-07T21:16:29.721Z pool-2-thread-5                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdap'

[2020-02-07T21:16:29.736Z pool-2-thread-6                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:29 UTC","description":"Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@74125659 friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false, certificate=[\n[\n  Version: V3\n  Subject: CN=mox-dc1.mox.local\n  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5\n\n  Key:  Sun RSA public key, 2048 bits\n  modulus: 28479401761953262868123033954888581543358638446238984544625367016240244221722002820977672172003348209186920333223848529992521624218204182567991841642014220731975226060662303715390275572119850801398676657396476144612542132102305481767592492573523714514610416457742877488668938800186737159749481721865828564883138030933018949394073543518664105981213626760598454695100480124847217128450713917926926863058635730406901617838368260327308943738640640678501443193516105852715946596187563112552211773788204594022792881625842476655136532606446174196592999832295259526136409163899386479170000444870345197774381377383962458729097\n  public exponent: 65537\n  Validity: [From: Tue May 28 15:38:26 UTC 2019,\n               To: Wed May 27 15:38:26 UTC 2020]\n  Issuer: CN=mox-MOX-DC1-CA, DC=Mox, DC=local\n  SerialNumber: [    30000000 115fa957 1f1e6d7e 6a000000 000011]\n\nCertificate Extensions: 9\n[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false\nExtension unknown: DER encoded OCTET string =\n0000: 04 26 30 24 30 0A 06 08   2B 06 01 05 05 07 03 01  .&0$0...+.......\n0010: 30 0A 06 08 2B 06 01 05   05 08 02 02 30 0A 06 08  0...+.......0...\n0020: 2B 06 01 05 05 07 03 02                            +.......\n\n\n[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false\nExtension unknown: DER encoded OCTET string =\n0000: 04 31 30 2F 06 27 2B 06   01 04 01 82 37 15 08 87  .10/.'+.....7...\n0010: E8 E9 72 82 9D DE 70 81   E9 99 30 87 9E 97 4E 84  ..r...p...0...N.\n0020: EB A4 1C 81 29 85 AF D9   03 84 80 F7 04 02 01 64  ....)..........d\n0030: 02 01 01                                           ...\n\n\n[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false\nAuthorityInfoAccess [\n  [\n   accessMethod: caIssuers\n   accessLocation: URIName: ldap:///CN=mox-MOX-DC1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?cACertificate?base?objectClass=certificationAuthority\n]\n]\n\n[4]: ObjectId: 2.5.29.35 Criticality=false\nAuthorityKeyIdentifier [\nKeyIdentifier [\n0000: BA B0 E4 72 46 D5 00 92   AB 65 7F D2 66 86 E9 AA  ...rF....e..f...\n0010: E3 64 1C E7                                        .d..\n]\n]\n\n[5]: ObjectId: 2.5.29.31 Criticality=false\nCRLDistributionPoints [\n  [DistributionPoint:\n     [URIName: ldap:///CN=mox-MOX-DC1-CA,CN=Mox-DC1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]\n]]\n\n[6]: ObjectId: 2.5.29.37 Criticality=false\nExtendedKeyUsages [\n  serverAuth\n  1.3.6.1.5.5.8.2.2\n  clientAuth\n]\n\n[7]: ObjectId: 2.5.29.15 Criticality=true\nKeyUsage [\n  DigitalSignature\n  Key_Encipherment\n]\n\n[8]: ObjectId: 2.5.29.17 Criticality=false\nSubjectAlternativeName [\n  DNSName: vpn.dhc.bc.ca\n]\n\n[9]: ObjectId: 2.5.29.14 Criticality=false\nSubjectKeyIdentifier [\nKeyIdentifier [\n0000: CD 00 6B FF 65 0E BA 63   70 F7 20 62 84 D6 B9 25  ..k.e..cp. b...%\n0010: 83 67 88 C1                                        .g..\n]\n]\n\n]\n  Algorithm: [SHA1withRSA]\n  Signature:\n0000: 42 52 AF 61 47 6F CD AA   D1 67 FE 20 B0 78 F5 80  BR.aGo...g. .x..\n0010: 7A C5 31 12 E0 4E C2 F4   BD C4 2E 62 91 CB 56 75  z.1..N.....b..Vu\n0020: B7 E9 19 91 2F 25 C5 BA   36 45 3E AD 35 80 6C B9  ..../%..6E>.5.l.\n0030: 44 60 CF DF 82 46 A8 6E   A3 6A E9 3D BC 24 3C D0  D`...F.n.j.=.$<.\n0040: 33 2A 6C 9E 8E DA F4 D5   A0 A8 4F B6 7A 14 10 D0  3*l.......O.z...\n0050: E3 2D 36 14 3C 6B 28 CB   D8 32 EA 5B 65 EA 83 1B  .-6.<k(..2.[e...\n0060: 25 37 5D C6 8C A2 9E 55   E5 2E 6A F1 DA 16 43 51  %7]....U..j...CQ\n0070: B7 A5 C2 8A 5F 61 67 2A   95 97 B4 9E 59 5A 66 6D  ...._ag*....YZfm\n0080: 93 DB FA D1 14 BD 82 00   CE F8 FF B7 17 26 E9 A4  .............&..\n0090: BF 22 EF E1 75 AD F2 3C   1D AE 75 FF C2 10 27 E2  .\"..u..<..u...'.\n00A0: 12 7D D9 1A 9C FA B5 E3   39 7F 05 ED 2E 53 5D 3E  ........9....S]>\n00B0: 58 DB 1E 01 A5 1E 15 4D   33 EF DF D1 A2 14 7C C6  X......M3.......\n00C0: 6F 42 9B ED A8 F4 54 21   DA 29 FA B7 E6 32 7E 58  oB....T!.)...2.X\n00D0: AA 8C A1 77 73 C0 3E BC   37 C8 54 65 B4 8D 74 32  ...ws.>.7.Te..t2\n00E0: B5 FB 4F E9 5A 24 E7 60   98 79 8E F8 7B CF 16 EF  ..O.Z$.`.y......\n00F0: 06 2F 7F BD 34 3B 79 29   B8 03 00 82 A1 99 CD 58  ./..4;y).......X\n\n]'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

[2020-02-07T21:16:29.748Z pool-2-thread-6                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@6cad7bed friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false, certificate=[

[

  Version: V3

  Subject: CN=mox-dc1.mox.local

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits

  modulus: 28479401761953262868123033954888581543358638446238984544625367016240244221722002820977672172003348209186920333223848529992521624218204182567991841642014220731975226060662303715390275572119850801398676657396476144612542132102305481767592492573523714514610416457742877488668938800186737159749481721865828564883138030933018949394073543518664105981213626760598454695100480124847217128450713917926926863058635730406901617838368260327308943738640640678501443193516105852715946596187563112552211773788204594022792881625842476655136532606446174196592999832295259526136409163899386479170000444870345197774381377383962458729097

  public exponent: 65537

  Validity: [From: Tue May 28 15:38:26 UTC 2019,

               To: Wed May 27 15:38:26 UTC 2020]

  Issuer: CN=mox-MOX-DC1-CA, DC=Mox, DC=local

  SerialNumber: [    30000000 115fa957 1f1e6d7e 6a000000 000011]

Certificate Extensions: 9

[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 26 30 24 30 0A 06 08   2B 06 01 05 05 07 03 01  .&0$0...+.......

0010: 30 0A 06 08 2B 06 01 05   05 08 02 02 30 0A 06 08  0...+.......0...

0020: 2B 06 01 05 05 07 03 02                            +.......

[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 31 30 2F 06 27 2B 06   01 04 01 82 37 15 08 87  .10/.'+.....7...

0010: E8 E9 72 82 9D DE 70 81   E9 99 30 87 9E 97 4E 84  ..r...p...0...N.

0020: EB A4 1C 81 29 85 AF D9   03 84 80 F7 04 02 01 64  ....)..........d

0030: 02 01 01                                           ...

[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

  [

   accessMethod: caIssuers

   accessLocation: URIName: ldap:///CN=mox-MOX-DC1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?cACertificate?base?objectClass=certificationAuthority

]

]

[4]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: BA B0 E4 72 46 D5 00 92   AB 65 7F D2 66 86 E9 AA  ...rF....e..f...

0010: E3 64 1C E7                                        .d..

]

]

[5]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

  [DistributionPoint:

     [URIName: ldap:///CN=mox-MOX-DC1-CA,CN=Mox-DC1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]

]]

[6]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

  serverAuth

  1.3.6.1.5.5.8.2.2

  clientAuth

]

[7]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  DigitalSignature

  Key_Encipherment

]

[8]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  DNSName: vpn.dhc.bc.ca

]

[9]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: CD 00 6B FF 65 0E BA 63   70 F7 20 62 84 D6 B9 25  ..k.e..cp. b...%

0010: 83 67 88 C1                                        .g..

]

]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 42 52 AF 61 47 6F CD AA   D1 67 FE 20 B0 78 F5 80  BR.aGo...g. .x..

0010: 7A C5 31 12 E0 4E C2 F4   BD C4 2E 62 91 CB 56 75  z.1..N.....b..Vu

0020: B7 E9 19 91 2F 25 C5 BA   36 45 3E AD 35 80 6C B9  ..../%..6E>.5.l.

0030: 44 60 CF DF 82 46 A8 6E   A3 6A E9 3D BC 24 3C D0  D`...F.n.j.=.$<.

0040: 33 2A 6C 9E 8E DA F4 D5   A0 A8 4F B6 7A 14 10 D0  3*l.......O.z...

0050: E3 2D 36 14 3C 6B 28 CB   D8 32 EA 5B 65 EA 83 1B  .-6.<k(..2.[e...

0060: 25 37 5D C6 8C A2 9E 55   E5 2E 6A F1 DA 16 43 51  %7]....U..j...CQ

0070: B7 A5 C2 8A 5F 61 67 2A   95 97 B4 9E 59 5A 66 6D  ...._ag*....YZfm

0080: 93 DB FA D1 14 BD 82 00   CE F8 FF B7 17 26 E9 A4  .............&..

0090: BF 22 EF E1 75 AD F2 3C   1D AE 75 FF C2 10 27 E2  ."..u..<..u...'.

14 7C C6  X......M3.......

00C0: 6F 42 9B ED A8 F4 54 21   DA 29 FA B7 E6 32 7E 58  oB....T!.)...2.X

00D0: AA 8C A1 77 73 C0 3E BC   37 C8 54 65 B4 8D 74 32  ...ws.>.7.Te..t2

00E0: B5 FB 4F E9 5A 24 E7 60   98 79 8E F8 7B CF 16 EF  ..O.Z$.`.y......

00F0: 06 2F 7F BD 34 3B 79 29   B8 03 00 82 A1 99 CD 58  ./..4;y).......X

]'

[2020-02-07T21:16:29.763Z pool-2-thread-6 vsphere.local        7b357dcc-da99-4ced-b65c-a6383f8e1f2b ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:29.763Z pool-2-thread-6                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

[2020-02-07T21:16:29.856Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.interop.ldap.SslX509EqualityMatchVerificationCallback] Server SSL certificate verification failed for [Subject: CN=Mox-DC1.Mox.local] [SHA1 Fingerprint: 2A:7B:8A:58:C0:E5:AF:46:F4:4C:6F:67:22:15:DA:B3:E5:45:88:B0].: No match found in the trusted certificates store.

[2020-02-07T21:16:29.856Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.interop.ldap.OpenLdapClientLibrary] Server SSL certificate not trusted; bytes: [48, -126, 5, 120, 48, -126, 4, 96, -96, 3, 2, 1, 2, 2, 19, 48, 0, 0, 0, 13, -60, -29, -86, 26, 46, 53, -96, -97, 0, 0, 0, 0, 0, 13, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 5, 5, 0, 48, 69, 49, 21, 48, 19, 6, 10, 9, -110, 38, -119, -109, -14, 44, 100, 1, 25, 22, 5, 108, 111, 99, 97, 108, 49, 19, 48, 17, 6, 10, 9, -110, 38, -119, -109, -14, 44, 100, 1, 25, 22, 3, 77, 111, 120, 49, 23, 48, 21, 6, 3, 85, 4, 3, 19, 14, 109, 111, 120, 45, 77, 79, 88, 45, 68, 67, 49, 45, 67, 65, 48, 30, 23, 13, 49, 57, 48, 53, 50, 56, 49, 52, 50, 49, 48, 48, 90, 23, 13, 50, 48, 48, 53, 50, 55, 49, 52, 50, 49, 48, 48, 90, 48, 28, 49, 26, 48, 24, 6, 3, 85, 4, 3, 19, 17, 77, 111, 120, 45, 68, 67, 49, 46, 77, 111, 120, 46, 108, 111, 99, 97, 108, 48, -126, 1, 34, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -126, 1, 15, 0, 48, -126, 1, 10, 2, -126, 1, 1, 0, -21, 127, 59, -125, -89, -120, 121, 53, 114, -84, -103, -68, 84, 108, 35, -21, -39, -60, -36, -56, 21, -62, 117, -46, -8, 51, 78, -43, -38, -72, 51, 62, 30, 126, 16, 40, -43, -123, -43, -22, 37, 117, -123, 72, 123, 50, -55, -64, 109, -80, 94, -77, 52, -103, 116, 48, 119, 50, 21, 93, -34, -57, -40, -27, 52, -33, -77, 25, -71, -9, -124, 127, 40, 109, 94, -27, 93, 95, 113, -88, 27, 39, -69, 123, -77, -96, -64, -10, -9, -122, 66, 39, -38, 55, -65, -19, 109, -91, 47, 39, 32, -88, 27, 85, -114, -93, 121, 37, 124, 68, 11, -65, -125, 25, 59, -65, -99, 26, 6, 11, -81, 55, -52, -33, 0, -2, -69, 120, -121, -9, 98, 89, 98, 80, 20, -73, -26, -84, 84, -29, -120, 30, 9, -95, 62, -66, 62, 127, -24, 106, -66, -92, 18, 5, -126, -117, 39, -28, 29, -46, 40, -84, -90, -127, 74, -114, -88, -98, 103, 84, 84, -66, -70, 11, -32, -18, -52, -92, 45, 21, -93, -125, 82, -36, -98, 9, 39, 86, -54, -90, -51, -35, -87, 51, -7, -82, -72, 92, 76, -14, 39, -92, 48, -50, 104, 121, -14, 83, -84, -17, -122, 93, -92, -124, 25, 24, 77, 49, -93, -19, 46, -25, -89, 53, 68, -110, 95, -66, 49, 124, 113, -88, -69, 44, -120, 49, -18, -34, 60, 80, 58, -95, 89, 54, 114, -26, 48, -90, 6, 127, 59, 108, -120, 61, 7, 1, 2, 3, 1, 0, 1, -93, -126, 2, -120, 48, -126, 2, -124, 48, 62, 6, 9, 43, 6, 1, 4, 1, -126, 55, 21, 7, 4, 49, 48, 47, 6, 39, 43, 6, 1, 4, 1, -126, 55, 21, 8, -121, -24, -23, 114, -126, -99, -34, 112, -127, -23, -103, 48, -121, -98, -105, 78, -124, -21, -92, 28, -127, 41, -121, -23, -5, 63, -122, -102, -114, 3, 2, 1, 100, 2, 1, 2, 48, 29, 6, 3, 85, 29, 37, 4, 22, 48, 20, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 14, 6, 3, 85, 29, 15, 1, 1, -1, 4, 4, 3, 2, 5, -96, 48, 39, 6, 9, 43, 6, 1, 4, 1, -126, 55, 21, 10, 4, 26, 48, 24, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 15, -46, 29, -82, -78, -90, 124, -55, 25, -69, 78, 27, -103, -46, 32, 29, -64, 22, -13, 109, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, -128, 20, -70, -80, -28, 114, 70, -43, 0, -110, -85, 101, 127, -46, 102, -122, -23, -86, -29, 100, 28, -25, 48, -127, -54, 6, 3, 85, 29, 31, 4, -127, -62, 48, -127, -65, 48, -127, -68, -96, -127, -71, -96, -127, -74, -122, -127, -77, 108, 100, 97, 112, 58, 47, 47, 47, 67, 78, 61, 109, 111, 120, 45, 77, 79, 88, 45, 68, 67, 49, 45, 67, 65,  -127, -66, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, -127, -79, 48, -127, -82, 48, -127, -85, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, -122, -127, -98, 108, 100, 97, 112, 58, 47, 47, 47, 67, 78, 61, 109, 111, 120, 45, 77, 79, 88, 45, 68, 67, 49, 45, 67, 65, 44, 67, 78, 61, 65, 73, 65, 44, 67, 78, 61, 80, 117, 98, 108, 105, 99, 37, 50, 48, 75, 101, 121, 37, 50, 48, 83, 101, 114, 118, 105, 99, 101, 115, 44, 67, 78, 61, 83, 101, 114, 118, 105, 99, 101, 115, 44, 67, 78, 61, 67, 111, 110, 102, 105, 103, 117, 114, 97, 116, 105, 111, 110, 44, 68, 67, 61, 77, 111, 120, 44, 68, 67, 61, 108, 111, 99, 97, 108, 63, 99, 65, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 63, 98, 97, 115, 101, 63, 111, 98, 106, 101, 99, 116, 67, 108, 97, 115, 115, 61, 99, 101, 114, 116, 105, 102, 105, 99, 97, 116, 105, 111, 110, 65, 117, 116, 104, 111, 114, 105, 116, 121, 48, 28, 6, 3, 85, 29, 17, 4, 21, 48, 19, -126, 17, 77, 111, 120, 45, 68, 67, 49, 46, 77, 111, 120, 46, 108, 111, 99, 97, 108, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 5, 5, 0, 3, -126, 1, 1, 0, 96, -1, -116, 60, 71, -101, 20, -79, 55, -55, -52, 110, -15, -92, -116, -113, -80, -116, -35, 19, -121, -28, -73, -81, -98, -67, 51, -119, -36, -35, -121, -62, 27, 82, -101, 12, 94, -12, 57, -99, 71, 19, -29, -41, -12, -56, 43, 2, -98, -36, -30, 25, -101, -106, 62, -49, 38, -58, 115, 53, 23, 18, -122, -63, 17, 121, -123, -59, 99, -109, 103, 97, 75, -105, 62, 126, -111, 99, -115, 14, -37, -83, 85, -11, -125, -41, 13, 67, 66, -75, -18, -42, 85, 69, 21, -51, -55, 34, -127, 52, -3, 39, 34, -56, 104, 60, 80, 65, 71, -101, -106, 113, -78, -105, 53, -107, -107, -79, 100, 118, 121, -10, 30, 55, 1, -41, -25, 115, 82, 60, 44, 63, 94, -37, 21, 13, 89, -126, -61, 1, -97, -31, -128, -117, 30, -119, 16, 15, 22, 50, -53, -118, 29, -99, -22, 98, 90, -16, 16, 6, -114, 103, -60, -61, 5, 94, 94, 62, 74, -25, -115, -32, -105, 68, -37, 98, 121, -68, 112, -53, -20, 45, 26, 85, 125, 94, 52, -36, -71, 8, -71, -114, -23, -120, -77, -102, -32, 117, 93, -3, 68, -80, -8, 39, -12, -51, 16, 1, -31, -36, -7, -116, -21, 12, -11, -11, 82, 123, -1, 40, 82, -81, 103, -15, 81, -114, 38, 50, -57, -76, -95, 84, 11, 109, -75, -85, -70, -124, -26, 127, -31, -99, -122, 25, -98, -124, 113, -28, 33, -86, -57, 113, -75, 56, 108, 97]

[2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 WARN  com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: -1

[2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 WARN  com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldaps://MOX-DC1.MOX.LOCAL:3269, mox\miles]

[2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.idm.server.ServerUtils] cannot establish connection with uri: ldaps://MOX-DC1.MOX.LOCAL:3269

[2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 WARN  com.vmware.identity.idm.server.IdentityManager] Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]

[2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.idm.server.IdentityManager] Failed to set Ldap provider for tenant [vsphere.local]

[2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]'

com.vmware.identity.idm.IDMLoginException: Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]

at com.vmware.identity.idm.server.IdentityManager.probeProviderConnectivity(IdentityManager.java:2866) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:2540) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:9547) [vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.client.CasIdmClient.setProvider(CasIdmClient.java:929) [vmware-identity-idm-client-7.0.0.jar:?]

at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:536) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

Caused by: com.vmware.identity.interop.ldap.ServerDownLdapException: Can't contact LDAP server

at com.vmware.identity.interop.ldap.LdapErrorChecker$44.RaiseLdapError(LdapErrorChecker.java:623) ~[vmware-identity-platform-7.0.0.jar:?]

at com.vmware.identity.interop.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:1090) ~[vmware-identity-platform-7.0.0.jar:?]

at com.vmware.identity.interop.ldap.OpenLdapClientLibrary.CheckError(OpenLdapClientLibrary.java:1248) ~[vmware-identity-platform-7.0.0.jar:?]

at com.vmware.identity.interop.ldap.OpenLdapClientLibrary.ldap_bind_s(OpenLdapClientLibrary.java:717) ~[vmware-identity-platform-7.0.0.jar:?]

at com.vmware.identity.interop.ldap.LdapConnection.bindConnection(LdapConnection.java:130) ~[vmware-identity-platform-7.0.0.jar:?]

at com.vmware.identity.idm.server.ServerUtils.getLdapConnection(ServerUtils.java:390) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.ServerUtils.getLdapConnectionByURIs(ServerUtils.java:259) [vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.provider.BaseLdapProvider.getConnection(BaseLdapProvider.java:436) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.provider.BaseLdapProvider.getConnection(BaseLdapProvider.java:185) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.provider.BaseLdapProvider.probeConnectionSettings(BaseLdapProvider.java:127) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.IdentityManager.probeProviderConnectivity(IdentityManager.java:2855) ~[vmware-identity-idm-server-7.0.0.jar:?]

... 17 more

[2020-02-07T21:16:29.866Z pool-2-thread-6                                                           ERROR com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl] cannot establish connection to null

com.vmware.identity.idm.IDMLoginException: Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]

at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:124) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:9551) ~[vmware-identity-idm-server-7.0.0.jar:?]

at com.vmware.identity.idm.client.CasIdmClient.setProvider(CasIdmClient.java:929) ~[vmware-identity-idm-client-7.0.0.jar:?]

at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:536) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

[2020-02-07T21:16:29.867Z pool-2-thread-6                                                           ERROR com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] null

java.lang.AssertionError: null

at com.vmware.vim.sso.admin.exception.DirectoryServiceConnectionException.<init>(DirectoryServiceConnectionException.java:29) ~[admin-interfaces-7.0.0.jar:?]

at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:540) ~[sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) ~[sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) ~[sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

Reply
0 Kudos
stevenbright
Enthusiast
Enthusiast
Jump to solution

The username does indeed need to be provided in either the principal name format (username@domainname) or as a UPN.

Did you provide the certificate for the CA that signed your domain controller certificates? It looks like the signing CA is mox-MOX-DC1-CA.Mox.local.

I receive the same error "ERROR com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] 'IdentityStore certificates' value should not be empty" when I didn't select an SSL Certificate for the authentication provider. Once I select the CA cert, the error goes away.

milesthomp
Enthusiast
Enthusiast
Jump to solution

Yes I did but I just tried a exporting a different one as I noticed the one I had before was for NPS also as the server has a few self-issued certs.

She's all good now, thanks heaps for taking the time.

Miles

Reply
0 Kudos
stevenbright
Enthusiast
Enthusiast
Jump to solution

I'm glad you were able to get it resolved Miles!

If you don't mind, please mark any responses as helpful or the answer to your question.

Thanks!

Reply
0 Kudos