I need to fix some old vRA that was not in use for ages . I mange to recreate certs on both vRA and VMware Identity appliance and login to vRA with default SSO acc. (administrator@vsphere.local). I can see tenant and associated identity store but AD authentication is not working.
vmware-sts-idmd.log log on VMware Identity appliance indicates LDAP connection issues
[2019-10-23 14:02:38,895 vsphere.local 1f78ba5b-6a76-4abc-bdb1-29c9aeea1fab ERROR] [IdentityManager] Failed to authenticate principal [XXX@XXXX.LOCAL]. Login failed
javax.security.auth.login.LoginException: Login failed
at com.vmware.identity.idm.server.provider.ldap.LdapWithAdMappingsProvider.authenticate(LdapWithAdMappingsProvider.java:411)
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:2423)
at com.vmware.identity.idm.server.IdentityManager.authenticate(IdentityManager.java:8170)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322)
at sun.rmi.transport.Transport$2.run(Transport.java:202)
at sun.rmi.transport.Transport$2.run(Transport.java:199)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:198)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:567)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:828)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.access$400(TCPTransport.java:619)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:684)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(TCPTransport.java:681)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:681)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.vmware.identity.interop.ldap.ServerDownLdapException: Can't contact LDAP server
LDAP error [code: -1]
When I try to test Identity data store I get message "No permissions to test the connection to identity store." Looks like default SSO admin (administrator@vsphere.local) lost permissions?
[2019-10-23 12:03:51,903 vsphere.local 4b457ae9-d688-445a-af96-d918100e8225 INFO ] [VMwareDirectoryProvider] Cannot find solution user [administrator@vsphere.local@vsphere.local] in [CN=ServicePrincipals,DC=vsphere,DC=local]