I have recently come across an issue in our vRA 7.3.1 environment where the AD sync started failing all of a sudden.
The error message looks as in the screenshot below:
This error basically means that vRA is not able to communicate with the Active Directory (Lets say my Domain is dallas.com and my vRA appliance hostname is dc1-vcf-vra-01.dallas.com) to update the AD groups and Users for authentication.
The error also means that the vRA is complaining that the connector hostname (in this case it is dc1-vcf-vra-01) doesn’t match the Common Name (CN) in the certificate which is the FQDN (dc1-vcf-vra-01.dallas.com).
Opened a ticket with VMware support and here are the troubleshooting steps recommended so far by them:
1. /usr/java/jre-vmware/bin/keytool -v -list -keystore /opt/vmware/horizon/workspace/conf/tcserver.keystore Check the The Common Name in the self signed cert. It will be set to node hostname. 2. mkdir /root/tmp-bkp 3. mv /usr/local/horizon/conf/flags/fips* /root/tmp-bkp ( No file named fips or starting with fips in the flags directory as FIPS is not enabled in our environment) 4. /usr/local/horizon/scripts/secure/wizardssl.hzn Install Self Signed Cert and update the keystore 5. mv /root/tmp-bkp/fips* /usr/local/horizon/conf/flags (had to skip it as I was not able to execute the above fips* command) 6. service horizon-workspace restart
Will update this post with more steps once VMware support comes back to resolve this issue.