OPERATIONAL DEFECT DATABASE
...
...
If you see the following error in the connector.log "Could not pull the required object fro= Identity Manager. Got failed response from connector..[response-sun.secur=ty.validator.ValidatorException: PKIX path validation failed: java.securit=.cert.CertPathValidatorException: timestamp check failed][responseCo=e-503]" Or "2018-01-17T13:51:08,225 ERROR (pool-5-thread-2) [;;;] com.vmware.horizon.connector.management.utils.ConnectorCommunicationUtils - Unable to execute local REST API: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found." This indicates the certificate has expired. What are the steps to renew the certificate on the IDM connector?
Go to vIDM environment Login with System Domain credential.Navigate to Identity & Access ManagementSelect Set up on the right hand sideUnder connectors > under Hostname > copy the hostnameOpen a new browser and enter https://hostname:8443If your hostname is not externally available then you can go to the connector server and open browser and type https://localhost:8443Once the url is accessible you will see VMware Identity Manager Portal Administrative Services Links pageClick three dots on the chrome browser > More tools > Developer tool (alternatively you can press F12 on your keyboard)Navigate to Security Tab > View CertificateCheck Issued By. If the certificate is VMware issued certificate for Windows based connector server perform the following Navigate to folder Installed_Drive:\VMware\IDMConnector\usr\local\horizon\scriptsClick on File on top of the FolderSelect Open Command Prompt as administratorAlternatively you can hold shift key+right click on the folder (make sure you have not selected any file) > Open Command Prompt here [Sometimes this process does not open command prompt as administrator]Once the command prompt is opened as an Administrator run the command "createCertificate.bat -force -install"Restart the server If the certificate is VMware issued certificate for Linux based connector server perform the following Open the linux box as rootNavigate to folder VMware\IDMConnector\usr\local\horizon\scriptsOnce you are in the correct folder run the command "createCertificate.bat -force -installRestart the server If the certificate is Third Party or Self Signed certificate. Go to vIDM environment Login with System Domain credential.Navigate to Identity & Access ManagementSelect Set up on the right hand sideUnder connectors > under Hostname > copy the hostnameOpen a new browser and enter https://hostname:8443If your hostname is not externally available then you can go to the connector server and open browser and type https://localhost:8443Once the url is accessible you will see VMware Identity Manager Portal Administrative Services Links pageSelect Appliance ConfiguratorYou will be prompted for password > Enter the admin password created when the installer was ran.Once inside select Install SSL Certificate tabPlace the certificate in the following order Server+Intermediate+Root (it is okay if intermediate is not present but root and server needs to be there) in pem formatPlace the DECRYPTED private key in pem format in the second box.If there are any load balancer and it has a certificate then they needed to be loaded at Trusted CAsFor windows based server you will need to run the restart the server after 5 mins manuallyFor linux based server the server should restart automatically but if it doesn't then restart it manually.Alternatively one can also run "horizonService.bat restart" command. This is obtained under Installed_Drive:\VMware\IDMConnector\usr\local\horizon\scripts. (same fundamental of running the command prompt in administrative mode is required in windows and in linux you can just simply run the command after navigating to the folder)Enter the Root or Root+Intermediate certificate in Pem formatFor windows based server you will need to run the restart the server after 5 mins manuallyFor linux based server the server should restart automatically but if it doesn't then restart it manually.Alternatively one can also run "horizonService.bat restart" command. This is obtained under Installed_Drive:\VMware\IDMConnector\usr\local\horizon\scripts. (same fundamental of running the command prompt in administrative mode is required in windows and in linux you can just simply run the command after navigating to the folder.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
