vCenter

 View Only
  • 1.  Changing ActiveDirectory Identity Source to use LDAPS - error

    Posted Feb 07, 2020 05:30 PM

    Hello,

    I'm in the last step of hardening our domain network to use LDAPS rather than LDAP and the only thing left I need to reconfigure is the vCenter Identity source.

    But, when I change the settings to use LDAPS, I get this error:

    Check the network settings and make sure you have network access to the identity source.

    Where can I look (logs etc) to see why this is failing?

    I've searched high and low but can't find any solution to this and have updated vcenter to latest version (6.7.0.42100)



  • 2.  RE: Changing ActiveDirectory Identity Source to use LDAPS - error

    Posted Feb 07, 2020 05:38 PM

    Check the logs within the folder /var/log/vmware/sso. When attempting to add an authentication source that fails, I see information related to the failure specifically in  /var/log/vmware/sso/vmware-identity-sts-default.log.



  • 3.  RE: Changing ActiveDirectory Identity Source to use LDAPS - error

    Posted Feb 07, 2020 09:34 PM

    Thanks.

    I pulled the log and see here's a chunk of it where it shows changing from ldap to ldaps and changing the AD than for ldap://mox.local to ldaps://MOX-DC1.MOX.LOCAL:3269,

    It doesn't like it. I tried changing my username to distinguished name as I see there's a bunch of UPN errors but it still fails.

    Any ideas?? I can ping the DC from vcenter with no issues and can telnet from my pc to that port on that DC..

    [2020-02-07T21:16:23.354Z pool-2-thread-5                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'ServiceInstance.retrieveServiceContent'

    [2020-02-07T21:16:23.366Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdapAuthnType'

    [2020-02-07T21:16:23.375Z pool-2-thread-5                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:23 UTC","description":"Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

    [2020-02-07T21:16:23.375Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'

    [2020-02-07T21:16:23.385Z pool-2-thread-5 vsphere.local        56222754-62ae-4e93-bcf2-9ae550c28bc0 ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:23.385Z pool-2-thread-5                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:23.657Z pool-2-thread-5 vsphere.local        78cdedd8-9df8-4230-8fa9-60e8901b0735 INFO  com.vmware.identity.idm.server.IdentityManager] Provider [MOX.LOCAL] successfully set for tenant [vsphere.local]

    [2020-02-07T21:16:23.657Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] Vmodl method IdentitySourceManagementService.updateLdapAuthnType return value is null

    [2020-02-07T21:16:23.751Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdap'

    [2020-02-07T21:16:23.753Z pool-2-thread-5                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:23 UTC","description":"Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@3b887329 friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

    [2020-02-07T21:16:23.753Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@58e9ef4e friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false'

    [2020-02-07T21:16:23.773Z pool-2-thread-5 vsphere.local        6c53f85e-f7d5-4ea0-bb37-14c40bd10086 ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:23.774Z pool-2-thread-5                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:23.784Z pool-2-thread-5 vsphere.local        f5d62f07-54f6-4373-bc5b-08fd3ea5867d ERROR com.vmware.identity.idm.ValidateUtil] 'IdentityStore certificates' value should not be empty

    [2020-02-07T21:16:23.784Z pool-2-thread-5 vsphere.local        f5d62f07-54f6-4373-bc5b-08fd3ea5867d ERROR com.vmware.identity.idm.server.IdentityManager] Failed to set Ldap provider for tenant [vsphere.local]

    [2020-02-07T21:16:23.784Z pool-2-thread-5 vsphere.local        f5d62f07-54f6-4373-bc5b-08fd3ea5867d ERROR com.vmware.identity.idm.server.ServerUtils] Exception 'java.lang.IllegalArgumentException: 'IdentityStore certificates' value should not be empty'

    java.lang.IllegalArgumentException: 'IdentityStore certificates' value should not be empty

    at com.vmware.identity.idm.ValidateUtil.logAndThrow(ValidateUtil.java:475) ~[vmware-identity-idm-interface-7.0.0.jar:?]

    at com.vmware.identity.idm.ValidateUtil.validateNotEmpty(ValidateUtil.java:237) ~[vmware-identity-idm-interface-7.0.0.jar:?]

    at com.vmware.identity.idm.server.IdentityManager.probeProviderConnectivity(IdentityManager.java:2841) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:2540) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:9547) [vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.client.CasIdmClient.setProvider(CasIdmClient.java:929) [vmware-identity-idm-client-7.0.0.jar:?]

    at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:536) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

    at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

    at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

    [2020-02-07T21:16:23.784Z pool-2-thread-5                                                           ERROR com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl] 'IdentityStore certificates' value should not be empty

    [2020-02-07T21:16:23.785Z pool-2-thread-5                                                           ERROR com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] 'IdentityStore certificates' value should not be empty

    java.lang.IllegalArgumentException: 'IdentityStore certificates' value should not be empty

    at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:546) ~[sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) ~[sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) ~[sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

    at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

    at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

    [2020-02-07T21:16:29.446Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'ServiceInstance.retrieveServiceContent'

    [2020-02-07T21:16:29.458Z pool-2-thread-6                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdapAuthnType'

    [2020-02-07T21:16:29.464Z pool-2-thread-5                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:29 UTC","description":"Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

    [2020-02-07T21:16:29.465Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating the authentication type of ldap identity source with name 'MOX.LOCAL' to 'password'

    [2020-02-07T21:16:29.477Z pool-2-thread-5 vsphere.local        86b4675d-1aa5-4287-a3e1-aea9dfda1272 ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:29.477Z pool-2-thread-5                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:29.630Z pool-2-thread-5 vsphere.local        5e83383a-e100-41de-9508-a027eb7c8f9f INFO  com.vmware.identity.idm.server.IdentityManager] Provider [MOX.LOCAL] successfully set for tenant [vsphere.local]

    [2020-02-07T21:16:29.630Z pool-2-thread-5                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] Vmodl method IdentitySourceManagementService.updateLdapAuthnType return value is null

    [2020-02-07T21:16:29.721Z pool-2-thread-5                                                           INFO  com.vmware.identity.vlsi.RoleBasedAuthorizer] User {Name: miles, Domain: mox.local} with role 'Administrator' is authorized for method call 'IdentitySourceManagementService.updateLdap'

    [2020-02-07T21:16:29.736Z pool-2-thread-6                                                           INFO  auditlogger] {"user":"miles@mox.local","client":"","timestamp":"02/07/2020 21:16:29 UTC","description":"Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@74125659 friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false, certificate=[\n[\n  Version: V3\n  Subject: CN=mox-dc1.mox.local\n  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5\n\n  Key:  Sun RSA public key, 2048 bits\n  modulus: 28479401761953262868123033954888581543358638446238984544625367016240244221722002820977672172003348209186920333223848529992521624218204182567991841642014220731975226060662303715390275572119850801398676657396476144612542132102305481767592492573523714514610416457742877488668938800186737159749481721865828564883138030933018949394073543518664105981213626760598454695100480124847217128450713917926926863058635730406901617838368260327308943738640640678501443193516105852715946596187563112552211773788204594022792881625842476655136532606446174196592999832295259526136409163899386479170000444870345197774381377383962458729097\n  public exponent: 65537\n  Validity: [From: Tue May 28 15:38:26 UTC 2019,\n               To: Wed May 27 15:38:26 UTC 2020]\n  Issuer: CN=mox-MOX-DC1-CA, DC=Mox, DC=local\n  SerialNumber: [    30000000 115fa957 1f1e6d7e 6a000000 000011]\n\nCertificate Extensions: 9\n[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false\nExtension unknown: DER encoded OCTET string =\n0000: 04 26 30 24 30 0A 06 08   2B 06 01 05 05 07 03 01  .&0$0...+.......\n0010: 30 0A 06 08 2B 06 01 05   05 08 02 02 30 0A 06 08  0...+.......0...\n0020: 2B 06 01 05 05 07 03 02                            +.......\n\n\n[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false\nExtension unknown: DER encoded OCTET string =\n0000: 04 31 30 2F 06 27 2B 06   01 04 01 82 37 15 08 87  .10/.'+.....7...\n0010: E8 E9 72 82 9D DE 70 81   E9 99 30 87 9E 97 4E 84  ..r...p...0...N.\n0020: EB A4 1C 81 29 85 AF D9   03 84 80 F7 04 02 01 64  ....)..........d\n0030: 02 01 01                                           ...\n\n\n[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false\nAuthorityInfoAccess [\n  [\n   accessMethod: caIssuers\n   accessLocation: URIName: ldap:///CN=mox-MOX-DC1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?cACertificate?base?objectClass=certificationAuthority\n]\n]\n\n[4]: ObjectId: 2.5.29.35 Criticality=false\nAuthorityKeyIdentifier [\nKeyIdentifier [\n0000: BA B0 E4 72 46 D5 00 92   AB 65 7F D2 66 86 E9 AA  ...rF....e..f...\n0010: E3 64 1C E7                                        .d..\n]\n]\n\n[5]: ObjectId: 2.5.29.31 Criticality=false\nCRLDistributionPoints [\n  [DistributionPoint:\n     [URIName: ldap:///CN=mox-MOX-DC1-CA,CN=Mox-DC1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]\n]]\n\n[6]: ObjectId: 2.5.29.37 Criticality=false\nExtendedKeyUsages [\n  serverAuth\n  1.3.6.1.5.5.8.2.2\n  clientAuth\n]\n\n[7]: ObjectId: 2.5.29.15 Criticality=true\nKeyUsage [\n  DigitalSignature\n  Key_Encipherment\n]\n\n[8]: ObjectId: 2.5.29.17 Criticality=false\nSubjectAlternativeName [\n  DNSName: vpn.dhc.bc.ca\n]\n\n[9]: ObjectId: 2.5.29.14 Criticality=false\nSubjectKeyIdentifier [\nKeyIdentifier [\n0000: CD 00 6B FF 65 0E BA 63   70 F7 20 62 84 D6 B9 25  ..k.e..cp. b...%\n0010: 83 67 88 C1                                        .g..\n]\n]\n\n]\n  Algorithm: [SHA1withRSA]\n  Signature:\n0000: 42 52 AF 61 47 6F CD AA   D1 67 FE 20 B0 78 F5 80  BR.aGo...g. .x..\n0010: 7A C5 31 12 E0 4E C2 F4   BD C4 2E 62 91 CB 56 75  z.1..N.....b..Vu\n0020: B7 E9 19 91 2F 25 C5 BA   36 45 3E AD 35 80 6C B9  ..../%..6E>.5.l.\n0030: 44 60 CF DF 82 46 A8 6E   A3 6A E9 3D BC 24 3C D0  D`...F.n.j.=.$<.\n0040: 33 2A 6C 9E 8E DA F4 D5   A0 A8 4F B6 7A 14 10 D0  3*l.......O.z...\n0050: E3 2D 36 14 3C 6B 28 CB   D8 32 EA 5B 65 EA 83 1B  .-6.<k(..2.[e...\n0060: 25 37 5D C6 8C A2 9E 55   E5 2E 6A F1 DA 16 43 51  %7]....U..j...CQ\n0070: B7 A5 C2 8A 5F 61 67 2A   95 97 B4 9E 59 5A 66 6D  ...._ag*....YZfm\n0080: 93 DB FA D1 14 BD 82 00   CE F8 FF B7 17 26 E9 A4  .............&..\n0090: BF 22 EF E1 75 AD F2 3C   1D AE 75 FF C2 10 27 E2  .\"..u..<..u...'.\n00A0: 12 7D D9 1A 9C FA B5 E3   39 7F 05 ED 2E 53 5D 3E  ........9....S]>\n00B0: 58 DB 1E 01 A5 1E 15 4D   33 EF DF D1 A2 14 7C C6  X......M3.......\n00C0: 6F 42 9B ED A8 F4 54 21   DA 29 FA B7 E6 32 7E 58  oB....T!.)...2.X\n00D0: AA 8C A1 77 73 C0 3E BC   37 C8 54 65 B4 8D 74 32  ...ws.>.7.Te..t2\n00E0: B5 FB 4F E9 5A 24 E7 60   98 79 8E F8 7B CF 16 EF  ..O.Z$.`.y......\n00F0: 06 2F 7F BD 34 3B 79 29   B8 03 00 82 A1 99 CD 58  ./..4;y).......X\n\n]'","eventSeverity":"INFO","type":"com.vmware.sso.IdentitySourceManagement"}

    [2020-02-07T21:16:29.748Z pool-2-thread-6                                                           INFO  com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] [User {Name: miles, Domain: mox.local} with role 'Administrator'] Updating ldap identity source 'MOX.LOCAL' details to 'com.vmware.vim.sso.admin.LdapIdentitySourceDetails@6cad7bed friendlyName=MOX, userBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, groupBaseDn=OU=Users,OU=MoxOU,DC=Mox,DC=local, primaryUrl=ldaps://MOX-DC1.MOX.LOCAL:3269, failoverUrl=null, searchTimeoutSeconds=0, isSiteAffinityEnabled=false, certificate=[

    [

      Version: V3

      Subject: CN=mox-dc1.mox.local

      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

      Key:  Sun RSA public key, 2048 bits

      modulus: 28479401761953262868123033954888581543358638446238984544625367016240244221722002820977672172003348209186920333223848529992521624218204182567991841642014220731975226060662303715390275572119850801398676657396476144612542132102305481767592492573523714514610416457742877488668938800186737159749481721865828564883138030933018949394073543518664105981213626760598454695100480124847217128450713917926926863058635730406901617838368260327308943738640640678501443193516105852715946596187563112552211773788204594022792881625842476655136532606446174196592999832295259526136409163899386479170000444870345197774381377383962458729097

      public exponent: 65537

      Validity: [From: Tue May 28 15:38:26 UTC 2019,

                   To: Wed May 27 15:38:26 UTC 2020]

      Issuer: CN=mox-MOX-DC1-CA, DC=Mox, DC=local

      SerialNumber: [    30000000 115fa957 1f1e6d7e 6a000000 000011]

    Certificate Extensions: 9

    [1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false

    Extension unknown: DER encoded OCTET string =

    0000: 04 26 30 24 30 0A 06 08   2B 06 01 05 05 07 03 01  .&0$0...+.......

    0010: 30 0A 06 08 2B 06 01 05   05 08 02 02 30 0A 06 08  0...+.......0...

    0020: 2B 06 01 05 05 07 03 02                            +.......

    [2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false

    Extension unknown: DER encoded OCTET string =

    0000: 04 31 30 2F 06 27 2B 06   01 04 01 82 37 15 08 87  .10/.'+.....7...

    0010: E8 E9 72 82 9D DE 70 81   E9 99 30 87 9E 97 4E 84  ..r...p...0...N.

    0020: EB A4 1C 81 29 85 AF D9   03 84 80 F7 04 02 01 64  ....)..........d

    0030: 02 01 01                                           ...

    [3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

    AuthorityInfoAccess [

      [

       accessMethod: caIssuers

       accessLocation: URIName: ldap:///CN=mox-MOX-DC1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?cACertificate?base?objectClass=certificationAuthority

    ]

    ]

    [4]: ObjectId: 2.5.29.35 Criticality=false

    AuthorityKeyIdentifier [

    KeyIdentifier [

    0000: BA B0 E4 72 46 D5 00 92   AB 65 7F D2 66 86 E9 AA  ...rF....e..f...

    0010: E3 64 1C E7                                        .d..

    ]

    ]

    [5]: ObjectId: 2.5.29.31 Criticality=false

    CRLDistributionPoints [

      [DistributionPoint:

         [URIName: ldap:///CN=mox-MOX-DC1-CA,CN=Mox-DC1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=Mox,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint]

    ]]

    [6]: ObjectId: 2.5.29.37 Criticality=false

    ExtendedKeyUsages [

      serverAuth

      1.3.6.1.5.5.8.2.2

      clientAuth

    ]

    [7]: ObjectId: 2.5.29.15 Criticality=true

    KeyUsage [

      DigitalSignature

      Key_Encipherment

    ]

    [8]: ObjectId: 2.5.29.17 Criticality=false

    SubjectAlternativeName [

      DNSName: vpn.dhc.bc.ca

    ]

    [9]: ObjectId: 2.5.29.14 Criticality=false

    SubjectKeyIdentifier [

    KeyIdentifier [

    0000: CD 00 6B FF 65 0E BA 63   70 F7 20 62 84 D6 B9 25  ..k.e..cp. b...%

    0010: 83 67 88 C1                                        .g..

    ]

    ]

    ]

      Algorithm: [SHA1withRSA]

      Signature:

    0000: 42 52 AF 61 47 6F CD AA   D1 67 FE 20 B0 78 F5 80  BR.aGo...g. .x..

    0010: 7A C5 31 12 E0 4E C2 F4   BD C4 2E 62 91 CB 56 75  z.1..N.....b..Vu

    0020: B7 E9 19 91 2F 25 C5 BA   36 45 3E AD 35 80 6C B9  ..../%..6E>.5.l.

    0030: 44 60 CF DF 82 46 A8 6E   A3 6A E9 3D BC 24 3C D0  D`...F.n.j.=.$<.

    0040: 33 2A 6C 9E 8E DA F4 D5   A0 A8 4F B6 7A 14 10 D0  3*l.......O.z...

    0050: E3 2D 36 14 3C 6B 28 CB   D8 32 EA 5B 65 EA 83 1B  .-6.<k(..2.[e...

    0060: 25 37 5D C6 8C A2 9E 55   E5 2E 6A F1 DA 16 43 51  %7]....U..j...CQ

    0070: B7 A5 C2 8A 5F 61 67 2A   95 97 B4 9E 59 5A 66 6D  ...._ag*....YZfm

    0080: 93 DB FA D1 14 BD 82 00   CE F8 FF B7 17 26 E9 A4  .............&..

    0090: BF 22 EF E1 75 AD F2 3C   1D AE 75 FF C2 10 27 E2  ."..u..<..u...'.

    14 7C C6  X......M3.......

    00C0: 6F 42 9B ED A8 F4 54 21   DA 29 FA B7 E6 32 7E 58  oB....T!.)...2.X

    00D0: AA 8C A1 77 73 C0 3E BC   37 C8 54 65 B4 8D 74 32  ...ws.>.7.Te..t2

    00E0: B5 FB 4F E9 5A 24 E7 60   98 79 8E F8 7B CF 16 EF  ..O.Z$.`.y......

    00F0: 06 2F 7F BD 34 3B 79 29   B8 03 00 82 A1 99 CD 58  ./..4;y).......X

    ]'

    [2020-02-07T21:16:29.763Z pool-2-thread-6 vsphere.local        7b357dcc-da99-4ced-b65c-a6383f8e1f2b ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:29.763Z pool-2-thread-6                                                           ERROR com.vmware.identity.idm.ValidateUtil] userName in UPN format=[mox\miles] is invalid: not a valid UPN format

    [2020-02-07T21:16:29.856Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.interop.ldap.SslX509EqualityMatchVerificationCallback] Server SSL certificate verification failed for [Subject: CN=Mox-DC1.Mox.local] [SHA1 Fingerprint: 2A:7B:8A:58:C0:E5:AF:46:F4:4C:6F:67:22:15:DA:B3:E5:45:88:B0].: No match found in the trusted certificates store.

    [2020-02-07T21:16:29.856Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.interop.ldap.OpenLdapClientLibrary] Server SSL certificate not trusted; bytes: [48, -126, 5, 120, 48, -126, 4, 96, -96, 3, 2, 1, 2, 2, 19, 48, 0, 0, 0, 13, -60, -29, -86, 26, 46, 53, -96, -97, 0, 0, 0, 0, 0, 13, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 5, 5, 0, 48, 69, 49, 21, 48, 19, 6, 10, 9, -110, 38, -119, -109, -14, 44, 100, 1, 25, 22, 5, 108, 111, 99, 97, 108, 49, 19, 48, 17, 6, 10, 9, -110, 38, -119, -109, -14, 44, 100, 1, 25, 22, 3, 77, 111, 120, 49, 23, 48, 21, 6, 3, 85, 4, 3, 19, 14, 109, 111, 120, 45, 77, 79, 88, 45, 68, 67, 49, 45, 67, 65, 48, 30, 23, 13, 49, 57, 48, 53, 50, 56, 49, 52, 50, 49, 48, 48, 90, 23, 13, 50, 48, 48, 53, 50, 55, 49, 52, 50, 49, 48, 48, 90, 48, 28, 49, 26, 48, 24, 6, 3, 85, 4, 3, 19, 17, 77, 111, 120, 45, 68, 67, 49, 46, 77, 111, 120, 46, 108, 111, 99, 97, 108, 48, -126, 1, 34, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -126, 1, 15, 0, 48, -126, 1, 10, 2, -126, 1, 1, 0, -21, 127, 59, -125, -89, -120, 121, 53, 114, -84, -103, -68, 84, 108, 35, -21, -39, -60, -36, -56, 21, -62, 117, -46, -8, 51, 78, -43, -38, -72, 51, 62, 30, 126, 16, 40, -43, -123, -43, -22, 37, 117, -123, 72, 123, 50, -55, -64, 109, -80, 94, -77, 52, -103, 116, 48, 119, 50, 21, 93, -34, -57, -40, -27, 52, -33, -77, 25, -71, -9, -124, 127, 40, 109, 94, -27, 93, 95, 113, -88, 27, 39, -69, 123, -77, -96, -64, -10, -9, -122, 66, 39, -38, 55, -65, -19, 109, -91, 47, 39, 32, -88, 27, 85, -114, -93, 121, 37, 124, 68, 11, -65, -125, 25, 59, -65, -99, 26, 6, 11, -81, 55, -52, -33, 0, -2, -69, 120, -121, -9, 98, 89, 98, 80, 20, -73, -26, -84, 84, -29, -120, 30, 9, -95, 62, -66, 62, 127, -24, 106, -66, -92, 18, 5, -126, -117, 39, -28, 29, -46, 40, -84, -90, -127, 74, -114, -88, -98, 103, 84, 84, -66, -70, 11, -32, -18, -52, -92, 45, 21, -93, -125, 82, -36, -98, 9, 39, 86, -54, -90, -51, -35, -87, 51, -7, -82, -72, 92, 76, -14, 39, -92, 48, -50, 104, 121, -14, 83, -84, -17, -122, 93, -92, -124, 25, 24, 77, 49, -93, -19, 46, -25, -89, 53, 68, -110, 95, -66, 49, 124, 113, -88, -69, 44, -120, 49, -18, -34, 60, 80, 58, -95, 89, 54, 114, -26, 48, -90, 6, 127, 59, 108, -120, 61, 7, 1, 2, 3, 1, 0, 1, -93, -126, 2, -120, 48, -126, 2, -124, 48, 62, 6, 9, 43, 6, 1, 4, 1, -126, 55, 21, 7, 4, 49, 48, 47, 6, 39, 43, 6, 1, 4, 1, -126, 55, 21, 8, -121, -24, -23, 114, -126, -99, -34, 112, -127, -23, -103, 48, -121, -98, -105, 78, -124, -21, -92, 28, -127, 41, -121, -23, -5, 63, -122, -102, -114, 3, 2, 1, 100, 2, 1, 2, 48, 29, 6, 3, 85, 29, 37, 4, 22, 48, 20, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 14, 6, 3, 85, 29, 15, 1, 1, -1, 4, 4, 3, 2, 5, -96, 48, 39, 6, 9, 43, 6, 1, 4, 1, -126, 55, 21, 10, 4, 26, 48, 24, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 1, 48, 10, 6, 8, 43, 6, 1, 5, 5, 7, 3, 2, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 15, -46, 29, -82, -78, -90, 124, -55, 25, -69, 78, 27, -103, -46, 32, 29, -64, 22, -13, 109, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, -128, 20, -70, -80, -28, 114, 70, -43, 0, -110, -85, 101, 127, -46, 102, -122, -23, -86, -29, 100, 28, -25, 48, -127, -54, 6, 3, 85, 29, 31, 4, -127, -62, 48, -127, -65, 48, -127, -68, -96, -127, -71, -96, -127, -74, -122, -127, -77, 108, 100, 97, 112, 58, 47, 47, 47, 67, 78, 61, 109, 111, 120, 45, 77, 79, 88, 45, 68, 67, 49, 45, 67, 65,  -127, -66, 6, 8, 43, 6, 1, 5, 5, 7, 1, 1, 4, -127, -79, 48, -127, -82, 48, -127, -85, 6, 8, 43, 6, 1, 5, 5, 7, 48, 2, -122, -127, -98, 108, 100, 97, 112, 58, 47, 47, 47, 67, 78, 61, 109, 111, 120, 45, 77, 79, 88, 45, 68, 67, 49, 45, 67, 65, 44, 67, 78, 61, 65, 73, 65, 44, 67, 78, 61, 80, 117, 98, 108, 105, 99, 37, 50, 48, 75, 101, 121, 37, 50, 48, 83, 101, 114, 118, 105, 99, 101, 115, 44, 67, 78, 61, 83, 101, 114, 118, 105, 99, 101, 115, 44, 67, 78, 61, 67, 111, 110, 102, 105, 103, 117, 114, 97, 116, 105, 111, 110, 44, 68, 67, 61, 77, 111, 120, 44, 68, 67, 61, 108, 111, 99, 97, 108, 63, 99, 65, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 63, 98, 97, 115, 101, 63, 111, 98, 106, 101, 99, 116, 67, 108, 97, 115, 115, 61, 99, 101, 114, 116, 105, 102, 105, 99, 97, 116, 105, 111, 110, 65, 117, 116, 104, 111, 114, 105, 116, 121, 48, 28, 6, 3, 85, 29, 17, 4, 21, 48, 19, -126, 17, 77, 111, 120, 45, 68, 67, 49, 46, 77, 111, 120, 46, 108, 111, 99, 97, 108, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 5, 5, 0, 3, -126, 1, 1, 0, 96, -1, -116, 60, 71, -101, 20, -79, 55, -55, -52, 110, -15, -92, -116, -113, -80, -116, -35, 19, -121, -28, -73, -81, -98, -67, 51, -119, -36, -35, -121, -62, 27, 82, -101, 12, 94, -12, 57, -99, 71, 19, -29, -41, -12, -56, 43, 2, -98, -36, -30, 25, -101, -106, 62, -49, 38, -58, 115, 53, 23, 18, -122, -63, 17, 121, -123, -59, 99, -109, 103, 97, 75, -105, 62, 126, -111, 99, -115, 14, -37, -83, 85, -11, -125, -41, 13, 67, 66, -75, -18, -42, 85, 69, 21, -51, -55, 34, -127, 52, -3, 39, 34, -56, 104, 60, 80, 65, 71, -101, -106, 113, -78, -105, 53, -107, -107, -79, 100, 118, 121, -10, 30, 55, 1, -41, -25, 115, 82, 60, 44, 63, 94, -37, 21, 13, 89, -126, -61, 1, -97, -31, -128, -117, 30, -119, 16, 15, 22, 50, -53, -118, 29, -99, -22, 98, 90, -16, 16, 6, -114, 103, -60, -61, 5, 94, 94, 62, 74, -25, -115, -32, -105, 68, -37, 98, 121, -68, 112, -53, -20, 45, 26, 85, 125, 94, 52, -36, -71, 8, -71, -114, -23, -120, -77, -102, -32, 117, 93, -3, 68, -80, -8, 39, -12, -51, 16, 1, -31, -36, -7, -116, -21, 12, -11, -11, 82, 123, -1, 40, 82, -81, 103, -15, 81, -114, 38, 50, -57, -76, -95, 84, 11, 109, -75, -85, -70, -124, -26, 127, -31, -99, -122, 25, -98, -124, 113, -28, 33, -86, -57, 113, -75, 56, 108, 97]

    [2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 WARN  com.vmware.identity.interop.ldap.LdapErrorChecker] Error received by LDAP client: com.vmware.identity.interop.ldap.OpenLdapClientLibrary, error code: -1

    [2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 WARN  com.vmware.identity.idm.server.ServerUtils] cannot bind connection: [ldaps://MOX-DC1.MOX.LOCAL:3269, mox\miles]

    [2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.idm.server.ServerUtils] cannot establish connection with uri: ldaps://MOX-DC1.MOX.LOCAL:3269

    [2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 WARN  com.vmware.identity.idm.server.IdentityManager] Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]

    [2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.idm.server.IdentityManager] Failed to set Ldap provider for tenant [vsphere.local]

    [2020-02-07T21:16:29.865Z pool-2-thread-6 vsphere.local        bfc3fabc-5e5e-406f-9680-f85f52111fc8 ERROR com.vmware.identity.idm.server.ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]'

    com.vmware.identity.idm.IDMLoginException: Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]

    at com.vmware.identity.idm.server.IdentityManager.probeProviderConnectivity(IdentityManager.java:2866) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:2540) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:9547) [vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.client.CasIdmClient.setProvider(CasIdmClient.java:929) [vmware-identity-idm-client-7.0.0.jar:?]

    at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:536) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

    at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

    at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

    Caused by: com.vmware.identity.interop.ldap.ServerDownLdapException: Can't contact LDAP server

    at com.vmware.identity.interop.ldap.LdapErrorChecker$44.RaiseLdapError(LdapErrorChecker.java:623) ~[vmware-identity-platform-7.0.0.jar:?]

    at com.vmware.identity.interop.ldap.LdapErrorChecker.CheckError(LdapErrorChecker.java:1090) ~[vmware-identity-platform-7.0.0.jar:?]

    at com.vmware.identity.interop.ldap.OpenLdapClientLibrary.CheckError(OpenLdapClientLibrary.java:1248) ~[vmware-identity-platform-7.0.0.jar:?]

    at com.vmware.identity.interop.ldap.OpenLdapClientLibrary.ldap_bind_s(OpenLdapClientLibrary.java:717) ~[vmware-identity-platform-7.0.0.jar:?]

    at com.vmware.identity.interop.ldap.LdapConnection.bindConnection(LdapConnection.java:130) ~[vmware-identity-platform-7.0.0.jar:?]

    at com.vmware.identity.idm.server.ServerUtils.getLdapConnection(ServerUtils.java:390) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.ServerUtils.getLdapConnectionByURIs(ServerUtils.java:259) [vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.provider.BaseLdapProvider.getConnection(BaseLdapProvider.java:436) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.provider.BaseLdapProvider.getConnection(BaseLdapProvider.java:185) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.provider.BaseLdapProvider.probeConnectionSettings(BaseLdapProvider.java:127) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.IdentityManager.probeProviderConnectivity(IdentityManager.java:2855) ~[vmware-identity-idm-server-7.0.0.jar:?]

    ... 17 more

    [2020-02-07T21:16:29.866Z pool-2-thread-6                                                           ERROR com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl] cannot establish connection to null

    com.vmware.identity.idm.IDMLoginException: Failed to probe provider connectivity [URI: ldaps://MOX-DC1.MOX.LOCAL:3269 ]; tenantName [vsphere.local], userName [mox\miles]

    at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:124) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.server.IdentityManager.setProvider(IdentityManager.java:9551) ~[vmware-identity-idm-server-7.0.0.jar:?]

    at com.vmware.identity.idm.client.CasIdmClient.setProvider(CasIdmClient.java:929) ~[vmware-identity-idm-client-7.0.0.jar:?]

    at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:536) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

    at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

    at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]

    [2020-02-07T21:16:29.867Z pool-2-thread-6                                                           ERROR com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] null

    java.lang.AssertionError: null

    at com.vmware.vim.sso.admin.exception.DirectoryServiceConnectionException.<init>(DirectoryServiceConnectionException.java:29) ~[admin-interfaces-7.0.0.jar:?]

    at com.vmware.identity.admin.server.ims.impl.IdentitySourceManagementImpl.updateLdap(IdentitySourceManagementImpl.java:540) ~[sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:269) ~[sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl$7.call(IdentitySourceManagementServiceImpl.java:253) ~[sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:186) [sso-adminserver-7.0.0.jar:?]

    at com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl.updateLdap(IdentitySourceManagementServiceImpl.java:253) [sso-adminserver-7.0.0.jar:?]

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_221]

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_221]

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_221]

    at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_221]

    at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server-7.0.0.jar:?]

    at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server-7.0.0.jar:?]

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_221]

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_221]

    at java.lang.Thread.run(Thread.java:748) [?:1.8.0_221]



  • 4.  RE: Changing ActiveDirectory Identity Source to use LDAPS - error
    Best Answer

    Posted Feb 07, 2020 09:58 PM

    The username does indeed need to be provided in either the principal name format (username@domainname) or as a UPN.

    Did you provide the certificate for the CA that signed your domain controller certificates? It looks like the signing CA is mox-MOX-DC1-CA.Mox.local.

    I receive the same error "ERROR com.vmware.identity.admin.vlsi.IdentitySourceManagementServiceImpl] 'IdentityStore certificates' value should not be empty" when I didn't select an SSL Certificate for the authentication provider. Once I select the CA cert, the error goes away.



  • 5.  RE: Changing ActiveDirectory Identity Source to use LDAPS - error

    Posted Feb 07, 2020 11:15 PM

    Yes I did but I just tried a exporting a different one as I noticed the one I had before was for NPS also as the server has a few self-issued certs.

    She's all good now, thanks heaps for taking the time.

    Miles



  • 6.  RE: Changing ActiveDirectory Identity Source to use LDAPS - error

    Posted Feb 07, 2020 11:39 PM

    I'm glad you were able to get it resolved Miles!

    If you don't mind, please mark any responses as helpful or the answer to your question.

    Thanks!



  • 7.  RE: Changing ActiveDirectory Identity Source to use LDAPS - error

    Broadcom Employee
    Posted Feb 07, 2020 06:10 PM

    Moderator: Moved to vCenter Server