Horizon and VMware Identity Manager Sync Issue

In the VMware Identity Manager Admin Console, In the Horizon View On-Premises settings page, one might stumble across an issue when attempting to federate VMware Identity Manager with Horizon. One will get a very uncharacteristic error message. UNABLE TO AUTHENTICATE TO HORIZON CONNECTION SERVER ……

Unfortunately, the error message is misleading and if one is experiencing this for the first time one might try to change the password assuming there was a typo. After re-typing the password and selecting SAVE, the error message reappears, which leads to great frustration.

On the VMware Identity Manager 3.2 release, there were two errors in the same scenario with a similar message. Now with VMware identity Manager 3.3 we see the above message.

This is a known issue that Product Engineering is working on and is aware of.

The cause of this error is if we select the Perform Directory Sync checkbox either by editing the existing setup or creating the sync settings from scratch the sync settings will fail when one selects Save


VMware’s  documentation explains what the Perform Directory Sync checkbox is supposed to do when it is enabled

“Select the     Perform Directory Sync check box if you want directory sync to be performed as part of View sync when any users and groups that are entitled to View pools in the View Connection Server instances are missing in the     VMware Identity Manager directory.”

At present, it is not possible to use the Perform Directory Sync feature in the Horizon View On-Premises settings page. If there are missing groups or users with associated entitlements and we will perform a directory sync using the Directory settings console in VMware Identity Manager.

The best practice on the Horizon Sync settings page is to leave Perform Directory Sync unchecked until Product Engineering resolves this issue.

We will also update this article once the issue is resolved…..

Reinhart Nel on LinkedinReinhart Nel on Twitter
Reinhart Nel

Leave a Reply

%d bloggers like this: