We have installed identity manager 2.4.1

I have configured my load balancer with the correct settings and SSL cert (it is a wildcard cert that works on our other existing Workspace 1.5 deployment so i know there are no certificate issues)

I have also added the identity manager root CA cert to the load balancer trust list

I tried uploading the load balancer root CA (tried both root and intermediate CA) to the new identity manager appliance "terminate SSL on a load balancer" tab and it wouldn't accept them. I also tried just changing the identity manager URL but it gave me the error "error validating identity manager url"

I have attached the log bundle if that helps. Unsure where to go next. The only error i could find in the logs was that the root CA cert already exists in the appliance trust store.

I am implementing VMware Identity manager and using it with RDS Apps.

Is there a where to get the local C drive on user computer to show up when saving or uploading items to the RDS App?

I do not want the users to be able to save to the RDS Host(Terminal Server) but be able to pull items from their local drive to upload or save to?

Thanks for all your help.

Started VMware workstation 12 and I have missing toolbar file edit view etc all are missing

Any advise maybe

also while trying to boot into my Linux I have a micro screen which I literally need my wife's glasses to view..........

This is why I am searching for my view tab as I hope to change the resolution and maybe expand it.... as the utility tab doesn't work in workstation for some reason....

Hi All,

I am running up a PoC with Horizon View and IDM.  We have had View running for some time now but only just started to play with IDM to test it capabilities.

We typically have our RDSH and View permissions granted by AD group membership.

I am having some trouble whereby in IDM I have it synchronizing the selected AD groups, and also the View pools but membership entitlements are not showing.

Only one of my AD groups is showing entitlements to it but no other is.

I've moved some of the pools into the root access group in View but that has not made any difference either.

Any idea on what could be stopping the groups to be entitled to the View and RDSH pools? Anything that I should be looking out for?

Thanks

My host is running on Win7 Pro and when I open VMWare 12 workstation it tells me that it cannot connect to Suny Sony Visulisatrion Camera driver - does anyone have any idae what I might do to get round this? I don't have anything on the host called Suny Sony Camer.

tHANKS FOR ANY HELP FORTHCOMING

Hi All,

     I'm doing a federation from another portal into IM. The user can log into the portal fine and sees all the resources they have access too. When they try to launch either a desktop or an RDSH application They now get prompted to re-enter their password them I'm getting the error "error encounters while authenticating". All of this was working fine. We recently upgraded to Horizon 6.2 and am on idm 2.4.

Having an issue configuring the CLIENT ACCESS URL HOST value to use the Connection Server VIP URL on the Internal Network Range. I can set the CLIENT ACCESS URL HOST value to the same value I use in the Connection Server value in the Horizon Client, but I get an error after launching a Horizon RDS App or View Desktop, "Error encountered while authenticating". I have to use a single Connection Server FQDN for internal access, but overtime that will overload that Connection Server. I have configured the External Network Range to the external facing Security/Connection Server VIP URL, and have no connection issues.

Anyone else seeing this issue?

Создал thinapp добавил репозиторий на connection server horizon view, добавил к пулу - все ок. Thinapp подхватывается к виртуалкам.

Прописал путь на vmware workspace 1.5, синхронизировал. Не появляются приложения. Уже третий день воюю.

В чем причина, может есть советы какие?

Буду признателен за помощь!

Hi, hope someone out there can help...

Se are in the process of setting up Identity Manager - so far integration with View Horizon all good - not difficult at all.. Now we need to get SAML authentication working to our back-end SharePoint 2013...

We have configured the custom Identity Provider in SharePoint - imported the Identity Manager SAML Certificate etc... This has given us the _trust virtual directory for the SAML Claim to be sent to..and is used on the SharePoint WebApp:-

The Provider configuration is (note this is a PoC so not bothered to blur certain fields):-

We have configured the Identity Manager App as follows:-

The problem is that each time we try to access the SP site we get:-

We are trying to bring together the experience we have with ADFS, and transpose it over to Identity Manager, but not having much luck... Any pointers/help would be great..

Thanks in advance.

Phil

Hi to Everyone,

I am trying to enable SSO to the Airwatch Self Service Portal via VMware IDM. Been following that whitepaper https://www.vmware.com/pdf/vidm-airwatchapps-saml.pdf

When I try to access the SSP via the IDM page I get SAML authentication has timed out; please try your request again.

I can successfully SSO to the IDM page and all seems fine.

As anyone been able to implement this ?

I opened up an SR with Airwatch for this but the answer was hum how can I say this... They can't help me they are not trained on this ... funny.

Cheers

Seb

Hi,

I'm wondering if anybody knows the correct place to put proxy exceptions in for vIDM 2.4?

In previous versions, I used yast2 to configure proxy settings which works fine including exceptions but in vIDM, the official documents uses the VAMI command line referenced here -VMware Identity Manager Documentation Center

The problem is, the VAMI commands don't explain how to put exceptions for certain URLs / IPs. Is yast2 still the way to go? If so, I'm not 100% convinced that it works as I tried it but the logs still shows that it can't proxy through URLs I have defined in the exception list.

Can Identity Manager  connect to two different horizon view infrastructure in different domains? I tried with two connector but when I sync either view pod clears entitlements previously loaded on the other.

Is it possible to configure the Webex app via the web catalog for multiple sites when doing a SP initiation? Right now I have 1 site configured and working great when doing both IDP and SP initiated.  My other 2 sites work when doing IDP initiation but when i try to do SP initiation it defaults back to the site configured in the web app and fails. I could not find a setting to duplicate the configured app so i had to do a custom web app for the other 2 sites. My next step would be to remove the catalog app and just do a custom app for my main site but was curious to see if anyone has got this kind of setup to work.

Trying to connect to a RDSH application outside of the domain. I get the above error in events. Has anyone made this work?

I have the following challenge:

I have Office 365 federated with ADFS. When users want to login to the Office 365 portal or Outlook WebAccess, they are redirected to the ADFS login portal. Then the users can login with their Active Directory credentials and are then redirected back to Office 365 portal or OWA. This works fine. Now I have implemented Identity Manager and want to add OWA and Office 365 portal webapp to the Identity Manager portal so users can single sign on to the Office 365 applications. When I read the integration documentation, I can do this by federating Office 365 to Identity Manager. When users want to login to the Office 365 web applications, they are then redirected to the Identity Manager login interface. I don't want that. I want to keep the excisting authentication for Office 365 (through ADFS) and I want to enable SSO for users that are accessing Office 365 webapps through Identity manager. Is this possible? Anyone with experience with this?

Hi:

     I have run into the trouble about vIDM deploy about reuse the same FQDN, after deployed the vIDM I have used the MS CA certificate replace the self-sign certificate and I delete the vIDM  re-deploy it using the same FQDN I couldn't config it again.I saw the problem about the certificate but I don't know how to fix it.

Can someone help me?

VMware Identity Manager

出现故障，无法加载要查看的屏幕。您可以检查日志来了解可能的原因。 详细信息

VMware Identity Manager™ 2.4.1.0 Build 3230668. 版权所有 © 2013-2015 VMware, Inc. 保留所有权利。本产品受美国及其他国家/地区的版权和知识产权法以及国际条约保护。VMware 产品受以下网站上列出的一项或多项专利保护: http://www.vmware.com/go/patents-cn.

详细信息

Close

com.vmware.horizon.svadmin.exception.AdminPortalException: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://HZ-IDMV-02.CLOUD.CCDE.CNPC/SAAS/API/1.0/REST/system/bootstrap/initialize":Host name 'HZ-IDMV-02.CLOUD.CCDE.CNPC' does not match the certificate subject provided by the peer (EMAILADDRESS=unknown@vmware.com, CN=HZ-IDMV-02.CLOUD.CCDE.CNPC, OU=Horizon-Workspace, O=VMware, L=Palo Alto, ST=california, C=US); nested exception is javax.net.ssl.SSLPeerUnverifiedException: Host name 'HZ-IDMV-02.CLOUD.CCDE.CNPC' does not match the certificate subject provided by the peer (EMAILADDRESS=unknown@vmware.com, CN=HZ-IDMV-02.CLOUD.CCDE.CNPC, OU=Horizon-Workspace, O=VMware, L=Palo Alto, ST=california, C=US) at com.vmware.horizon.svadmin.service.ApplicationSetupService.isFirstOrgAndAdminUserSetup(ApplicationSetupService.java:196) at com.vmware.horizon.svadmin.controller.AdminPortalShortcutsController.doGet(AdminPortalShortcutsController.java:44) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:781) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:721) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:877) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:857) at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:186) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:614) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:620) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://HZ-IDMV-02.CLOUD.CCDE.CNPC/SAAS/API/1.0/REST/system/bootstrap/initialize":Host name 'HZ-IDMV-02.CLOUD.CCDE.CNPC' does not match the certificate subject provided by the peer (EMAILADDRESS=unknown@vmware.com, CN=HZ-IDMV-02.CLOUD.CCDE.CNPC, OU=Horizon-Workspace, O=VMware, L=Palo Alto, ST=california, C=US); nested exception is javax.net.ssl.SSLPeerUnverifiedException: Host name 'HZ-IDMV-02.CLOUD.CCDE.CNPC' does not match the certificate subject provided by the peer (EMAILADDRESS=unknown@vmware.com, CN=HZ-IDMV-02.CLOUD.CCDE.CNPC, OU=Horizon-Workspace, O=VMware, L=Palo Alto, ST=california, C=US) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:584) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:529) at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:447) at com.vmware.horizon.svadmin.config.RestClient.getJson(RestClient.java:158) at com.vmware.horizon.svadmin.config.RestClient.getForJsonResponse(RestClient.java:129) at com.vmware.horizon.svadmin.config.RestClient.getForJsonResponse(RestClient.java:113) at com.vmware.horizon.svadmin.service.ApplicationSetupService.isFirstOrgAndAdminUserSetup(ApplicationSetupService.java:189) ... 53 more Caused by: javax.net.ssl.SSLPeerUnverifiedException: Host name 'HZ-IDMV-02.CLOUD.CCDE.CNPC' does not match the certificate subject provided by the peer (EMAILADDRESS=unknown@vmware.com, CN=HZ-IDMV-02.CLOUD.CCDE.CNPC, OU=Horizon-Workspace, O=VMware, L=Palo Alto, ST=california, C=US) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:466) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:91) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:568) ... 59 more

Greetings,

We're attempting to deploy the Workspace Manager to support ThinApp and Horizon View resources. We've deployed the OVF successfully and are attempting to add our Directory as an Integrated Windows Authentication configuration.

After providing valid information to each field and select Save & Next, a long delay occurs, finally returning with:

    ' Connector communication failed with response: Request timed out '

Our appliance is deployed in a isolated network environment with selective ports opened to selective domain controllers. I've validated the ports/protocols listed in the installation manual are available against specific, 'whitelisted' DCs in our firewall. I know a new capability in 2.6 is the support of AD Sites & Services in determining domain controllers to utilize; the subnet is defined and assigned the approved DCs for this subnet. Windows hosts on this subnet function as expected. I've tried overriding the Default Subnet selection as the Install//Configure guide demonstrates with no impact.

Any suggestion on log files to start with to detail what communication may be timing out and to what resource?

Kind Regards

Hi everyone,

I am relatively new to the idea of using Identity Manager to authenticate Horizon View sessions and have ran in to a blocker.

As stated in the title, I have a Horizon View 7 installation using Identity Manager as a SAML authentication server for VDI sessions presented through Workspace One. I wanted to leave the SAML authentication as "required" within the View server, but have not discovered a way to authenticate the zero clients (teradici variants) against the ID Manager.

Is there something really obvious that I am missing or is it just not possible.

Just for a bit of information:

- Each zero terminal will be used by multiple users within the same domain

- VDI sessions that users access will be from both zero clients and thick clients using Workspace One

- VDI pools are distributed around multiple geographical locations managed by a single VCSA using a centralized Horizon/ID Manager instance

Many thanks in advance.

Hello,

I need to configure authentication to Workspace portal using Microsoft ADFS. Is such configuration possible? Are the steps described here: VMware Horizon Workspace 1.8 Documentation Center correct ones do accomplish it? I am not talking about configuring SAML to access other services from Workspace portal, but talking about SAML authentication to the Workspace portal itself.

Thank you!

Petr

I have kerberos authentication method added and working to our default_access_policy_set.  We have a multi-domain Active Directory environment, so when internal users go to the workspace FQDN, they must select a domain from the drop-down menu and click the Next button, and then kerberos logs them in automatically.  If the user mistakenly selects the wrong account domain, the next page shows "Access Denied. You do not have access to this service..." and there is no way to go back and select the correct domain.  I am able to easily clear the browser cache to allow the user to select a different domain, but why can't we just use UPN for login and skip domain selection drop-down?  Has anyone been able to get around the select domain requirement for user login?

I would like to get rid of the domain selection process and just allow the user to enter their userPrincipalName to log in.  The system should automatically be able to authenticate their domain credentials from just the UPN.  I haven't been able to get that to work with AD authentication and kerberos single-sign on, though.