Some notes on the -hostname- field, when installing #vIDM with #vRSLCM

When I had written my previous post on the vRealize Suite Lifecycle Manager, and integrating vIDM with it, I thought I had run up against the most obvious errors I could. See my previous post about this here: Adding Active Directory Integration to #vRealize Lifecycle Manager 2.0

Unfortunately, I ran into an even more basic problem, when I tried to roll out another vIDM instance from LCM

First of all, vIDM cannot be deployed with a 'hostname' that is not a FQDN. The field, however, doesn't tell you it needs a FQDN.

I was leaving the domain portion out out, because a step earlier, I was filling in the domain name in the network config, and naively thought that would cover it:

That is another item of note, cause as Carl Stalhood points out in this excellent and very comprehensive blogpost on vIDM 3.3: https://www.carlstalhood.com/vmware-identity-manager/

According to Install the VMware Identity Manager OVA File at VMware Docs, the Domain Name and Domain Search Path fields are not used.

However, in vRSLCM, you are required to enter these fields, when you do the vIDM deployment!

Finally, I ran into a very annoying and hard to troubleshoot issue regarding what characters are valid in a vIDM hostname.

vIDM doesn't like it when your hostname starts with zero , as in, for example '000-srv-vidm-01

Quoting @smtrobroek in the vExpert slack:

The original specification of hostnames in RFC 952, mandated that labels could not start with a digit or with a minus sign, and must not end with a minus sign. However, a subsequent specification (RFC 1123) permitted hostname labels to start with digits. No other symbols, punctuation characters, or white space are permitted. Internationalized domain names are stored in the Domain Name System as ASCII strings using Punycode transcription.[4] - https://en.wikipedia.org/wiki/Hostname

This is how LCM will report this particular problem during the deployment:

LCMVIDM70000: Invalid vIDM credentials provided

com.vmware.vrealize.lcm.common.exception.LcmException: Failed to get admin token: Organization does not exist.
	at com.vmware.vrealize.lcm.vidm.common.api.VidmServer.loginLocalAdmin(VidmServer.java:201)
	at com.vmware.vrealize.lcm.vidm.common.api.VidmServer.loginLocalAdmin(VidmServer.java:207)
	at com.vmware.vrealize.lcm.drivers.vidm.task.VidmADConfigTask.execute(VidmADConfigTask.java:82)
	at com.vmware.vrealize.lcm.platform.automata.core.ExecutionTask.run(ExecutionTask.java:41)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

Now does the above help you in any way?

More useful is the actual vIDM console, which tells you at least that the problem is with the hostname. But it doesn't tell you what is wrong with it.

Another place this message appears is in /var/log/boot.msg on the vIDM appliance. It will tell you the same, in fact this where the console is getting it from: WARNING: Invalid org name contained in hostname : 000-srv-vidm-01

Another way this error shows up, is if you go to your vIDM setup page. The one that you would normally go through if you where to role out the appliance manually. You can see exactly at what step it got stuck.

<your vIDM FQDN>:8443/cfg/setup (login with admin )

Error during initialization. {"success":false,"status":400,"message":"Invalid organization name","code":400}

This message, i think, is being generated by the vPostgres initialization step. But I could not find another reference to it in the vPostgres logs themselves. I also found nothing at all helpful googling for this, hence I am adding the full error test here, for others.

Many many thanks to Sjors Robroek and Laurens van Duijn for helping me troubleshoot this issue in the #vExpert Slack! Laurens even went so far as to replicate the problem in his own homelab.