When you create a directory of type Active Directory (Integrated Windows Authentication), the This Directory supports DNS Service Location option is enabled by default and cannot be changed. When you create a directory of type Active Directory over LDAP, you have the choice of enabling this option. If this option is enabled, DNS Service Location lookup is used to select domain controllers. However, in certain scenarios, using DNS Service Location lookup may not be preferred.

The connector DNS Service Location (SRV) lookup is currently not site aware. If you have a global Active Directory deployment, with multiple domain controllers across different geographical locations for a domain, a non-optimal domain controller might be selected. This can lead to latency, delays, or timeouts when VMware Identity Manager tries to communicate with the domain controller.

For a global Active Directory deployment with multiple domain controllers across different geographical locations, to ensure an optimal configuration, create a domain_krb.properties file to override the SRV lookup and add to it specific domain to host values that take precedence over SRV lookup. Create this file if you are using either Active Directory (Integrated Windows Authentication) or Active Directory over LDAP with the DNS Service Location option enabled.

Important

You must create the domain_krb.properties file before you create the VMware Identity Manager directory.

1

Log in to the virtual appliance as the root user.

2

Change directories to /usr/local/horizon/conf and create a file called domain_krb.properties.

3

Edit the domain_krb.properties file to add the list of the domain to host values. Add the information as <AD Domain>=<host:port>, <host2:port2>, <host3:port3>.

For example, enter the list as example.com=examplehost1.example.com:636, examplehost2.example.com:389

4

Change the owner of the domain_krb.properties file to horizon and group to www.

Enter chown horizon:www /usr/local/horizon/conf/domain_krb.properties.

5

Restart the service.

Enter service horizon-workspace restart.