Before you upgrade to the latest VMware Identity Manger service from version 3.2, verify that the F5 load balancing server is configured correctly.

Beginning with VMware Identity Manager 3.3, the host header cannot be null for health checks. Make sure that the F5 health check monitor created for VMware Identity Manager load balancing integration is configured to send the following string.

GET /SAAS/API/1.0/REST/system/health/heartbeat HTTP/1.1\r\nHost: your_workspace_url\r\nConnection: Close\r\n\r\n

Beginning with VMware Identity Manager version 3.3, the VMware Identity Manager server and connector are configured to use only the following cipher suites. Make sure that your F5 server is configured with at least one of these cipher suites.

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA