«

»

Mar 01 2016

Error joining vCenter Server Appliance to Active Directory

“VMTurbo"

Time for another guest blog post and this one by my former colleague Johan Blom @ RTSAB who had problem joining a vCenter Server Appliance 6 U1 to a Windows 2012 R2 domain.

When trying top join domain from vSphere Web Client the following error was seen:

 

Idm client exception: Error trying to join AD, error code [11], user [XXX\yyy domain [XXXX], orgUnit

Running the command “/opt/likewise/bin/domainjoin-cli join domain.local username” from the VCSA ssh session gave the following error:

Screen Shot 2016-03-01 at 14.10.09
Error: ERROR_GEN_FAILURE [code 0x0000001f]

The below troubleshooting steps were taken to identify the root cause.

  • Verify that smb1 feature was installed on the domain controllers
    image002
  • Moved on and verified SMB1 (srvnet) was enabled in the Server Properties which it wasn’t.
    image003

The following actions were taken to make it possible to join the Windows 2012 R2 domain.

  • Edit the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer  Windows registry key on all domain controllers with the following values:
    • Key: DependOnService
    • Value: SamSS Srv
      Old vale was SamSS Srv2
  • Rebooted the domain controllers.
  • Verified that SMB1 was enabled on the domain controllers
    image004

Now it was possible to join the Windows 2012 R2 active directory domain.

4 comments

Skip to comment form

  1. Andreas M

    Or you could create your object in AD before you join it from the appliance gui/cli..
    That’s how I have solved it though.

  2. magander3

    Hi,
    ok thanks for information.

    //Magnus

  3. Johan Blom

    That did not wok in my case

    /Blom

  4. eugenm76

    HI, magander3
    You saved my head from the explosion.
    very thank you!

    ESXi side lwsmd start & chkconfig lwsmd on
    Change the Config.HostAgent.plugins.hostsvc.esxAdminsGroup setting to match the Administrator group that you want to use in the Active Directory. These settings takes affect within a minute and no reboot is required.

    /eugenm76

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">