I am performing a vSphere 6.0 test deployment using 2 VCSAs connecting to a pair of external PSC appliances load balanced behind a Citrix Netscaler. I followed the vSphere 6 deployment guide for external HA PSCs and took snapshots of both PSCs at this point in case I needed to revert back for any reason.

The first VCSA I deployed was successful using the PSC VIP but when deploying the second VCSA it failed with a 'firstboot script execution error':

Error while configuring vSphere Auto Deploy Waiter: Service operation failed: {Auto Deploy register Exception {{ "resolution": null, "detail": [ { "args": [ "Stderr: error: Failed to add AD user(waiter-ecba3290-dc17-48f2-8abc-c1b92533352d) to group,\n37(dir-cli failed. Error 1317: Operation failed with error ERROR_NO_SUCH_USER (1317) \n)\n" ], "id": "install.ciscommon.command.errinvoke", "localized": "An error occurred while invoking external command : 'Stderr: error: Failed to add AD user(waiter-ecba3290-dc17-48f2-8abc-c1b92533352d) to group,\n37(dir-cli failed. Error 1317: Operation failed with error ERROR_NO_SUCH_USER (1317) \n)\n'", "translatable": "An error occurred while invoking external command : '%(0)s'" } ], "componentKey": null, "problemId": null }}}

When trying the deployment again I ran into the following error:

javascript:;An error occurred while invoking external command : 'Command: ['/usr/lib/vmware-vmca/bin/certool', '--server=<PSC hostname>', '--genCIScert', '--privkey=/etc/certs/machine/machine.priv', '--cert=/etc/certs/machine/machine.crt', '--Name=machine', '--FQDN=<vCenter hostname>'] Stderr: '         

Error in appending hostname/ip <vCenter hostname> to Cert.         

My web searches so far have been fruitless, has anyone else run into this problem or know why I'm having these issues?