Hi,

I have two PSCs running in HA mode with F5 Load balancer with two vCenters joined in enhanced linked mode. I tried adding active directory (Integrated Windows authentication)  as identity source which is failing to join and shows "The vCenter SSO server is not currently joined to any domain" however I have both of my PSCs are part of domain. I joined both PSC using the following command line

domainjoin-cli join <domain> <user> <password>

and had a reboot, I see the computer objects created in AD for both of PSCs however when see configuration through Web client and go to system configuration->Nodes->psc_node->Manage->settings->active directory, I see no domain name there. I assume this is some kind of bug and my PSCs have been added to domain as per commandline and their computer objects have been created in AD.

I found the following kb to resolve the issue however while running the command, I got the below output and it did not create the identity source

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2...

1. cd /usr/lib/vmidentity/tools/scripts/
   
   
2. Run this command to create the Identity Source:
   
   ./sso-add-native-ad-idp.sh domain_name

./sso-add-native-ad-idp.sh labdomain.com

Starting to add Native Active directory as Identity Source

VMware SSO data migration - start importing

SSO data intemediate file name: /usr/lib/vmidentity/tools/scripts/exported_sso.properties

Source SSO is 5.0: false

Destination SSO location: localhost

Unable to extract lockout policy:

java.lang.AssertionError

        at com.vmware.identity.migration.entities.LockoutPolicy.<init>(LockoutPolicy.java:35)

        at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractLockoutPolicy(EntitiesPersister.java:1056)

        at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractAllEntities(EntitiesPersister.java:1151)

        at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:36)

        at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)

        at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)

        at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)

Unable to extract password policy:

java.lang.AssertionError

        at com.vmware.identity.migration.entities.PasswordPolicy.<init>(PasswordPolicy.java:63)

        at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractPasswordPolicy(EntitiesPersister.java:1024)

        at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractAllEntities(EntitiesPersister.java:1152)

        at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:36)

        at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)

        at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)

        at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)

Unable to extract issuer:

java.lang.AssertionError

        at com.vmware.identity.migration.entities.Issuer.<init>(Issuer.java:26)

        at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractIssuer(EntitiesPersister.java:860)

        at com.vmware.identity.migration.entities.persister.EntitiesPersister.extractAllEntities(EntitiesPersister.java:1154)

        at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:36)

        at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)

        at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)

        at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)

No localos IDS to be imported

IDP for this tenant is already added.

Importing groups but not adding to their parent groups.

Failed to import identity source:ads.mckinsey.com

com.vmware.identity.migration.idm.SystemException: com.vmware.identity.idm.IDMException

        at com.vmware.identity.migration.idm.impl.IDMClient.addProvider(IDMClient.java:199)

        at com.vmware.identity.migration.idp.importer.sso2.IDPImporter.importExternalIdentitySource(IDPImporter.java:165)

        at com.vmware.identity.migration.entities.ExternalIdentitySource.importInto(ExternalIdentitySource.java:187)

        at com.vmware.identity.migration.idp.importer.ImporterImpl.importEntities(ImporterImpl.java:48)

        at com.vmware.identity.migration.idp.importer.MultiIDPImporterImpl.importEntities(MultiIDPImporterImpl.java:23)

        at com.vmware.identity.migration.ImporterToSSO2.importInto(ImporterToSSO2.java:99)

        at com.vmware.identity.migration.ImporterToSSO2.main(ImporterToSSO2.java:69)

Caused by: com.vmware.identity.idm.IDMException

        at com.vmware.identity.idm.server.ServerUtils.getRemoteException(ServerUtils.java:133)

        at com.vmware.identity.idm.server.IdentityManager.addProvider(IdentityManager.java:8142)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

        at java.lang.reflect.Method.invoke(Unknown Source)

        at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)

        at sun.rmi.transport.Transport$2.run(Unknown Source)

        at sun.rmi.transport.Transport$2.run(Unknown Source)

        at java.security.AccessController.doPrivileged(Native Method)

        at sun.rmi.transport.Transport.serviceCall(Unknown Source)

        at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.access$400(Unknown Source)

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(Unknown Source)

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler$1.run(Unknown Source)

        at java.security.AccessController.doPrivileged(Native Method)

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

        at java.lang.Thread.run(Unknown Source)

        at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Unknown Source)

        at sun.rmi.transport.StreamRemoteCall.executeCall(Unknown Source)

        at sun.rmi.server.UnicastRef.invoke(Unknown Source)

        at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(Unknown Source)

        at java.rmi.server.RemoteObjectInvocationHandler.invoke(Unknown Source)

        at com.sun.proxy.$Proxy1.addProvider(Unknown Source)

        at com.vmware.identity.idm.client.CasIdmClient.addProvider(CasIdmClient.java:628)

        at com.vmware.identity.migration.idm.impl.IDMClient.addProvider(IDMClient.java:183)

        ... 6 more

Failed to import STS config :

Clock tolerance: -1

RenewCount: -1

DelegationCount: -1

MaximumBearerTokenLifetime: -1

MaximumHoKTokenLifetime: -1

Adding imported system groups into their parent groups.

VMware SSO data migration - end importing

Exitting migration tool with status code = 0

please suggest.