Re: VCSA 6.5 U1 can't join AD (2008 R2 smb2)

Nickwoo · ‎08-17-2017

Type:

vCenter Server with an embedded Platform Services Controller

Product:

VMware vCenter Server Appliance

Version:

6.5.0.10000

smb2 enable

/var/log ]# /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'

+ "Smb2Enabled" REG_DWORD 0x00000001 (1)

"EchoInterval" REG_DWORD 0x0000012c (300)

"EchoTimeout" REG_DWORD 0x0000000a (10)

"IdleTimeout" REG_DWORD 0x0000000a (10)

"MinCreditReserve" REG_DWORD 0x0000000a (10)

"Path" REG_SZ "/opt/likewise/lib64/librdr.sys.so"

"ResponseTimeout" REG_DWORD 0x00000014 (20)

"SigningEnabled" REG_DWORD 0x00000001 (1)

"SigningRequired" REG_DWORD 0x00000000 (0)

2017-08-17T18:10:34.090161+08:00 VCENTER netlogond[1164]: 0x7f48b7fff700: Missing client site name from DC response from xx.dc.com

2017-08-17T18:10:44.249336+08:00 VCENTER lsassd[1195]: 0x7f07b67fc700:Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 31, symbol = ERROR_GEN_FAILURE, client pid = 22586

DC is 2008R1, both smbv1, smb2 are enable,

on VCSA, from web or command, both can't join domain, anyone know why ?

Thanks.

Madhuin · ‎08-17-2017

Hi Nickwoo

Whats the error message you are getting when running /opt/likewise/bin/domainjoin-cli join "domain name" "username" on the console ?

Hope you already mapped hostname with IP in domain server?

If it is useful, please mark answer as correct or helpful.

----------------------------------------------------------------
Thanks & Regards

Madhukumar Jayanna, VCP50.
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware

Nickwoo · ‎08-17-2017

error output after input password:

Error: ERROR_GEN_FAILURE [code 0x0000001f]

PS: hostname and DNS are good.

Madhuin · ‎08-17-2017

If smb2 not already enabled on vcsa ,please enable and try adding it again..

How to turn SMB2 on the vCSAs:

SSH into the vCSA and run:

/opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]' Smb2Enabled 1

You can verify the values with the following command:

/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'

Then restart likewise:

/opt/likewise/bin/lwsm restart lwio

Now it talks to AD with SMB2..

Nickwoo · ‎08-17-2017

in VCSA 6.5 U1, it's enabled by default.

SridharG · ‎08-17-2017

I assume your FQDN of VCSA matches to the DNS but not the AD forest.

For ex: your domain name is abc.xyz.com but your FQDN is <hostname>.xyz.com here host name should be <hostname>.abc.xyz.com

Please check and try again.

>>2017-08-17T18:10:34.090161+08:00 VCENTER netlogond[1164]: 0x7f48b7fff700: Missing client site name from DC response from xx.dc.com

Generally above error will come in case of AD DNS and FQDN doesn't matches.

If it is useful, plz mark answer as correct or helpful.
----------------------------------------------------------------
Thanks & Regards
Sridhar Gattu,
VCP55, RHCE 6.0.
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed, or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

Nickwoo · ‎08-18-2017

it's matched, just not work.

Nickwoo · ‎08-25-2017

it's firewall problem.

robertrosit · ‎08-29-2017

did you fix it?

because i have same issue, but can't find a solution.

Re: esxi 6.5 domain join with smb 2.0?

All

VCSA 6.5 U1 can't join AD (2008 R2 smb2)