VMware Cloud Community
JKR16
Contributor
Contributor

Idm client exception: Error trying to join AD, error code 2453

Hi Anyone face this problem before? This is when I want to join domain my vshpere

Idm client exception: Error trying to join AD, error code 2453

thanks,

Felix

Reply
0 Kudos
27 Replies
MikeStoica
Expert
Expert

What version of vCenter are you running? What is your Active Directory domain level?

Reply
0 Kudos
JKR16
Contributor
Contributor

Iam Using V6.7 and my Domain Windows Server 2012

Reply
0 Kudos
MikeStoica
Expert
Expert

Reply
0 Kudos
vhasiu
Contributor
Contributor

I'm assuming you managed to solve this, but if anyone else comes here looking for a solution and tried everything else (since this was the first result on Google when searching for the error message); make sure your vCenter server is using the Active Directory DNS servers (or other DNS servers with which you can look up the Active Directory hostnames). I was trying all kinds of solutions for about an hour before realizing the vCenter server was using Google's DNS servers. If you can't remember where to configure the DNS servers, it's at https://your-vcenter-server:5480/.

JKR16
Contributor
Contributor

HI I still facing the same error message

Reply
0 Kudos
JKR16
Contributor
Contributor

Yes try the same way to join domain

Reply
0 Kudos
SethB360
VMware Employee
VMware Employee

Two areas to consider when joining the vsphere vCenter to the AD domain and experiencing error code 2453

verify that the vCenter is able to resolve both IPv4 and IPv6 if IPv6 is left as enabled.  If IPv6 is not used, but configured on DNS this may result in failure to resolve while authenticating to the AD domain.  Second, enter the FQDN for the domain, but do not enter the FQDN after the user ID used to authenticate to the domain (i.e. Administrator not Administrator@domain.com).

wice222
Contributor
Contributor

In my case I also had to ensure that WAN Nic's are using Domain DNS

DC win 2k19 - level 2k12

Reply
0 Kudos
Nawals
Expert
Expert

Are you trying to vCenter 6.7 appliance to domain? If yes, Please use below commands to join. Also, make sure using id administrator for join. Before this also check in DNS have both [host and PTR] record.

Command> shell

# /opt/likewise/bin/domainjoin-cli join domainname username password

#Reboot

Post reboot verify it.

# /opt/likewise/bin/domainjoin-cli query

NKS Please Mark Helpful/correct if my answer resolve your query.
JKR16
Contributor
Contributor

Hi Nawal,

thank you for your advice but I still cannot join domain. It give me this error messages

Error: NERR_DCNotFound [code 0x00000995]

Hope you can help

thanks,
Felix

Reply
0 Kudos
Nawals
Expert
Expert

Are you join vCenter to read only domain control or writable domain control? Also, have you check port 389 open in firewall? It possible please share screenshot of error.

NKS Please Mark Helpful/correct if my answer resolve your query.
Reply
0 Kudos
klcoyne
Contributor
Contributor

I am having the same issue with my 6.7 with embedded..  I have changed the appliance name to include the domain, it is pointing to the domain dns and I do not use IPv6.  I have checked the DNS and I do have the A and the PTR in there.  The DC is a writeable as I have added many different servers to that domain.  I have the hostname with the domain in it also.  When I use the username@domain.com with the password I get this error

Idm client exception: Error trying to join AD, error code [2453], user [*********@mydomain], domain [mydomain.com], orgUnit []

Then when I do it with just username I get this error

Idm client exception: Error trying to join AD, error code [2453], user [*********], domain [mydomain.com], orgUnit []

I have enabled the active directory firewall rule on all the hosts in the cluster.  On the AD I have symantec endpoint protection but have put in an allow all rule so nothing is being blocked.  I have not joined the individual hosts to the domain, do I have to? 

Reply
0 Kudos
dgreenwald
VMware Employee
VMware Employee

Go to DNS>Properties>Name Servers and Add the IP Address for the FQDN of the DNS server. It probably never resolved. This was my issue with joining AD.

Reply
0 Kudos
ertanyildiz
Contributor
Contributor

It is a DNS issue.

1. Enable SSH on VCSA.

2. Command> shell

3. # /opt/likewise/bin/domainjoin-cli leave

4. Reboot

5.  # /opt/vmware/share/vami/vami_config_net

6. Set the right DNS (Option 4)

7. # /opt/likewise/bin/domainjoin-cli join domainname username password

8. Reboot

nachogomez
Contributor
Contributor

Well, I had this error and several other error messages when trying to enroll my vCenter to an AD and I finally solved it doing as described in this PlanetVM post

I hope it helps anyone having trouble to join ther VC to an AD

Regards...

Raúl

 

Reply
0 Kudos
Davehouser
Contributor
Contributor

None of this worked for me.
The problem was found on a Wireshark trace on the DC. vCenter was performing dig requests for _kerberose.my.domain, _tcp.my.domain, _ldap.my.domain, etc., however those dig requests were failing. These are _msdc specific domain names that are built into AD under the forwarding zone. 
All of these were missing in our DC, and was causing the problem. The reason why they were missing in the first place is unknown but after a reverse of an older snapshot of our DC, the entries were restored, and vCenter connected. 

Reply
0 Kudos
Crmsonknight
Contributor
Contributor

Make sure the time is correct on all the machines.  That worked for me.

Reply
0 Kudos
EllenFann
Contributor
Contributor

Holly cow!! I have been trying to join to my lab domain for weeks, read everything related to the error messages I could find on BING (sorry, allergic to Google)

When I just entered the domain admin user name as administrator instead of administrator@vmlab.lan, it worked.

Answer: Node VCSA.VMLAB.LAN has joined the active directory successfully. Reboot the node to apply changes

Thank you so very much for this post.

 

 

Reply
0 Kudos
fram33
Contributor
Contributor

This worked for me. Thanks!

Reply
0 Kudos