Re: vRealize 7.4 - AD integration fails ERROR_BAD_... - Page 2

kristofasaert · ‎09-18-2019

Hello,

I'm trying to add a domain to my vRA environment.

However when doing that I get the error => Could not join domain: Error occurred while joining domain. Verify Domain Admin username and password is correct, and the username is the sAMAccountName. Failed to join domain. Error Code: ERROR_BAD_FORMAT. Message:

I'm sure the userids are correct.
I can resolve the domain on my appliances and there isn't a firewall in between.

I've found the same issue here in the community but there wasn't any feedback on how it was solved (Vrealize 7.0 integration with Active directory )

Anybody has some ideas on how to solve it?

nogoh888 · ‎12-18-2019

I can confirm i also had the lowercase issue with the IWA configuration.

I build PoCs using powershell scripts to create my AD controllers and the one time I was lazy I put in my netbios parameter in lower case, usually I do uppercase. When I came to configure the directory for vRA i continually received the generic ERROR_BAD_FORMAT message.

The only way I could progress was to change the netbios from all lower case to all UPPER CASE. suffice to say, I really strongly highly recommend that you only do this in PoCs. I dont know what other effects of hacking at the AD to fix my issue will have on the environment, but if you have a similar issue in a production / customer / client environment then you need to spend time researching the risks and weigh the potential impact to the business in addition to calling Microsoft for Support. Perhaps a solution is to just build a separate domain

The fix is fairly simple, and I have 2 Parent AD-DCs, 1 child AD-DC and 1 external Trust AD-DC in my PoC and the fix was applied to the Parent AD. As I installed all the other domain DCs, (Child and External) with a lower case netbios because of the script, then I'm likely I'm going to have to update them too. As its a PoC and the environment is not going to be long lived, I'm using Eval licenses for my 2016 DCs so if i have to trash the PoC and rebuild I dont care. Do note that when using Eval licenses for AD controllers you cannot upgrade the Windows license at a later date, you must have a legal license for your AD controllers especially for production use.

From what I have read its strongly discouraged or you need experienced AD administrators to plan and implement a plan forward as the change will impact Exchange systems (and I don't know what else). I found my resolution on a blog on a guy learning about CEH.

So to reiterate DO NOT do the following on any environment other than a PoC, else you will risk bricking your environment and it will be auto-resume generating!!!!!!! Use at your own risk.

Open ADSI Edit
Connect to the "Configuration" Naming Context
Navigate down until you get to CN=Partitions
Find your root domain CN and open it i.e. Name: "CN=mydomain", Directory Partition Name: "DC=mydomain,DC=com"
Edit the nETBIOSName attribute and set it to UPPERCASE i.e. mydomain to MYDOMAIN.
Apply and reboot your DC, because you only have the one right and you don't need to worry about AD replication issues because its a PoC.

Again DO NOT do the above on any environment other than a PoC. Spend time researching the risks and weigh the potential impact to the business in addition to calling Microsoft for Support.

This guy gives a powershell script on determining the netbios case. Do read it.

http://virot.eu/the-wierd-lowercase-netbios-name/

kristofasaert · ‎12-19-2019

Hey,

Thanks for the feedback, the procedure you're giving is maybe ok for POC environments.

But if you want to do it in a Microsoft supported way this is the link 🙂

Managing Active Directory Domain Rename | Microsoft Docs

ankithb · ‎12-27-2019

Thanks for the replies.

vNerdyNate · ‎12-28-2019

This is great stuff

Thanks, Nathan

All

vRealize 7.4 - AD integration fails ERROR_BAD_FORMAT