Enthusiast
Enthusiast

Custom Spec failing to join to domain

I think this is going to turn out to be more of a vSphere issue than code issue, but thought I would take a shot. I am working with a company on contract to automate a number of things in their VMWare environment. They recently (unbeknownst to me) updated their vCenter Certs for all environments, which caused the automation I'd written for building VMs to break. The error is on the customization specs, and states: "The public key in the specification does not match the vCenter Server public key. Click Continue to import without a password, then reenter the password in the Edit VM Customization Specification wizard."

In the past when I have encountered this, I click Continue, modify the admin password and save the spec. I am then able to export it (to change the vim.vm.customization.Password plaintext value in the xml to True) and then import it back in just fine. But this time around, every time I import the spec I get this error. I even deleted the spec altogether, recreated from scratch, exported, then imported back in, and get the error. Server builds will set all the parameters, but will not join the domain. I am using a base spec that just has the local admin password set, and is set to WORKGROUP only. Then in the build automation I am copying the customization spec to a non-persistent spec, and adding in the domain join credentials, like so:

Get-OSCustomizationSpec -Name $newVM -Server $vCenter | Set-OSCustomizationSpec -Domain $sDomain -DomainCredentials $creds -ErrorAction Stop

The $creds variable are the credentials for the service account, which has permissions in all of the domains that a VM could be joined to (which is why we do it in the script and not the spec itself). Neither the credentials nor the permissions for the account have changed; only the new certs. It is acting as if the Password plaintext were set to False, even though I can see it is set to True.

I am also pretty confident the new certs are working, as all of the vRealize appliances that I also manage took the new public key just fine. It just seems like the specs are not taking them.

Just curious if anyone else has run into this before?

0 Kudos
1 Reply
Leadership
Leadership

0 Kudos