VMware Cloud Community
silverbullet
Contributor
Contributor
‎07-16-2014 11:15 AM

Cannot add VCSA or ESXi hosts to domain

Hi everyone, I'm hoping someone can help me. I've scoured the internets for a solution but I'm stuck. I'm in a production client environment trying to add the latest vCSA to AD:

vcsa version.PNG

Error:

vcsa error.PNG

In the vpxd_cfg.log file, I get this:

on vcsa.PNG

I've checked:

- forward and reverse entries in DNS are accurate

- fqdn on the vcsa

- unique IP address

- correct password and user has appropriate rights in AD

- sso is working properly on vcsa

- pinging and name resolution backward and forward work

- time synch w/hosts is working and accurate across enterprise

- tried pre-staging computer object with same results

- that this happens regardless of the DC I'm connecting to (2012 or 2008)

Further, I cannot add hosts to AD either - now.  At some point, that did work. They were added by someone at some point, but now removing them via host/configuration/auth,,, will now not allow me to re-add them.

I am stuck and have run out of ideas. Thanks everyone for your help and insights.

3 Replies
rcporto
Leadership
Leadership
‎07-16-2014 11:35 AM

The DNS servers IP address that you're using in the VCSA are from domain controllers of the domain that you're trying join the VCSA.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
silverbullet
Contributor
Contributor
‎07-16-2014 11:42 AM

Yes - all are the same domain. This still happens when the specified DNS = DC trying to connect to.

0 Kudos
ThatITguy012
Contributor
Contributor
‎07-31-2014 03:12 AM

I am experiencing something very similar and boy is it annoying, here is what I have found.

The VCSA performs a dns query on the domain, such as domain.local this is completely expected but.

From a windows PC connected to the domain run nslookup domain.local

In our domain this lists all of the domain controllers of which there are 16.

so running the command looks like this,

nslookup domain.local

server: DNS.domain.local
address: 192.168.1.1

name: domain.local
address: 192.168.1.1
               192.168.2.1

               192.168.3.1

               ...

Now from the VCSA command line pinging domain.local, what you will see is that the DNS will return a round robin of the IP addresses.

First time running ping 192.168.1.1

Second time running ping 192.168.2.1

Third time running ping 192.168.3.1

....


In our case of the IP addresses returned only 2 DC's in the list could actually be contacted by the vlan the VCSA is on.

Believe it or not it would eventually connect to the domain as long as you kept trying as it would round robin though all the servers until it could actually connect, this however is not very practical.

try the tests above and let me know if you see anything similar