Hi We have done an update of our VCSa to 6.5 from 6 but we are unable to add it to or Domain. We get the following error:
The "Join active directory" operation failed for the entity with the following error message.
Idm client exception: Error trying to join AD, error code [31], user [xxxxxx], domain [xxxxxxxx], orgUnit [OU=Servers,OU=Resources,DC=xxxxx,DC=xxxx,DC=xx]
I have checked the SMB versions are enabled on our 2012 R2 Domain Controllers but I am still unable to add it. I have also tried adding from the CLI and this too fails. Is anyone able to help me?
Thanks
Hi,
could you check this kb file please?
Frank
Hi, I have checked that article and confirmed that SMBv1 is running on the 2012 R2 Domain Controllers. We have rebuild the VCentre 3 times now as well as putting it on different hosts within the cluster and we still cannot add it to the domain.
Using the CLI we get this error: Error: ERROR_GEN_FAILURE [code 0x0000001f]
Thanks
Do you set a timeserver on the vcenter to sync the time?
Could you post the ssoAdminServer.log
Frank
i have the same issue. I verified SMB1, hostname and DNS on the VCSA. Here is what ssoAdminServer.log gives when it fails:
[2018-01-31T16:29:37.496-06:00 pool-4-thread-3 opId=ActiveDirectoryJoinFormMediator-apply-646-ngc:70000180 ERROR com.vmware.identity.admin.vlsi.SystemManagementServiceImpl] user [administrator@pensacolacitygov.com] cannot access domain [pensacolacitygov.com]
com.vmware.identity.admin.server.ims.ServerConfigurationException: user [administrator@pensacolacitygov.com] cannot access domain [pensacolacitygov.com]
at com.vmware.identity.admin.server.ims.impl.SystemManagementImpl.mapException(SystemManagementImpl.java:133) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.server.ims.impl.SystemManagementImpl.joinActiveDirectory(SystemManagementImpl.java:85) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.SystemManagementServiceImpl$2.call(SystemManagementServiceImpl.java:92) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.SystemManagementServiceImpl$2.call(SystemManagementServiceImpl.java:81) ~[sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:160) [sso-adminserver.jar:?]
at com.vmware.identity.admin.vlsi.SystemManagementServiceImpl.joinActiveDirectory(SystemManagementServiceImpl.java:81) [sso-adminserver.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_141]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_141]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]
at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server.jar:?]
at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_141]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]
Caused by: com.vmware.identity.idm.IdmADDomainException: user [administrator@pensacolacitygov.com] cannot access domain [pensacolacitygov.com]
at com.vmware.identity.idm.server.IdentityManager.joinActiveDirectory(IdentityManager.java:11604) ~[?:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_141]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_141]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) ~[?:1.8.0_141]
at sun.rmi.transport.Transport$1.run(Transport.java:200) ~[?:1.8.0_141]
at sun.rmi.transport.Transport$1.run(Transport.java:197) ~[?:1.8.0_141]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]
at sun.rmi.transport.Transport.serviceCall(Transport.java:196) ~[?:1.8.0_141]
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568) ~[?:1.8.0_141]
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826) ~[?:1.8.0_141]
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683) ~[?:1.8.0_141]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682) ~[?:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_141]
at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_141]
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:283) ~[?:1.8.0_141]
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:260) ~[?:1.8.0_141]
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161) ~[?:1.8.0_141]
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:227) ~[?:1.8.0_141]
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:179) ~[?:1.8.0_141]
at com.sun.proxy.$Proxy78.joinActiveDirectory(Unknown Source) ~[?:?]
at com.vmware.identity.idm.client.CasIdmClient.joinActiveDirectory(CasIdmClient.java:3483) ~[vmware-identity-idm-client.jar:?]
at com.vmware.identity.admin.server.ims.impl.SystemManagementImpl.joinActiveDirectory(SystemManagementImpl.java:77) ~[sso-adminserver.jar:?]
... 13 more
Hi,
I'm facing the same issue, with vcsa 6.5U2.
Tried to activate SMBv2 within the vcsa, enable SMBv1 within the DC but still getting the same error.
Error shown when I try to join the domain using the command line :
---> Error: ERROR_GEN_FAILURE [code 0x0000001f]
If I try the same using the web client I get the error code 31.
Any suggestion ?
Thank you
Please share output of the below command:
/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'
Is SMB1 disabled on DC?
Please fin below the requested output :
root@vCSA [ ~ ]# /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'
+ "Smb2Enabled" REG_DWORD 0x00000001 (1)
"EchoInterval" REG_DWORD 0x0000012c (300)
"EchoTimeout" REG_DWORD 0x0000000a (10)
"IdleTimeout" REG_DWORD 0x0000000a (10)
"MinCreditReserve" REG_DWORD 0x0000000a (10)
"Path" REG_SZ "/opt/likewise/lib64/librdr.sys.so"
"ResponseTimeout" REG_DWORD 0x00000014 (20)
"SigningEnabled" REG_DWORD 0x00000001 (1)
"SigningRequired" REG_DWORD 0x00000000 (0)
SMB1 and SMB2 are both enabled on DC.
Okay SMB2 version is enabled on vCSA as well. Can you restart likewise agent service and add vCSA to domain.
/opt/likewise/bin/lwsm restart lwio
I did it already but still have the same error.
I will put below the resolution it might help someone else :
1. backup the DC
2. Navigate to the following registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer
Change the value for DependOnService from "SamSS Srv2" to "SamSS Srv".
3. Reboot the DC
==> Till now I still have the same issue
4. Deactivate windows firewall within the DC
5. Deactivate AV within the DC
6. Join the domain
7. Put back the value of DependOnService to "SamSS Srv2"
8. Reboot once again the DC