VMware Cloud Community
Blueboy1878
Contributor
Contributor
‎03-22-2017 04:01 AM

Unable to add VCSA 6.5 to Domain

Hi We have done an update of our VCSa to 6.5 from 6 but we are unable to add it to or Domain. We get the following error:

The "Join active directory" operation failed for the entity with the following error message.

Idm client exception: Error trying to join AD, error code [31], user [xxxxxx], domain [xxxxxxxx], orgUnit [OU=Servers,OU=Resources,DC=xxxxx,DC=xxxx,DC=xx]

I have checked the SMB versions are enabled on our 2012 R2 Domain Controllers but I am still unable to add it.  I have also tried adding from the CLI and this too fails. Is anyone able to help me?

Thanks

Tags (1)
Reply
0 Kudos
9 Replies
JimKnopf99
Commander
Commander
‎03-23-2017 12:11 AM

Hi,

could you check this kb file please?

Joining the VMWare vCenter Server Appliance or VMware vRealize Automation Identity Appliance to a do...

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
Blueboy1878
Contributor
Contributor
‎03-23-2017 12:53 AM

Hi, I have checked that article and confirmed that SMBv1 is running on the 2012 R2 Domain Controllers. We have rebuild the VCentre 3 times now as well as putting it on different hosts within the cluster and we still cannot add it to the domain.

Using the CLI we get this error: Error: ERROR_GEN_FAILURE [code 0x0000001f]

Thanks

Reply
0 Kudos
JimKnopf99
Commander
Commander
‎03-23-2017 01:09 AM

Do you set a timeserver on the vcenter to sync the time?

Could you post the ssoAdminServer.log

Frank

If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
jlove2
Contributor
Contributor
‎01-31-2018 02:39 PM

i have the same issue. I verified SMB1, hostname and DNS on the VCSA. Here is what ssoAdminServer.log gives when it fails:

[2018-01-31T16:29:37.496-06:00 pool-4-thread-3 opId=ActiveDirectoryJoinFormMediator-apply-646-ngc:70000180 ERROR com.vmware.identity.admin.vlsi.SystemManagementServiceImpl] user [administrator@pensacolacitygov.com] cannot access domain [pensacolacitygov.com]

com.vmware.identity.admin.server.ims.ServerConfigurationException: user [administrator@pensacolacitygov.com] cannot access domain [pensacolacitygov.com]

        at com.vmware.identity.admin.server.ims.impl.SystemManagementImpl.mapException(SystemManagementImpl.java:133) ~[sso-adminserver.jar:?]

        at com.vmware.identity.admin.server.ims.impl.SystemManagementImpl.joinActiveDirectory(SystemManagementImpl.java:85) ~[sso-adminserver.jar:?]

        at com.vmware.identity.admin.vlsi.SystemManagementServiceImpl$2.call(SystemManagementServiceImpl.java:92) ~[sso-adminserver.jar:?]

        at com.vmware.identity.admin.vlsi.SystemManagementServiceImpl$2.call(SystemManagementServiceImpl.java:81) ~[sso-adminserver.jar:?]

        at com.vmware.identity.admin.vlsi.util.VmodlEnhancer.invokeVmodlMethod(VmodlEnhancer.java:160) [sso-adminserver.jar:?]

        at com.vmware.identity.admin.vlsi.SystemManagementServiceImpl.joinActiveDirectory(SystemManagementServiceImpl.java:81) [sso-adminserver.jar:?]

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_141]

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_141]

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]

        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]

        at com.vmware.vim.vmomi.server.impl.InvocationTask.run(InvocationTask.java:65) [vlsi-server.jar:?]

        at com.vmware.vim.vmomi.server.common.impl.RunnableWrapper$1.run(RunnableWrapper.java:47) [vlsi-server.jar:?]

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_141]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_141]

        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_141]

Caused by: com.vmware.identity.idm.IdmADDomainException: user [administrator@pensacolacitygov.com] cannot access domain [pensacolacitygov.com]

        at com.vmware.identity.idm.server.IdentityManager.joinActiveDirectory(IdentityManager.java:11604) ~[?:?]

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_141]

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_141]

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_141]

        at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_141]

        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) ~[?:1.8.0_141]

        at sun.rmi.transport.Transport$1.run(Transport.java:200) ~[?:1.8.0_141]

        at sun.rmi.transport.Transport$1.run(Transport.java:197) ~[?:1.8.0_141]

        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]

        at sun.rmi.transport.Transport.serviceCall(Transport.java:196) ~[?:1.8.0_141]

        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568) ~[?:1.8.0_141]

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826) ~[?:1.8.0_141]

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683) ~[?:1.8.0_141]

        at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_141]

        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682) ~[?:1.8.0_141]

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_141]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_141]

        at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_141]

        at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:283) ~[?:1.8.0_141]

        at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:260) ~[?:1.8.0_141]

        at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161) ~[?:1.8.0_141]

        at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:227) ~[?:1.8.0_141]

        at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:179) ~[?:1.8.0_141]

        at com.sun.proxy.$Proxy78.joinActiveDirectory(Unknown Source) ~[?:?]

        at com.vmware.identity.idm.client.CasIdmClient.joinActiveDirectory(CasIdmClient.java:3483) ~[vmware-identity-idm-client.jar:?]

        at com.vmware.identity.admin.server.ims.impl.SystemManagementImpl.joinActiveDirectory(SystemManagementImpl.java:77) ~[sso-adminserver.jar:?]

        ... 13 more

Reply
0 Kudos
NesBHY
Contributor
Contributor
‎08-16-2018 02:53 AM

Hi,

I'm facing the same issue, with vcsa 6.5U2.

Tried to activate SMBv2 within the vcsa, enable SMBv1 within the DC but still getting the same error.

Error shown when I try to join the domain using the command line :

---> Error: ERROR_GEN_FAILURE [code 0x0000001f]

If I try the same using the web client I get the error code 31.

Any suggestion ?

Thank you

Reply
0 Kudos
Vijay2027
Expert
Expert
‎08-16-2018 05:44 AM

Please share output of the below command:

/opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'

Is SMB1 disabled on DC?

Reply
0 Kudos
NesBHY
Contributor
Contributor
‎08-16-2018 05:48 AM

Please fin below the requested output :

root@vCSA [ ~ ]# /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]'

+  "Smb2Enabled"      REG_DWORD       0x00000001 (1)

   "EchoInterval"     REG_DWORD       0x0000012c (300)

   "EchoTimeout"      REG_DWORD       0x0000000a (10)

   "IdleTimeout"      REG_DWORD       0x0000000a (10)

   "MinCreditReserve" REG_DWORD       0x0000000a (10)

   "Path"             REG_SZ          "/opt/likewise/lib64/librdr.sys.so"

   "ResponseTimeout"  REG_DWORD       0x00000014 (20)

   "SigningEnabled"   REG_DWORD       0x00000001 (1)

   "SigningRequired"  REG_DWORD       0x00000000 (0)

  SMB1 and SMB2 are both enabled on DC.

Reply
0 Kudos
Vijay2027
Expert
Expert
‎08-16-2018 03:08 PM

Okay SMB2 version is enabled on vCSA as well. Can you restart likewise agent service and add vCSA to domain.

/opt/likewise/bin/lwsm restart lwio

Reply
0 Kudos
NesBHY
Contributor
Contributor
‎08-17-2018 12:53 AM

I did it already but still have the same error.

I will put below the resolution it might help someone else :

1. backup the DC

2. Navigate to the following registry location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer

Change  the value for DependOnService from "SamSS Srv2" to "SamSS Srv".

KnowledgeBase: ERROR_GEN_FAILURE [0x0000001f] when attempting to join VMware vCenter Server Applianc...

3. Reboot the DC

==> Till now I still have the same issue

4. Deactivate windows firewall within the DC

5. Deactivate AV within the DC

6. Join the domain

7. Put back the value of DependOnService to "SamSS Srv2"

8. Reboot once again the DC

Reply
0 Kudos