VMware Cloud Community
AlmightyJu
Contributor
Contributor
Jump to solution

VCSA 6.7 install failing due to LDAP error

So I've gotten a trial version of esxi 6.7 and running inside a virtual machine in workstation and it's up and running fine on the ip 192.168.0.241.

I've ran the setup for vCenter and it's done the stage 1 without an issue but stage 2 is failing with "Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host."

From reading it seemed like a DNS issue, so I added vcenter.vsphere.local as 192.168.0.240 and esxi1.vsphere.local as 192.168.0.241 which didn't make any difference, I added the PTR records just in case and still failed. Doing a dig for both DNS records worked fine from the console on the vCenter machine so it doesn't appear to be that from what I can tell.

The relevant firstboot logs seems to be:

2018-12-06T21:23:51.783Z  Running command: ['/usr/lib/vmware-vmafd/bin/vdcpromo', '-u', 'Administrator', '-s', 'default-site', '-h', 'vcenter.vsphere.local', '-d', 'vsphere.local']

2018-12-06T21:26:23.088Z  password:

2018-12-06T21:26:23.090Z  Initializing Directory server instance ...

Vdcpromo failed. Error[9127]

Could not connect to VMware Directory Service via LDAP.

Verify VMware Directory Service is running on the appropriate system and is reachable from this host.

2018-12-06T21:26:23.091Z  <class 'cis.baseCISException.BaseInstallException'>

2018-12-06T21:26:23.096Z  Exception: Traceback (most recent call last):

  File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 177, in main

    controller.firstboot()

  File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 53, in firstboot

    self.init()

  File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 59, in init

    service.init()

  File "/usr/lib/vmware-vmafd/firstboot/identityinstall/vmdirInstall.py", line 404, in init

    self.setup_domain()

  File "/usr/lib/vmware-vmafd/firstboot/identityinstall/vmdirInstall.py", line 259, in setup_domain

    problemId = problem)

cis.baseCISException.BaseInstallException: {

    "problemId": "install.vmafd.vmdir_vdcpromo_error_23",

    "detail": [

        {

            "id": "install.vmafd.vmdir_vdcpromo_error_23",

            "translatable": "Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host.",

            "localized": "Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host."

        }

    ],

    "resolution": {

        "id": "install.vmafd.vmdir_vdcpromo_error_23.resolution",

        "translatable": "Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request.",

        "localized": "Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request."

    },

    "componentKey": "vmafd"

}

2018-12-06T21:26:23.091Z  VMAFD Boot failed

I honestly have no idea where to go from here since I've never installed this myself so any help would be fab. I've attached all the logs if it's of any help

1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
Jump to solution

The internal SSO domain of the vCSA is vsphere.local (which you shouldn't change). You cannot make the hostname of said vCSA or any other device part of vsphere.local. That's not how this has to work. Your internal domain should be something different. Nothing else should be at vsphere.local.

View solution in original post

7 Replies
daphnissov
Immortal
Immortal
Jump to solution

The internal SSO domain of the vCSA is vsphere.local (which you shouldn't change). You cannot make the hostname of said vCSA or any other device part of vsphere.local. That's not how this has to work. Your internal domain should be something different. Nothing else should be at vsphere.local.

AlmightyJu
Contributor
Contributor
Jump to solution

That was indeed the problem, moving over to .test for the servers fixed it. I knew it had to be something simple I just couldn't work it Smiley Happy

Reply
0 Kudos
buffalosolja
Contributor
Contributor
Jump to solution

Thanks having same issue and tried the solution no avail.  Glad I took a snapshot, creating another machine to try and resolve (been away from vmware for years and coming back).  Thanks for this post.

Reply
0 Kudos
NRay
Contributor
Contributor
Jump to solution

To Resolve the issue:

  • Ensure that the source from where the vCenter appliance is deployed is on the same network,  subnet, and VLAN as the source vCenter, and not connecting via VPN.
  • The ISO mounted for installation should be on the local machine and not presented from a network drive.
  • Ensure there is no time drift between the source and destination appliances or VMs.

Source: Could not connect to VMware Directory Service via LDAP - problemId": "install.vmafd.vmdir_vdcpromo_e...

Reply
0 Kudos
typerlc
Contributor
Contributor
Jump to solution

It didn't work for me either.

I stumbled on this, and it worked for me: https://cstan.io/?p=8962&lang=en   Essentially, you have to ssh to the vcenter server (or use console), login as root, get a shell, then add an entry to /etc/hosts:

echo "::1 localhost.localdom localhost" >> /etc/hosts

Then success.

engineer4kailas
Enthusiast
Enthusiast
Jump to solution

  • Ensure that the source from where the vCenter appliance is deployed is on the same network, subnet, and VLAN as the source vCenter, and not connecting via VPN.
  • The ISO mounted for installation should be on the local machine and not presented from a network drive.
  • Ensure there is no time drift between the source and destination appliances or VMs. OR Incorrect DC information with in the appliance.

Also check HostA and PTR record is created correctly

Reply
0 Kudos
slartimitvar7
Contributor
Contributor
Jump to solution

PTR record fixed it for me