- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
I have a VCSA 6.7 installed and want to join to domain Active Directory.
- When I try to join domain via UI, I got this error: Idm client exception: error trying to join ad, error code [40188]
- When I try to join domain via CLI, I got this error: Error: ERROR_MEMBER_NOT_IN_GROUP [code 0x00000529]
I found a lot of posts about failing to join vCenter to domain but none of them has the error code [40188] so I don't know how to resolve this problem.
Please help me with this. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
if you please confirm that you followed the below steps:
- Open vSphere HTML Client
- Login as Single Sign-On Administrator or a user with global permissions.
- Navigate to Administration >Configuration
- From Identify Sources Tab you can verify available domain and by default Only SSO and Localos will be available
- Navigate to Tab Active Directory Domain and Click on Join AD
- Add the Domain Name and Username and Password has permission to join to Active Directory and Click Join
Note:- You have to reboot the Appliance to apply the changes
If yes, please specify in which step the error appear.
Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.
Cheers,
VCIX6-NV|VCP-NV|VCP-DC|
If my reply was helpful, I kindly ask you to like it and mark it as a solution
Regards,
Hassan Alkak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I followed extractly the same as your steps and the error appeared in the last step after adding username/password and clicking Join
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So as when I use CLI, here is the command:
root@photon-machine [ ~ ]# /opt/likewise/bin/domainjoin-cli join hict.local administrator@hict.local
Joining to AD Domain: hict.local
With Computer DNS Name: photon-machine.hict.local
administrator@HICT.LOCAL's password:
Error: ERROR_MEMBER_NOT_IN_GROUP [code 0x00000529]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How did you type the username?
User name in User Principal Name (UPN) format, for example, jchin@mydomain.com.
Important:
Down-level login name format, for example, DOMAIN\UserName, is unsupported.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes sure as mentioned by MikeStoica ,
Confirm the username format please (administrator@hict.local).
And confirm that the OU is correct mapping to same location of administrator account on active directory and as following: OU=users,DC=hict,DC=local
If my reply was helpful, I kindly ask you to like it and mark it as a solution
Regards,
Hassan Alkak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As MikeStoica,
My user name format is administrator@hict.local
Last time I see that OU is optional so I leave it blank. But now when I set OU to: ' DC=hict,DC=local ', the error still appears.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes it is optional bu noting that like that DC=hict,DC=local is wrong because there no OU before.
But can you check the network connectivity between vCenter appliance and DC and ensure that all ports needed are accessible.
If my reply was helpful, I kindly ask you to like it and mark it as a solution
Regards,
Hassan Alkak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your vCSA hostname is photon-machine as it is indicated in your bash session, this indicates you did not deploy the vCSA correctly and is lonely the cause of the failures here. You will need to redeploy to fix this and use proper DNS and a FQDN during installation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. I found the prerequisites in this link:
Join or Leave an Active Directory Domain
"Verify that the system name of the appliance is an FQDN. If, during the deployment of the appliance, you set an IP address as a system name, you cannot join the vCenter Server Appliance to an Active Directory domain."
I have deployed VCSA and set the IP address as the system name so that I can't join AD domain. Now after I redeploy VCSA using FQDN, everything works.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was haven't the same problem. Below is what worked for me.
1. FQDN of the domain. [blah.example.com]
2. OU [balnk]
3. [username@blah.example.com]
3. [Password]