VMware Cloud Community
FritzEDV
Contributor
Contributor
‎12-16-2019 06:13 AM

Error trying to join AD, error code [40188] | LW_ERROR_UNKNOWN [code 0x00009cfc]

Greetings everyone,

We recently set up an complete VM-Ware environment at one of our customers. Initially everything was working fine after set up. Today our customer called in, reporting login issues via Horizon Client.

Issue is due to the vCenter SSO -> Invalid Credentials supplied.

To solve the issue, we tried to (re)join the vCenter to the domain which fails:

Idm client exception: Error trying to join AD, error code [40188]

We also tried to join via CLI. This results in same Error: LW_ERROR_UNKNOWN [code 0x00009cfc]

The active directory tab in SSO configuration screen is showing the correct domain from the initial setup:

Unbenannt.PNG

But with footnote: "The node has not joined any Active Directory yet"

domainjoin-cli query will also show, that the vCenter is not part of a Domain:

root@gaetckevcapp01 [ ~ ]# /opt/likewise/bin/domainjoin-cli query

Name = gaetckevcapp01

Domain =

Any ideas on how to fix this issue?

Reply
0 Kudos
3 Replies
rshenoy
Enthusiast
Enthusiast
‎12-17-2019 03:21 AM

Hello,

Once you try joining ,Can you verify messages.log to understand the error message.

Please make sure your dns entry is intact within the appliance and name resolution of domain name is possible.

Regards,

Ritesh

Reply
0 Kudos
FritzEDV
Contributor
Contributor
‎12-18-2019 12:03 AM

Thanks for your reply,

I checked messages log:

lsassd[1424]: 0x7ff69dffb700:ldap_sasl_interactive_bind_s failed with error code -1
lsassd[1424]: 0x7ff69dffb700:Unable to map ldap error 40286
lsassd[1424]: 0x7ff69dffb700:Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 40188, symbol = LW_ERROR_UNKNOWN, client pid = 1466

But that's nothing I'm familiar with

Reply
0 Kudos
FritzEDV
Contributor
Contributor
‎12-18-2019 01:16 AM

I got it fixed. I assume that some old DNS entries were messing up the authentication with the DC.

I ended up removing all IP addresses from DNS database which are not related to the current local network. (remnants from transition old to new sever ...)

After that, the domain joining worked fine.

Reply
0 Kudos