Hi Anyone face this problem before? This is when I want to join domain my vshpere
Idm client exception: Error trying to join AD, error code 2453
I'm assuming you managed to solve this, but if anyone else comes here looking for a solution and tried everything else (since this was the first result on Google when searching for the error message); make sure your vCenter server is using the Active Directory DNS servers (or other DNS servers with which you can look up the Active Directory hostnames). I was trying all kinds of solutions for about an hour before realizing the vCenter server was using Google's DNS servers. If you can't remember where to configure the DNS servers, it's at https://your-vcenter-server:5480/.
Two areas to consider when joining the vsphere vCenter to the AD domain and experiencing error code 2453
verify that the vCenter is able to resolve both IPv4 and IPv6 if IPv6 is left as enabled. If IPv6 is not used, but configured on DNS this may result in failure to resolve while authenticating to the AD domain. Second, enter the FQDN for the domain, but do not enter the FQDN after the user ID used to authenticate to the domain (i.e. Administrator not Administrator@domain.com).
Are you trying to vCenter 6.7 appliance to domain? If yes, Please use below commands to join. Also, make sure using id administrator for join. Before this also check in DNS have both [host and PTR] record.
# /opt/likewise/bin/domainjoin-cli join domainname username password
Post reboot verify it.
# /opt/likewise/bin/domainjoin-cli query
Are you join vCenter to read only domain control or writable domain control? Also, have you check port 389 open in firewall? It possible please share screenshot of error.
I am having the same issue with my 6.7 with embedded.. I have changed the appliance name to include the domain, it is pointing to the domain dns and I do not use IPv6. I have checked the DNS and I do have the A and the PTR in there. The DC is a writeable as I have added many different servers to that domain. I have the hostname with the domain in it also. When I use the email@example.com with the password I get this error
Idm client exception: Error trying to join AD, error code , user [*********@mydomain], domain [mydomain.com], orgUnit 
Then when I do it with just username I get this error
Idm client exception: Error trying to join AD, error code , user [*********], domain [mydomain.com], orgUnit 
I have enabled the active directory firewall rule on all the hosts in the cluster. On the AD I have symantec endpoint protection but have put in an allow all rule so nothing is being blocked. I have not joined the individual hosts to the domain, do I have to?
It is a DNS issue.
1. Enable SSH on VCSA.
2. Command> shell
3. # /opt/likewise/bin/domainjoin-cli leave
5. # /opt/vmware/share/vami/vami_config_net
6. Set the right DNS (Option 4)
7. # /opt/likewise/bin/domainjoin-cli join domainname username password