JKR16
Contributor
Contributor

Idm client exception: Error trying to join AD, error code 2453

Hi Anyone face this problem before? This is when I want to join domain my vshpere

Idm client exception: Error trying to join AD, error code 2453

thanks,

Felix

0 Kudos
14 Replies
MikeStoica
Expert
Expert

What version of vCenter are you running? What is your Active Directory domain level?

0 Kudos
JKR16
Contributor
Contributor

Iam Using V6.7 and my Domain Windows Server 2012

0 Kudos
MikeStoica
Expert
Expert

0 Kudos
vhasiu
Contributor
Contributor

I'm assuming you managed to solve this, but if anyone else comes here looking for a solution and tried everything else (since this was the first result on Google when searching for the error message); make sure your vCenter server is using the Active Directory DNS servers (or other DNS servers with which you can look up the Active Directory hostnames). I was trying all kinds of solutions for about an hour before realizing the vCenter server was using Google's DNS servers. If you can't remember where to configure the DNS servers, it's at https://your-vcenter-server:5480/.

0 Kudos
JKR16
Contributor
Contributor

HI I still facing the same error message

0 Kudos
JKR16
Contributor
Contributor

Yes try the same way to join domain

0 Kudos
SethB360
VMware Employee
VMware Employee

Two areas to consider when joining the vsphere vCenter to the AD domain and experiencing error code 2453

verify that the vCenter is able to resolve both IPv4 and IPv6 if IPv6 is left as enabled.  If IPv6 is not used, but configured on DNS this may result in failure to resolve while authenticating to the AD domain.  Second, enter the FQDN for the domain, but do not enter the FQDN after the user ID used to authenticate to the domain (i.e. Administrator not Administrator@domain.com).

0 Kudos
wice222
Contributor
Contributor

In my case I also had to ensure that WAN Nic's are using Domain DNS

DC win 2k19 - level 2k12

0 Kudos
Nawals
Expert
Expert

Are you trying to vCenter 6.7 appliance to domain? If yes, Please use below commands to join. Also, make sure using id administrator for join. Before this also check in DNS have both [host and PTR] record.

Command> shell

# /opt/likewise/bin/domainjoin-cli join domainname username password

#Reboot

Post reboot verify it.

# /opt/likewise/bin/domainjoin-cli query

NKS Please Mark Helpful/correct if my answer resolve your query.
0 Kudos
JKR16
Contributor
Contributor

Hi Nawal,

thank you for your advice but I still cannot join domain. It give me this error messages

Error: NERR_DCNotFound [code 0x00000995]

Hope you can help

thanks,
Felix

0 Kudos
Nawals
Expert
Expert

Are you join vCenter to read only domain control or writable domain control? Also, have you check port 389 open in firewall? It possible please share screenshot of error.

NKS Please Mark Helpful/correct if my answer resolve your query.
0 Kudos
klcoyne
Contributor
Contributor

I am having the same issue with my 6.7 with embedded..  I have changed the appliance name to include the domain, it is pointing to the domain dns and I do not use IPv6.  I have checked the DNS and I do have the A and the PTR in there.  The DC is a writeable as I have added many different servers to that domain.  I have the hostname with the domain in it also.  When I use the username@domain.com with the password I get this error

Idm client exception: Error trying to join AD, error code [2453], user [*********@mydomain], domain [mydomain.com], orgUnit []

Then when I do it with just username I get this error

Idm client exception: Error trying to join AD, error code [2453], user [*********], domain [mydomain.com], orgUnit []

I have enabled the active directory firewall rule on all the hosts in the cluster.  On the AD I have symantec endpoint protection but have put in an allow all rule so nothing is being blocked.  I have not joined the individual hosts to the domain, do I have to? 

0 Kudos
dgreenwald
VMware Employee
VMware Employee

Go to DNS>Properties>Name Servers and Add the IP Address for the FQDN of the DNS server. It probably never resolved. This was my issue with joining AD.

0 Kudos
ertanyildiz
Contributor
Contributor

It is a DNS issue.

1. Enable SSH on VCSA.

2. Command> shell

3. # /opt/likewise/bin/domainjoin-cli leave

4. Reboot

5.  # /opt/vmware/share/vami/vami_config_net

6. Set the right DNS (Option 4)

7. # /opt/likewise/bin/domainjoin-cli join domainname username password

8. Reboot

0 Kudos