Hi Anyone face this problem before? This is when I want to join domain my vshpere
Idm client exception: Error trying to join AD, error code 2453
thanks,
Felix
What version of vCenter are you running? What is your Active Directory domain level?
Iam Using V6.7 and my Domain Windows Server 2012
Are you doing like here Join the vCenter Server Appliance to an Active Directory Domain ?
I'm assuming you managed to solve this, but if anyone else comes here looking for a solution and tried everything else (since this was the first result on Google when searching for the error message); make sure your vCenter server is using the Active Directory DNS servers (or other DNS servers with which you can look up the Active Directory hostnames). I was trying all kinds of solutions for about an hour before realizing the vCenter server was using Google's DNS servers. If you can't remember where to configure the DNS servers, it's at https://your-vcenter-server:5480/.
HI I still facing the same error message
Yes try the same way to join domain
Two areas to consider when joining the vsphere vCenter to the AD domain and experiencing error code 2453
verify that the vCenter is able to resolve both IPv4 and IPv6 if IPv6 is left as enabled. If IPv6 is not used, but configured on DNS this may result in failure to resolve while authenticating to the AD domain. Second, enter the FQDN for the domain, but do not enter the FQDN after the user ID used to authenticate to the domain (i.e. Administrator not Administrator@domain.com).
In my case I also had to ensure that WAN Nic's are using Domain DNS
DC win 2k19 - level 2k12
Are you trying to vCenter 6.7 appliance to domain? If yes, Please use below commands to join. Also, make sure using id administrator for join. Before this also check in DNS have both [host and PTR] record.
Command> shell
# /opt/likewise/bin/domainjoin-cli join domainname username password
#Reboot
Post reboot verify it.
# /opt/likewise/bin/domainjoin-cli query
Hi Nawal,
thank you for your advice but I still cannot join domain. It give me this error messages
Error: NERR_DCNotFound [code 0x00000995]
Hope you can help
thanks,
Felix
Are you join vCenter to read only domain control or writable domain control? Also, have you check port 389 open in firewall? It possible please share screenshot of error.
I am having the same issue with my 6.7 with embedded.. I have changed the appliance name to include the domain, it is pointing to the domain dns and I do not use IPv6. I have checked the DNS and I do have the A and the PTR in there. The DC is a writeable as I have added many different servers to that domain. I have the hostname with the domain in it also. When I use the username@domain.com with the password I get this error
Idm client exception: Error trying to join AD, error code [2453], user [*********@mydomain], domain [mydomain.com], orgUnit []
Then when I do it with just username I get this error
Idm client exception: Error trying to join AD, error code [2453], user [*********], domain [mydomain.com], orgUnit []
I have enabled the active directory firewall rule on all the hosts in the cluster. On the AD I have symantec endpoint protection but have put in an allow all rule so nothing is being blocked. I have not joined the individual hosts to the domain, do I have to?
Go to DNS>Properties>Name Servers and Add the IP Address for the FQDN of the DNS server. It probably never resolved. This was my issue with joining AD.
It is a DNS issue.
1. Enable SSH on VCSA.
2. Command> shell
3. # /opt/likewise/bin/domainjoin-cli leave
4. Reboot
5. # /opt/vmware/share/vami/vami_config_net
6. Set the right DNS (Option 4)
7. # /opt/likewise/bin/domainjoin-cli join domainname username password
8. Reboot
Well, I had this error and several other error messages when trying to enroll my vCenter to an AD and I finally solved it doing as described in this PlanetVM post
I hope it helps anyone having trouble to join ther VC to an AD
Regards...
Raúl
None of this worked for me.
The problem was found on a Wireshark trace on the DC. vCenter was performing dig requests for _kerberose.my.domain, _tcp.my.domain, _ldap.my.domain, etc., however those dig requests were failing. These are _msdc specific domain names that are built into AD under the forwarding zone.
All of these were missing in our DC, and was causing the problem. The reason why they were missing in the first place is unknown but after a reverse of an older snapshot of our DC, the entries were restored, and vCenter connected.
Make sure the time is correct on all the machines. That worked for me.
Holly cow!! I have been trying to join to my lab domain for weeks, read everything related to the error messages I could find on BING (sorry, allergic to Google)
When I just entered the domain admin user name as administrator instead of administrator@vmlab.lan, it worked.
Answer: Node VCSA.VMLAB.LAN has joined the active directory successfully. Reboot the node to apply changes
Thank you so very much for this post.
This worked for me. Thanks!