VMware Cloud Community
pmichelli
Hot Shot
Hot Shot
‎11-22-2022 09:20 AM
Jump to solution

VCSA 7.0.2 cannot leave Active Directory

Help ?

I can't leave AD. I tried from the GUI and it gives errors, I tried from CLI and get this error now.  There is a computer object in AD for vCenter

root@vcenter [ ~ ]# /opt/likewise/bin/domainjoin-cli query
Name = vcenter
Domain = XXXXX.LOCAL
Distinguished Name = CN=VCENTER-ALLMSD,OU=Infrastructure,OU=Production Environment,OU=XXXXX ,DC=XXXX,DC=local
root@vcenter [ ~ ]#

root@vcenter [ ~ ]# /opt/likewise/bin/domainjoin-cli leave
Leaving AD Domain: XXXXLOCAL

Error: ERROR_MEMBER_NOT_IN_GROUP [code 0x00000529]

Reply
0 Kudos
1 Solution

Accepted Solutions
pmichelli
Hot Shot
Hot Shot
‎11-23-2022 07:35 AM
Jump to solution

VMware support managed to help me out.  Here is what we had to do.  I hope they put this into a KB article.

++Then we tried the following steps which resolved the issue:
1. Enter the likewise registry
/opt/likewise/bin/lwregshell
2.cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\DomainJoin
3.ls
4.delete_tree <domain-name>
5.delete_value <eg. default>
6.Restart the likewise service
/opt/likewise/bin/lwsm restart lwreg

++Then we verified using the command line below:
/opt/likewise/bin/domainjoin-cli query

++Rebooted the vcenter and it was not joined to domain anymore

I hope this helps someone one day.  What a pain this was.

View solution in original post

Reply
3 Replies
maksym007
Expert
Expert
‎11-22-2022 01:03 PM
Jump to solution

which credentials are you using to leave AD?

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot
‎11-22-2022 01:48 PM
Jump to solution

I tried both domain admin and the service account we used for vcenter

administrator@domain.local and also vcenter@domain.local

Nothing works

Even tried

/opt/likewise/bin/domainjoin-cli leave domain.local Administrator

asks for password and throws the error immediately

Even rebooted the appliance

Reply
0 Kudos
pmichelli
Hot Shot
Hot Shot
‎11-23-2022 07:35 AM
Jump to solution

VMware support managed to help me out.  Here is what we had to do.  I hope they put this into a KB article.

++Then we tried the following steps which resolved the issue:
1. Enter the likewise registry
/opt/likewise/bin/lwregshell
2.cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\DomainJoin
3.ls
4.delete_tree <domain-name>
5.delete_value <eg. default>
6.Restart the likewise service
/opt/likewise/bin/lwsm restart lwreg

++Then we verified using the command line below:
/opt/likewise/bin/domainjoin-cli query

++Rebooted the vcenter and it was not joined to domain anymore

I hope this helps someone one day.  What a pain this was.

Reply