Hello there!

I am currently rebuilding our internal horizon environment which is currently running on a vcenter server für windows.

The new vCenter Server Appliance 6.7u3 is already setup. Now I need to join the vCSA to our active directory domain. But when I try I get the following error:

user [Service Account] cannot access domain [AD Domain]

So I looked through the security logs on the domain controller. And there they only show successful logins of the service account i'm using. So I gave the service account domain admin rights to see if rights where a problem. Still the same error. Next I tried to join using the shell with the command:

/opt/likewise/bin/domainjoin-cli join [AD Domain] [Service Account] ['Password']

Now I'm getting a different message:

Error: ERROR_ACCESS_DENIED [code 0x00000005]

So I went and googled this error and found following VMware KB Article:

https://kb.vmware.com/s/article/77295

What it says is that domain controllers using SMBv3 have got a variable set which rejects unencrypted access. You can fix that with the provided powershell command. The problem is that we're stil using Windows Server 2008 R2 for two of our three domain controllers. Only the third one with windows server 2012 r2 works with this command because SMBv3 isn't natively supported on Windows Server 2008.

The vCSA and the domain controllers are in the same subnet and the windows firewall is off.

If you need any additional informations feel free to ask.

Is there anyone who can help me?