VMware Cloud Community
timothy1982
Enthusiast
Enthusiast
‎09-06-2010 02:14 AM

vCenter Linked Mode - not able to link

Environment:

Windows Server 2008 Domain

2 x Windows Server 2008 32bit, vCenter Server 4.0.0 Build 258672

When trying to join the 2nd vCenter Server in Linked Mode to the 1st vCenter Server the errors below are seen.

JoinTool started

Storage directory for LDAP instance: C:\Program Files\VMware\Infrastructure\VirtualCenter Server\VMwareVCMSDS

Operation Mode: join

All IP addresses for :127.0.0.1 :

IP: /127.0.0.1

All IP addresses for :::1 :

IP: /0:0:0:0:0:0:0:1

All IP addresses for :DESTINATIONSERVER01.co.uk :

IP: DESTINATIONSERVER01.co.uk/192.168.1.10

Service 'VMware VirtualCenter Management Webservices' is shutdown

Service 'VMware VirtualCenter Server' is shutdown

Verifying local VC linked mode capability

Retrieving local license key from: ldap://127.0.0.1:389/ ldap://[::1]:389/ for VC instance: 6A1905D5-8333-45DD-AD35-A18403214C30

LICENCEKEY

DormantLicenseFilesPath:C:\Program Files\VMware\Infrastructure\VirtualCenter Server\licenses\site

LicenseDLL:C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vmlicense.dll

Verifying remote VC linked mode capability

Retrieving license key from: ldap://DESTINATIONSERVER.co.uk:389/ for remote VC instance: ED5757A9-B003-4D19-B512-B32167AD6644

Key:LICENCEKEY

DormantLicenseFilesPath:C:\Program Files\VMware\Infrastructure\VirtualCenter Server\licenses\site

LicenseDLL:C:\Program Files\VMware\Infrastructure\VirtualCenter Server\vmlicense.dll

All IP addresses for :127.0.0.1 :

IP: /127.0.0.1

All IP addresses for :::1 :

IP: /0:0:0:0:0:0:0:1

All IP addresses for :127.0.0.1 :

IP: /127.0.0.1

All IP addresses for :::1 :

IP: /0:0:0:0:0:0:0:1

All IP addresses for :DESTINATIONSERVER.co.uk :

IP: DESTINATIONSERVER.co.uk/192.168.1.10

All IP addresses for :127.0.0.1 :

IP: /127.0.0.1

All IP addresses for :::1 :

IP: /0:0:0:0:0:0:0:1

All IP addresses for :127.0.0.1 :

IP: /127.0.0.1

All IP addresses for :::1 :

IP: /0:0:0:0:0:0:0:1

Removing directory services instance VMwareVCMSDS

Removal complete

All IP addresses for :DESTINATIONSERVER.co.uk :

IP: DESTINATIONSERVER.co.uk/192.168.1.10

All IP addresses for :DESTINATIONSERVER.co.uk :

IP: DESTINATIONSERVER.co.uk/192.168.1.10

Deleted remote entry under CN=Servers,CN=Default-First-Site-Name,CN=Sites for SOURCESERVER$VMwareVCMSDS

Creating directory services instance VMwareVCMSDS

LDAP port = 389

Base DN = dc=virtualcenter,dc=vmware,dc=int

Storage dir = C:\Program Files\VMware\Infrastructure\VirtualCenter Server\VMwareVCMSDS

Operation "Join instance VMwareVCMSDS" failed: : Action: Join Instance

Action: Join Instance

Action: Create replica instance

Action: Create Instance

Problem: Creation of instance VMwareVCMSDS failed: Active Directory Lightweight Directory Services could not create the NTDS Settings object for this Active Directory Lightweight Directory Services instance CN=NTDS Settings,CN=SOURCESERVER$VMwareVCMSDS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={97720DD8-4179-4D73-AB0E-10764552AB2A} on the remote AD LDS instance DESTINATIONSERVER01.co.uk:389. Ensure the provided network credentials have sufficient permissions.

Error code: 0x800706be

The remote procedure call failed.

Recovering from failed Operation "Join instance VMwareVCMSDS"

Creating directory services instance VMwareVCMSDS

LDAP port = 389

Base DN = dc=virtualcenter,dc=vmware,dc=int

Storage dir = C:\Program Files\ADAM\VMwareVCMSDS

Creation complete

Resetting VC LDAP service SSL port

Service 'VMwareVCMSDS' is running

Tags (1)
0 Kudos
4 Replies
FranckRookie
Leadership
Leadership
‎09-06-2010 05:37 AM

Hi Timothy,

Welcome to the forums.

It looks to be a credential issue. You can have a look at the Linked Mode Prerequisites to have information about the credentials you need during the installation process.

Hope it helps.

Regards

Franck

timothy1982
Enthusiast
Enthusiast
‎09-27-2010 03:16 AM

Hello Franck,

I have looked at the prerequistes and tested and they all seem to be ok.

+ DSN is fully working

+ Both servers are on the same domain

+ The user that I am using is a domain admin and also local admin on both servers

+ Both servers are using the DC for time and are showing the correct time

Both servers are Windows Server 2008, could there be a problem with different rights required, as 2008 is meant to be more secure?

Many Thanks

Tim

0 Kudos
GreatWhiteTec
VMware Employee
VMware Employee
‎09-27-2010 04:37 AM

I had a similar problem setting this up and ended up being both Windows firewall and latency between the two vCenters. So this is something you may want to check out.

______________________

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful.

timothy1982
Enthusiast
Enthusiast
‎12-16-2010 10:53 PM

Just to tie this discussion up. In the end it turned out to be a number of factors causing the issues seen, which I have listed below.

+ vLAN's access / firewall rule

+ DNS due to multiple NICs on different vLAN's

In short the rules were in place to allow the traffic but only from certain IP's to the destinations, and when I looked into it in more detail we could see that it was trying to go out of different NIC's than intended. Also the RPC rule in the firewall was not recognising the traffic as RPC. So I have also limited the RPC range that the server can use via the Microsoft article (http://support.microsoft.com/kb/154596) to narrow the port selection.

0 Kudos