vCenetr Virtual Appliance 5.5 : AD: The OU format ...

gaurav_singh1 · ‎07-07-2014

Hi I am trying to join virtual center appliance 5.5 to AD 2012 R2 but its giving me error while joininh the domain : The OU format is invalid

command:

/usr/sbin/vpxd_servicecfg ad write ucpadmin <password> podd.local

log output

2014-07-07 22:21:02 24055: START locking... /usr/sbin/vpxd_servicecfg ad write

2014-07-07 22:21:02 24058: [24055]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'write' 'ucpadmin' CENSORED 'podd.local' 'Users'

2014-07-07 22:21:02 24058: Testing domain (podd.local)

2014-07-07 22:21:02 24058: Enabling active directory: 'podd.local' 'ucpadmin'

2014-07-07 22:21:04 24058: ERROR: Enabling active directory failed: Joining to AD Domain: podd.local

With Computer DNS Name: testVC.podd.local

Error: Lsass Error [code 0x0000000b]

The OU format is invalid.

2014-07-07 22:21:04 24058: VC_CFG_RESULT=302

2014-07-07 22:21:04 24058: END execution

Any idea ? any one seen this error before ?

rcporto · ‎07-07-2014

What is you vCSA version ? Seems like this is a know issue for some release, and in post from link bellow the workaround was putting the NetBIOS name uppercase:

Unable to add VCSA 5.5 to Windows 2012 AD

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto

gaurav_singh1 · ‎07-07-2014

it did not work with upper case hostname .

VCSA version : 5.5.0.10200

rcporto · ‎07-07-2014

Can you post the content of file vpxd_cfg.log (located in /var/log/vmware/vpx) ? Are you using the credentials using UPN (user@domain.local) format ?

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto

gaurav_singh1 · ‎07-07-2014

thankyou for reply.

i am only using , username to login (not using user@domain.local format ) . can try using it and let you know

I have also attached vpx logs

cat: /var/log/vmware/vpx: Is a directory

TESTVC:~ # cat /var/log/vmware/vpx/vpxd_cfg.log

2014-06-11 12:08:13 10001: START locking... /usr/sbin/vpxd_servicecfg jvm-max-heap write

2014-06-11 12:08:13 10004: [10001]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'jvm-max-heap' 'write' '512' '3072' '1024'

2014-06-11 12:08:13 10004: Testing JVM max heap size (3072)

2014-06-11 12:08:13 10004: Testing JVM max heap size (1024)

2014-06-11 12:08:13 10004: Testing JVM max heap size (512)

2014-06-11 12:08:13 10004: Writing JVM configuration. (Max heap size Tomcat = 512 , QS = 3072 , SPS = 1024)

2014-06-11 12:08:13 10004: VC_CFG_RESULT=0

2014-06-11 12:08:13 10004: END execution

2014-07-08 00:14:53 7026: START locking... /usr/sbin/vpxd_servicecfg db read-type

2014-07-08 00:14:53 7029: [7026]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'db' 'read-type'

2014-07-08 00:14:53 7029: VC_DB_TYPE=

2014-07-08 00:14:53 7029: VC_CFG_RESULT=0

2014-07-08 00:14:53 7029: END execution

2014-07-08 00:14:56 7056: START locking... /usr/sbin/vpxd_servicecfg eula accept

2014-07-08 00:14:56 7059: [7056]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'eula' 'accept'

2014-07-08 00:14:56 7059: Writing EULA. Accepted.

2014-07-08 00:15:05 7059: VC_CFG_RESULT=0

2014-07-08 00:15:05 7059: END execution

2014-07-08 00:15:11 7865: START locking... /usr/sbin/vpxd_servicecfg ports defaults

2014-07-08 00:15:11 7868: [7865]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ports' 'defaults'

2014-07-08 00:15:11 7871 : [VcvaConfig] BEGIN Default values :

2014-07-08 00:15:11 7871 : [VcvaConfig] port.http=80

2014-07-08 00:15:11 7871 : [VcvaConfig] port.queryservice.xdb=10109

2014-07-08 00:15:11 7871 : [VcvaConfig] port.ngc.ajp=9009

2014-07-08 00:15:11 7871 : [VcvaConfig] port.queryservice.http=10080

2014-07-08 00:15:11 7871 : [VcvaConfig] port.syslog.ssl=1514

2014-07-08 00:15:11 7871 : [VcvaConfig] port.autodeploy.management=6502

2014-07-08 00:15:11 7871 : [VcvaConfig] port.autodeploy=6501

2014-07-08 00:15:11 7871 : [VcvaConfig] port.queryservice.https=10443

2014-07-08 00:15:11 7871 : [VcvaConfig] port.syslog=514

2014-07-08 00:15:11 7871 : [VcvaConfig] port.ngc.http=9090

2014-07-08 00:15:11 7871 : [VcvaConfig] port.ngc.https=9443

2014-07-08 00:15:11 7871 : [VcvaConfig] port.webhttps=8443

2014-07-08 00:15:11 7871 : [VcvaConfig] port.https=443

2014-07-08 00:15:11 7871 : [VcvaConfig] port.ldap=389

2014-07-08 00:15:11 7871 : [VcvaConfig] port.netdump=6500

2014-07-08 00:15:11 7871 : [VcvaConfig] port.heartbeat=902

2014-07-08 00:15:11 7871 : [VcvaConfig] port.webhttp=8080

2014-07-08 00:15:11 7871 : [VcvaConfig] END Default values

2014-07-08 00:15:11 7868: END execution

2014-07-08 00:15:13 7885: START locking... /usr/sbin/vpxd_servicecfg db test

2014-07-08 00:15:13 7888: [7885]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'db' 'test' 'embedded' '' '' '' '' CENSORED

2014-07-08 00:15:13 7888: Testing DB. Type (embedded) Server () Port () Instance () User ()

Enable autostart of vpostgres instance...

insserv: Service network is missed in the runlevels 4 to use service postgresql

insserv: Service syslog is missed in the runlevels 4 to use service postgresql

Initializing PostgreSQL

Aging information changed.

Changing password for postgres.

Use md5 access to PostgreSQL for user root

The files belonging to this database system will be owned by user "postgres".

This user must also own the server process.

The database cluster will be initialized with locale C.

The default database encoding has accordingly been set to SQL_ASCII.

The default text search configuration will be set to "english".

fixing permissions on existing directory /storage/db/vpostgres ... ok

creating subdirectories ... ok

selecting default max_connections ... 100

selecting default shared_buffers ... 32MB

creating configuration files ... ok

creating template1 database in /storage/db/vpostgres/base/1 ... ok

initializing pg_authid ... ok

setting password ... ok

initializing dependencies ... ok

creating system views ... ok

loading system objects' descriptions ... ok

creating conversions ... ok

creating dictionaries ... ok

setting privileges on built-in objects ... ok

creating information schema ... ok

loading PL/pgSQL server-side language ... ok

vacuuming database template1 ... ok

copying template1 to template0 ... ok

copying template1 to postgres ... ok

Success. You can now start the database server using:

/opt/vmware/vpostgres/9.0/bin/postgres -D /storage/db/vpostgres

or

/opt/vmware/vpostgres/9.0/bin/pg_ctl -D /storage/db/vpostgres -l logfile start

Configuring PostgreSQL

Starting PostgreSQL

Starting VMware vPostgres: waiting for server to start.... done

server started

ok

Waiting for the embedded database to start up: [OK]

Creating VC user in PostgreSQL

CREATE ROLE

Creating VCDB in PostgreSQL

CREATE DATABASE "VCDB";

COMMENT ON DATABASE "VCDB" IS 'UTF8';

ALTER DATABASE

Creating VC schema

CREATE SCHEMA

Configuring VCDB

ALTER DATABASE

Configuring VC user database permissions

GRANT

ALTER DEFAULT PRIVILEGES

2014-07-08 00:15:20 7888: Testing DB link. Type (PostgreSQL) Server (127.0.0.1) Port (5432) Instance (VCDB) User (vc)

2014-07-08 00:15:21 7888: VC_DB_SCHEMA_VERSION=

2014-07-08 00:15:21 7888: VC_CFG_RESULT=0

2014-07-08 00:15:21 7888: END execution

2014-07-08 00:15:23 8224: START locking... /usr/sbin/vpxd_servicecfg ports defaults

2014-07-08 00:15:23 8227: [8224]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ports' 'defaults'

2014-07-08 00:15:23 8230 : [VcvaConfig] BEGIN Default values :

2014-07-08 00:15:23 8230 : [VcvaConfig] port.http=80

2014-07-08 00:15:23 8230 : [VcvaConfig] port.queryservice.xdb=10109

2014-07-08 00:15:23 8230 : [VcvaConfig] port.ngc.ajp=9009

2014-07-08 00:15:23 8230 : [VcvaConfig] port.queryservice.http=10080

2014-07-08 00:15:23 8230 : [VcvaConfig] port.syslog.ssl=1514

2014-07-08 00:15:23 8230 : [VcvaConfig] port.autodeploy.management=6502

2014-07-08 00:15:23 8230 : [VcvaConfig] port.autodeploy=6501

2014-07-08 00:15:23 8230 : [VcvaConfig] port.queryservice.https=10443

2014-07-08 00:15:23 8230 : [VcvaConfig] port.syslog=514

2014-07-08 00:15:23 8230 : [VcvaConfig] port.ngc.http=9090

2014-07-08 00:15:23 8230 : [VcvaConfig] port.ngc.https=9443

2014-07-08 00:15:23 8230 : [VcvaConfig] port.webhttps=8443

2014-07-08 00:15:23 8230 : [VcvaConfig] port.https=443

2014-07-08 00:15:23 8230 : [VcvaConfig] port.ldap=389

2014-07-08 00:15:23 8230 : [VcvaConfig] port.netdump=6500

2014-07-08 00:15:23 8230 : [VcvaConfig] port.heartbeat=902

2014-07-08 00:15:23 8230 : [VcvaConfig] port.webhttp=8080

2014-07-08 00:15:23 8230 : [VcvaConfig] END Default values

2014-07-08 00:15:23 8227: END execution

2014-07-08 00:15:36 8259: START locking... /usr/sbin/vpxd_servicecfg sso test

2014-07-08 00:15:36 8262: [8259]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'sso' 'test' 'embedded' CENSORED CENSORED 'typed-pass'

2014-07-08 00:15:36 8262: VC_CFG_RESULT=0

2014-07-08 00:15:36 8262: END execution

2014-07-08 00:15:37 8276: START locking... /usr/sbin/vpxd_servicecfg ports defaults

2014-07-08 00:15:37 8279: [8276]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ports' 'defaults'

2014-07-08 00:15:37 8282 : [VcvaConfig] BEGIN Default values :

2014-07-08 00:15:37 8282 : [VcvaConfig] port.http=80

2014-07-08 00:15:37 8282 : [VcvaConfig] port.queryservice.xdb=10109

2014-07-08 00:15:37 8282 : [VcvaConfig] port.ngc.ajp=9009

2014-07-08 00:15:37 8282 : [VcvaConfig] port.queryservice.http=10080

2014-07-08 00:15:37 8282 : [VcvaConfig] port.syslog.ssl=1514

2014-07-08 00:15:37 8282 : [VcvaConfig] port.autodeploy.management=6502

2014-07-08 00:15:37 8282 : [VcvaConfig] port.autodeploy=6501

2014-07-08 00:15:37 8282 : [VcvaConfig] port.queryservice.https=10443

2014-07-08 00:15:37 8282 : [VcvaConfig] port.syslog=514

2014-07-08 00:15:37 8282 : [VcvaConfig] port.ngc.http=9090

2014-07-08 00:15:37 8282 : [VcvaConfig] port.ngc.https=9443

2014-07-08 00:15:37 8282 : [VcvaConfig] port.webhttps=8443

2014-07-08 00:15:37 8282 : [VcvaConfig] port.https=443

2014-07-08 00:15:37 8282 : [VcvaConfig] port.ldap=389

2014-07-08 00:15:37 8282 : [VcvaConfig] port.netdump=6500

2014-07-08 00:15:37 8282 : [VcvaConfig] port.heartbeat=902

2014-07-08 00:15:37 8282 : [VcvaConfig] port.webhttp=8080

2014-07-08 00:15:37 8282 : [VcvaConfig] END Default values

2014-07-08 00:15:37 8279: END execution

2014-07-08 00:15:56 8313: START locking... /usr/sbin/vpxd_servicecfg ad test

2014-07-08 00:15:56 8316: [8313]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'test' 'ucpadmin' CENSORED 'podd.local'

2014-07-08 00:15:56 8316: Testing domain (podd.local)

2014-07-08 00:15:56 8316: VC_CFG_RESULT=0

2014-07-08 00:15:56 8316: END execution

2014-07-08 00:15:57 8376: START locking... /usr/sbin/vpxd_servicecfg ports defaults

2014-07-08 00:15:57 8379: [8376]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ports' 'defaults'

2014-07-08 00:15:57 8382 : [VcvaConfig] BEGIN Default values :

2014-07-08 00:15:57 8382 : [VcvaConfig] port.http=80

2014-07-08 00:15:57 8382 : [VcvaConfig] port.queryservice.xdb=10109

2014-07-08 00:15:57 8382 : [VcvaConfig] port.ngc.ajp=9009

2014-07-08 00:15:57 8382 : [VcvaConfig] port.queryservice.http=10080

2014-07-08 00:15:57 8382 : [VcvaConfig] port.syslog.ssl=1514

2014-07-08 00:15:57 8382 : [VcvaConfig] port.autodeploy.management=6502

2014-07-08 00:15:57 8382 : [VcvaConfig] port.autodeploy=6501

2014-07-08 00:15:57 8382 : [VcvaConfig] port.queryservice.https=10443

2014-07-08 00:15:57 8382 : [VcvaConfig] port.syslog=514

2014-07-08 00:15:57 8382 : [VcvaConfig] port.ngc.http=9090

2014-07-08 00:15:57 8382 : [VcvaConfig] port.ngc.https=9443

2014-07-08 00:15:57 8382 : [VcvaConfig] port.webhttps=8443

2014-07-08 00:15:57 8382 : [VcvaConfig] port.https=443

2014-07-08 00:15:57 8382 : [VcvaConfig] port.ldap=389

2014-07-08 00:15:57 8382 : [VcvaConfig] port.netdump=6500

2014-07-08 00:15:57 8382 : [VcvaConfig] port.heartbeat=902

2014-07-08 00:15:57 8382 : [VcvaConfig] port.webhttp=8080

2014-07-08 00:15:57 8382 : [VcvaConfig] END Default values

2014-07-08 00:15:57 8379: END execution

2014-07-08 00:16:00 8399: START locking... /usr/sbin/vpxd_servicecfg ad write

2014-07-08 00:16:00 8402: [8399]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'write' 'ucpadmin' CENSORED 'podd.local'

2014-07-08 00:16:00 8402: Testing domain (podd.local)

2014-07-08 00:16:00 8402: Enabling active directory: 'podd.local' 'ucpadmin'

2014-07-08 00:16:01 8402: ERROR: Enabling active directory failed: Joining to AD Domain: podd.local

With Computer DNS Name: TESTVC.podd.local

Error: Lsass Error [code 0x0000000b]

The OU format is invalid.

2014-07-08 00:16:01 8402: VC_CFG_RESULT=302

2014-07-08 00:16:01 8402: END execution

2014-07-08 00:16:01 8702: START locking... /usr/sbin/vpxd_servicecfg echo-args ad

2014-07-08 00:16:01 8775: START locking... /usr/sbin/vpxd_servicecfg db write

2014-07-08 00:16:01 8778: [8775]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'db' 'write' 'embedded' '' '' '' '' CENSORED

2014-07-08 00:16:01 8778: Testing DB. Type (embedded) Server () Port () Instance () User ()

Enable autostart of vpostgres instance...

insserv: Service network is missed in the runlevels 4 to use service postgresql

insserv: Service syslog is missed in the runlevels 4 to use service postgresql

Waiting for the embedded database to start up: [OK]

2014-07-08 00:16:01 8778: Testing DB link. Type (PostgreSQL) Server (127.0.0.1) Port (5432) Instance (VCDB) User (vc)

2014-07-08 00:16:02 8778: Updated DB PASSWORD in VPXD configuration

2014-07-08 00:16:02 8778: Updated DB USER in VPXD configuration

2014-07-08 00:16:02 8778: No schema found on DB, initializing schema

2014-07-08 00:16:02 8778: Initializing LDAP

2014-07-08 00:16:12 8778: Restarting LDAP server

2014-07-08 00:16:16 8778: Initializing DB schema

2014-07-08 00:16:27 8778: VC_DB_SCHEMA_VERSION=VirtualCenter Database 5.5

2014-07-08 00:16:27 8778: VC_DB_SCHEMA_INITIALIZED=1

2014-07-08 00:16:27 8778: VC_CFG_RESULT=0

2014-07-08 00:16:27 8778: END execution

2014-07-08 00:16:27 9380: START locking... /usr/sbin/vpxd_servicecfg sso write

2014-07-08 00:16:27 9383: [9380]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'sso' 'write' 'embedded' CENSORED CENSORED 'typed-pass'

2014-07-08 00:17:53 10601 : [VcvaConfig] BEGIN Reading values of : port.https

2014-07-08 00:17:53 10601 : [VcvaConfig] port.https=443

2014-07-08 00:17:53 10601 : [VcvaConfig] END Reading values

2014-07-08 00:18:38 11586 : [VcvaConfig] BEGIN Reading values of : port.ngc.https

2014-07-08 00:18:38 11586 : [VcvaConfig] port.ngc.https=9443

2014-07-08 00:18:38 11586 : [VcvaConfig] END Reading values

2014-07-08 00:19:07 12144 : [VcvaConfig] BEGIN Reading values of : port.ngc.https

2014-07-08 00:19:07 12144 : [VcvaConfig] port.ngc.https=9443

2014-07-08 00:19:07 12144 : [VcvaConfig] END Reading values

2014-07-08 00:19:21 9383: VC_CFG_RESULT=0

2014-07-08 00:19:21 9383: END execution

2014-07-08 00:19:21 12345: START locking... /usr/sbin/vpxd_servicecfg service start

2014-07-08 00:19:21 12348: [12345]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'service' 'start'

2014-07-08 00:19:22 12412 : [VcvaConfig] BEGIN Reading values of : port.http

2014-07-08 00:19:22 12412 : [VcvaConfig] port.http=80

2014-07-08 00:19:22 12412 : [VcvaConfig] END Reading values

2014-07-08 00:19:22 12413 : [VcvaConfig] BEGIN Reading values of : port.https

2014-07-08 00:19:22 12413 : [VcvaConfig] port.https=443

2014-07-08 00:19:22 12413 : [VcvaConfig] END Reading values

2014-07-08 00:19:22 12416 : [VcvaConfig] BEGIN Reading values of : port.queryservice.https

2014-07-08 00:19:22 12416 : [VcvaConfig] port.queryservice.https=10443

2014-07-08 00:19:22 12416 : [VcvaConfig] END Reading values

2014-07-08 00:20:19 13333 : [VcvaConfig] BEGIN Reading values of : port.webhttps

2014-07-08 00:20:19 13333 : [VcvaConfig] port.webhttps=8443

2014-07-08 00:20:19 13333 : [VcvaConfig] END Reading values

2014-07-08 00:20:19 13334 : [VcvaConfig] BEGIN Reading values of : port.https

2014-07-08 00:20:19 13334 : [VcvaConfig] port.https=443

2014-07-08 00:20:19 13334 : [VcvaConfig] END Reading values

2014-07-08 00:20:22 13392 : [VcvaConfig] BEGIN Reading values of : port.https

2014-07-08 00:20:22 13392 : [VcvaConfig] port.https=443

2014-07-08 00:20:22 13392 : [VcvaConfig] END Reading values

2014-07-08 00:20:34 13552 : [VcvaConfig] BEGIN Reading values of : port.http

2014-07-08 00:20:34 13552 : [VcvaConfig] port.http=80

2014-07-08 00:20:34 13552 : [VcvaConfig] END Reading values

2014-07-08 00:20:34 13553 : [VcvaConfig] BEGIN Reading values of : port.https

2014-07-08 00:20:34 13553 : [VcvaConfig] port.https=443

2014-07-08 00:20:34 13553 : [VcvaConfig] END Reading values

2014-07-08 00:20:34 13554 : [VcvaConfig] BEGIN Reading values of : port.queryservice.https

2014-07-08 00:20:34 13554 : [VcvaConfig] port.queryservice.https=10443

2014-07-08 00:20:34 13554 : [VcvaConfig] END Reading values

2014-07-08 00:20:34 13565 : [VcvaConfig] BEGIN Reading values of : port.http

2014-07-08 00:20:34 13565 : [VcvaConfig] port.http=80

2014-07-08 00:20:34 13565 : [VcvaConfig] END Reading values

2014-07-08 00:20:39 12348: VC_CFG_RESULT=0

2014-07-08 00:20:39 12348: END execution

2014-07-08 00:24:39 14767: START locking... /usr/sbin/vpxd_servicecfg db read-type

2014-07-08 00:24:39 14765: START locking... /usr/sbin/vpxd_servicecfg ad read

2014-07-08 00:24:39 14780: START locking... /usr/sbin/vpxd_servicecfg timesync read

2014-07-08 00:24:39 14777: START locking... /usr/sbin/vpxd_servicecfg sso read

2014-07-08 00:24:39 14787: [14767]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'db' 'read-type'

2014-07-08 00:24:39 14787: VC_DB_TYPE=embedded

2014-07-08 00:24:39 14787: VC_CFG_RESULT=0

2014-07-08 00:24:39 14787: END execution

2014-07-08 00:24:40 14876: [14765]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'read'

2014-07-08 00:24:41 14876: Reading active directory status: 0 Domain:

2014-07-08 00:24:41 14876: VC_AD_STATUS=0

2014-07-08 00:24:41 14876: VC_AD_DOMAIN=

2014-07-08 00:24:41 14876: VC_CFG_RESULT=0

2014-07-08 00:24:41 14876: END execution

2014-07-08 00:24:41 15193: [14777]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'sso' 'read'

2014-07-08 00:24:44 15193: SSO_TYPE=embedded

2014-07-08 00:24:44 15193: SSO_LS_LOCATION=https://TESTVC.podd.local:7444/lookupservice/sdk

2014-07-08 00:24:44 15193: VC_CFG_RESULT=0

2014-07-08 00:24:44 15193: END execution

2014-07-08 00:24:44 15237: [14780]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'timesync' 'read'

2014-07-08 00:24:45 15237: Reading active directory status: 0 Domain:

2014-07-08 00:24:45 15237: VC_TIMESYNC_TOOLS=0

2014-07-08 00:24:45 15237: VC_TIMESYNC_NTP=0

2014-07-08 00:24:45 15237: VC_TIMESYNC_NTP_OPTIONS=

2014-07-08 00:24:45 15237: VC_TIMESYNC_NTP_SERVERS=

2014-07-08 00:24:45 15237: VC_AD_STATUS=0

2014-07-08 00:24:45 15237: VC_AD_DOMAIN=

2014-07-08 00:24:45 15237: VC_CFG_RESULT=0

2014-07-08 00:24:45 15237: END execution

gaurav_singh1 · ‎07-07-2014

i tried UPN (user@domain.local) format but still same error

wmbsolutions · ‎07-08-2014

I got exactly the same problem!

I got new domain with Win2012R2 forest and domain level configured yesterday and fresh vCAS deployed today with FQDN name configured.

During the domain join I got the following error:

2014-07-08 13:35:35 8265: START locking... /usr/sbin/vpxd_servicecfg ad write

2014-07-08 13:35:35 8268: [8265]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'write' 'administrator' CENSORED 'XXX.lan'

2014-07-08 13:35:35 8268: Testing domain (XXX.lan)

2014-07-08 13:35:35 8268: Enabling active directory: 'XXX.lan' 'administrator'

2014-07-08 13:35:37 8268: ERROR: Enabling active directory failed: Joining to AD Domain: XXX.lan

With Computer DNS Name: ABC.XXX.lan

Error: Lsass Error [code 0x0000000b]

The OU format is invalid.

2014-07-08 13:35:37 8268: VC_CFG_RESULT=302

2014-07-08 13:35:37 8268: END execution

I tried multiple administrator name & format combinations, lower and upper domain names. Nothing works.

The strange thing is that computer account in domain is created during the procedure, but it still does not work and error message is thrown.

It was supposed to be easier than VC on Windows BOX...

Any ideas?

[UPDATE]

During the Internet search I found one place claiming that it was not possible to use vCAS 5.5 with Win2012R2, however this issue was fixed in 5.5a release.

Best Regards,

Wojtek

gaurav_singh1 · ‎07-09-2014

i am using 5.5 1b . which is the latest version and "a" but still having the problem . i am not sure if this problem has been fixed in 5.5 a

wmbsolutions · ‎07-09-2014

Ok... I didn't read it carefully enough: http://creativeview.co.uk/vcsa-active-directory-woes/

It seems that Win2012 domain level problem was fixed in 5.5.0a, but we are both using Win2012R2 domain level.

So most probably this will not work until next vCSA release 😕

malhi_o · ‎07-11-2014

Please check forward and reverse DNS record. Please confirm vCSA has the corrector FQDN from https://vCenter_IP:5480 .

wmbsolutions · ‎07-12-2014

Unfortunately, forward and reverse DNS entries are in place (that was one of the first checks).

Also someone suggested to lower forest & domain level to Win2012 - I did it also earlier. No change.

shrklet · ‎07-14-2014

I resolved this Issue. I had exactly the same Issue.

I resolved this via open the Communication (Firewall) from the Domain Controllers to the vCenter Appliance. (Apppliance and DCs was in different VLANS)

Cause when doing an Domain Join it looks like the DCs are open an Connection (Initalizing) to the vCenter Appliance. Open the Communication from teh Appliance to the Domain Controllers are not enough !

After that the following Error are gone and vcsa has joined domain:

Error: ERROR_GEN_FAILURE [code 0x0000001f]

2014-07-14 12:33:10 10720: VC_CFG_RESULT=302

2014-07-14 12:33:10 10720: END execution

2014-07-14 12:34:29 11276: START locking... /usr/sbin/vpxd_servicecfg ad write

2014-07-14 12:34:29 11280: [11276]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'write' 'Administrator' CENSORED '***'

2014-07-14 12:34:29 11280: Testing domain (***

2014-07-14 12:34:29 11280: Enabling active directory: '***L' 'Administrator'

2014-07-14 12:35:01 11280: ERROR: Enabling active directory failed: Joining to AD Domain: ***

With Computer DNS Name: ***

Regards Stefan

wmbsolutions · ‎07-14-2014

Unfortunately my DC and VC are in the same subnet and there is no firewall between them.

gaurav_singh1 · ‎07-14-2014

i have a flat network and every thing is on same vlans and subnet . i dont think networking is an issue in my setup as well

malhi_o · ‎07-14-2014

Please log in to https://vCenter_IP:5480 and test the connection between vCSA and AD. See this film for Kendrick Coleman about vSphere vCenter Virtual Appliance Deployment.

https://www.youtube.com/watch?v=b3k63QDnzHM

wmbsolutions · ‎07-15-2014

That's what I did more or less in the same way.

Some of the settings are different, because he was implementing 5.1 while I did deploy 5.5.

There is really nothing special in integration between vCSA and AD except the fact that it does not work with Win2012.

gjackson2434 · ‎07-15-2014

I have the same issue. Vcenter 5..5b and 2012R2 and I get the same error. I am using the Vcenter appliance vs the install on windows.

Mark_B2 · ‎11-12-2014

I'm also running 2012 R2 with vCenter appliance 5.5.0.20200 Build 2183109. I have the same issue with trying to join the domain. Has anyone been able to resolve this.

I have confirmed the following:

Using FQDN for vCenter
DNS forward and reverse lookups confirmed working via NSLookup
Tried username@domain.name and domain\user.name formats
Tried switching off firewall on DC
Confirmed DC is receiving the request for authentication with no errors in DC event viewer
Renewed the SSO certificates

If running the join domain from the Setup Wizard I receive the following error: Failed to execute '/usr/sbin/vpxd_servicecfg 'ad' 'write' 'domain\user.name' CENSORED 'domain.local'':

If running from AD Authentication Settings I receive the following error: Error: Enabling Active Directory failed.

If you would like me to retrieve some logs please advise which logs and location as I'm not an expert in VMware.

antonmajor · ‎11-12-2014

This issue is fixed in VMware vCenter Server 5.5.0a

Mark_B2 · ‎11-12-2014

Thanks for your response.

Just to confirm I'm currently running the following:

Version: vCenter Server Appliance 5.5.0 Update 2b

Release Date: 09/10/2014

Build #: 2183111

Installer Build Number: 2183109

VMware KB: Correlating VMware products build numbers to update levels

I still have the issue.

All

vCenetr Virtual Appliance 5.5 : AD: The OU format is invalid