Problem joining VCSA 6 to AD Domain

medievalgeek · ‎06-30-2015

Hi,

I have been unsuccessful in joining our vCenter appliance to our AD domain. I've made sure that the user I'm attempting this with has the proper rights. The first time that I attempt to join the appliance to the domain, I get a session error and am required to log into the web client again. Upon logging in, the appliance still shows that it is not joined. If I try again, I don't get any message, and the domain appears in the domain box on the Manage tab for the node. If I reboot the appliance, it is as if it was never joined. Looking at the SSO log, I see the following:

[2015-06-30T20:05:15.994Z pool-12-thread-3 opId=f0dcbd51-f9d7-47c1-9267-0f9374cea2dd INFO com.vmware.identity.admin.vlsi.SystemManagementServiceImpl] Vmodl method 'SystemManagementService.joinActiveDirectory' return value is 'null'

Does anyone here have any idea what the issue might be?

RyanH84 · ‎07-01-2015

Hi,

I haven't seen that specific error message before, but I'll chime in with the generic AD/vCSA troubleshooting that has helped me out in the past:

1) Have you got all the correct DNS entries in place (forward/reverse)?

2) Is the vCSA hostname the FQDN? (EG.- vCSA.domain.local) ?

3) Can your vCSA ping the DC on your network? (IP and DNS)

4) Have you tried SSH'ing into the vCSA and taking a look at all of the logs? (not just SSO) ?

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk

medievalgeek · ‎07-01-2015

Hi Ryan,

Thanks for the response.

1. Yes, correct DNS entries are in place for the appliance and for DCs (I read somewhere else that not having PTR records for the DCs could cause an issue, but they are present).

2. The hostname is shown as the FQDN in the web client and in vami_config_net option 3.

3. Yes, the VCSA can ping the DCs by IP and hostname.

4. Can you point me to some other logs that might be relevant? I'm not really sure what else I should be looking at.

Thanks,

Kalen

bggb29 · ‎07-05-2015

I could not join our domain use domain\username. I had to use username@domain.com

Try that to see if works. There a a few workarounds once you get connected to fix this. We cannot login using the vsphere client using the check box to use windows credentials we have to type them in also. I have not found a fix for that one yet. No matter what c-sharp or web client the $domain.com works in all clients.

medievalgeek · ‎07-08-2015

That didn't help, unfortunately. I have tried:

1. Just username (since the domain is specified in a separate textbox)

2. domain\username

3. username@domain

Same results with all three.

vijayrana968 · ‎07-08-2015

make sure you have logged in as admin@vsphere.local, not with root.

I faced same issue whereas I was trying to do this with root. Was fixed with admin@vsphere.local

medievalgeek · ‎07-09-2015

Thanks for the tip, but I already make sure to only log in as administrator@vsphere.local.

All

Problem joining VCSA 6 to AD Domain