I am using vSphere 6.0 to deploy Windows Server 2016 Server Core. I am applying an OS customization specification to a template, and it is supposed to be joining a domain. I am configuring the NIC with DHCP, however am specifying a single IPv4 DNS server, which is the AD DC for the domain I wish to join. This setting is being applied correctly. The setup is a very simple lab setup, with all the VMs on the same virtual network, using the same IP scope.
The specification I am using was working fine last week, and has mysteriously stopped working. VMs I deploy from template using this customization do not join the specified domain. I also tried creating a brand new spec, to no avail. I have read all of the top Google search results on the topic and tried their suggestions, without success. For example, I am using the email@example.com syntax for the joining username, and I am using the domain.local syntax for the domain name. If I examine the OS customization spec in PowerCLI, the Domain, DomainUsername, and DomainPassword properties are all populated correctly. I have tried applying the spec both from the vSphere client and from PowerCLI, and the results are the same in each case.
All other aspects of the customization - including the IPv4 DNS - are being configured correctly. Machine name, IP configuration, SID changing, time zone, etc are all being applied correctly.
What's more, based on reading the Sysprep and VMware customization logs, it doesn't even try to join the domain. There are no errors pertaining to the domain in either the Sysprep or VMware logs. In fact, the only time the word "domain" appears in the VMware customization log is when it clears out the IPv6 DNS entries, at which point the output from netsh notes, correctly, that there are no IPv6 "Domain Name Server" entries configured on this NIC I even tried deleting the NIC from the template and recreating it, to no effect. It's as if the "join domain" flag is somehow set to "off" or "workgroup". Again, there are no errors - the OS customization is being applied as if I specified workgroup, not domain. The sysprep logs similarly do not have any errors about joining the domain - they merely note that the machine is not part of a domain, never attempting to join one.
This was literally working a week ago and I changed nothing. I can add-computer from the Powershell console and the VM will join the domain without issue. I can resolve the DNS names of machines in the domain. Everything is behaving as expected except the join domain operation.
Does anyone have any suggestions? Are there some Windows settings or configs I should clear out on the template? Should I try making a new template? Are there other diagnostic logs or settings I can examine that would shed light on the situation? Did I miss something in one of the log files?
I have attached both the VMware customization log and the Sysprep log, as well as screenshots of the OS Customization Spec configuration wizard showing the relevant settings.