Trying to join a VCSA 6.5 build 8815520 to an AD 2016 domain getting error code [31]
What log file would provide more details on the error?
Thanks
If anyone else runs in to this problem the solution was to allow TCP 445 from the VCenter appliance to the Domain Controller.
As of this writing vmware KB does not list 445 as one of the ports for vCenter Server and Platform Services Controller, however it's required to join the domain
Required Ports for vCenter Server and Platform Services Controller
Active Directory 2016 is only supported with vCSA 6.7 Update 1 at this time.
Using domainjoin-cli shows the error ERROR_GEN_FAILURE [code 0x0000001f]
do i have to enable smb1 to join?
Looks like SMB1 issue was resolved back in 6.0u3
No, SMB1 isn't needed, but again, what you're attempting is unsupported even to begin with, so it may not work at all in that version.
Just checked the our VC at the HQ site. It's build 9451637 and it's joined to the 2016 domain.
The error code 31 seems to come from Windows. At least I can find exactly this error message "ERROR_GEN_FAILURE [code 0x0000001f]" on the Windows system error list:
System Error Codes (0-499) | Microsoft Docs
But the description of this error does not help much:
A device attached to the system is not functioning.
However, I would suggest that you investigate the error on the Active Directory system further. Maybe you can find more information in the Windows Event Log.
Seeing a response from the DC KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED
Similar issue mentioned here, but on the older vcsa
Another post with the similar issue
KDC reports inconsistent supported encryption types after AS-REQ
According to the 6.x diagram TCP 445 to the DC isn't required from the vcsa, but I am seeing TCP requests from VCSA 6.5 to the DC.
Captured with TCPDUMP on the vcsa.
If anyone else runs in to this problem the solution was to allow TCP 445 from the VCenter appliance to the Domain Controller.
As of this writing vmware KB does not list 445 as one of the ports for vCenter Server and Platform Services Controller, however it's required to join the domain
Required Ports for vCenter Server and Platform Services Controller
Have you mentioned the OU ( where server will be populated) .Also verify DNS,NTP,reverse DNS,Time sync. My AD level is 2008R2 and we successfully configured it ,
I am also facing the same issue with vCenter 7.0.3. I followed the below reference.
https://www.gerjon.com/error-31-trying-to-join-vcenter-to-ad/
Hope, it will help you.
For me neither port thing nor the link have helped. It was a very simple issue.
The domain I specified had couple of characters in upper case, changing them to lower case has immediately accepted without any errors.