Hi Anyone face this problem before? This is when I want to join domain my vshpere
Idm client exception: Error trying to join AD, error code 2453
I'm assuming you managed to solve this, but if anyone else comes here looking for a solution and tried everything else (since this was the first result on Google when searching for the error message); make sure your vCenter server is using the Active Directory DNS servers (or other DNS servers with which you can look up the Active Directory hostnames). I was trying all kinds of solutions for about an hour before realizing the vCenter server was using Google's DNS servers. If you can't remember where to configure the DNS servers, it's at https://your-vcenter-server:5480/.
Two areas to consider when joining the vsphere vCenter to the AD domain and experiencing error code 2453
verify that the vCenter is able to resolve both IPv4 and IPv6 if IPv6 is left as enabled. If IPv6 is not used, but configured on DNS this may result in failure to resolve while authenticating to the AD domain. Second, enter the FQDN for the domain, but do not enter the FQDN after the user ID used to authenticate to the domain (i.e. Administrator not Administrator@domain.com).
Are you trying to vCenter 6.7 appliance to domain? If yes, Please use below commands to join. Also, make sure using id administrator for join. Before this also check in DNS have both [host and PTR] record.
# /opt/likewise/bin/domainjoin-cli join domainname username password
Post reboot verify it.
# /opt/likewise/bin/domainjoin-cli query
Are you join vCenter to read only domain control or writable domain control? Also, have you check port 389 open in firewall? It possible please share screenshot of error.
I am having the same issue with my 6.7 with embedded.. I have changed the appliance name to include the domain, it is pointing to the domain dns and I do not use IPv6. I have checked the DNS and I do have the A and the PTR in there. The DC is a writeable as I have added many different servers to that domain. I have the hostname with the domain in it also. When I use the firstname.lastname@example.org with the password I get this error
Idm client exception: Error trying to join AD, error code , user [*********@mydomain], domain [mydomain.com], orgUnit 
Then when I do it with just username I get this error
Idm client exception: Error trying to join AD, error code , user [*********], domain [mydomain.com], orgUnit 
I have enabled the active directory firewall rule on all the hosts in the cluster. On the AD I have symantec endpoint protection but have put in an allow all rule so nothing is being blocked. I have not joined the individual hosts to the domain, do I have to?
It is a DNS issue.
1. Enable SSH on VCSA.
2. Command> shell
3. # /opt/likewise/bin/domainjoin-cli leave
5. # /opt/vmware/share/vami/vami_config_net
6. Set the right DNS (Option 4)
7. # /opt/likewise/bin/domainjoin-cli join domainname username password
Well, I had this error and several other error messages when trying to enroll my vCenter to an AD and I finally solved it doing as described in this PlanetVM post
I hope it helps anyone having trouble to join ther VC to an AD
None of this worked for me.
The problem was found on a Wireshark trace on the DC. vCenter was performing dig requests for _kerberose.my.domain, _tcp.my.domain, _ldap.my.domain, etc., however those dig requests were failing. These are _msdc specific domain names that are built into AD under the forwarding zone.
All of these were missing in our DC, and was causing the problem. The reason why they were missing in the first place is unknown but after a reverse of an older snapshot of our DC, the entries were restored, and vCenter connected.
Holly cow!! I have been trying to join to my lab domain for weeks, read everything related to the error messages I could find on BING (sorry, allergic to Google)
When I just entered the domain admin user name as administrator instead of email@example.com, it worked.
Answer: Node VCSA.VMLAB.LAN has joined the active directory successfully. Reboot the node to apply changes
Thank you so very much for this post.