Hi everyone,
I have a VCSA 6.7 installed and want to join to domain Active Directory.
- When I try to join domain via UI, I got this error: Idm client exception: error trying to join ad, error code [40188]
- When I try to join domain via CLI, I got this error: Error: ERROR_MEMBER_NOT_IN_GROUP [code 0x00000529]
I found a lot of posts about failing to join vCenter to domain but none of them has the error code [40188] so I don't know how to resolve this problem.
Please help me with this. Thanks!
If your vCSA hostname is photon-machine as it is indicated in your bash session, this indicates you did not deploy the vCSA correctly and is lonely the cause of the failures here. You will need to redeploy to fix this and use proper DNS and a FQDN during installation.
Hello,
if you please confirm that you followed the below steps:
Note:- You have to reboot the Appliance to apply the changes
If yes, please specify in which step the error appear.
Please consider marking this answer "CORRECT" or "Helpful" if you think your question have been answered correctly.
Cheers,
VCIX6-NV|VCP-NV|VCP-DC|
Hi,
I followed extractly the same as your steps and the error appeared in the last step after adding username/password and clicking Join
So as when I use CLI, here is the command:
root@photon-machine [ ~ ]# /opt/likewise/bin/domainjoin-cli join hict.local administrator@hict.local
Joining to AD Domain: hict.local
With Computer DNS Name: photon-machine.hict.local
administrator@HICT.LOCAL's password:
Error: ERROR_MEMBER_NOT_IN_GROUP [code 0x00000529]
How did you type the username?
User name in User Principal Name (UPN) format, for example, jchin@mydomain.com.
Important:
Down-level login name format, for example, DOMAIN\UserName, is unsupported.
Yes sure as mentioned by MikeStoica ,
Confirm the username format please (administrator@hict.local).
And confirm that the OU is correct mapping to same location of administrator account on active directory and as following: OU=users,DC=hict,DC=local
As MikeStoica,
My user name format is administrator@hict.local
Last time I see that OU is optional so I leave it blank. But now when I set OU to: ' DC=hict,DC=local ', the error still appears.
yes it is optional bu noting that like that DC=hict,DC=local is wrong because there no OU before.
But can you check the network connectivity between vCenter appliance and DC and ensure that all ports needed are accessible.
If your vCSA hostname is photon-machine as it is indicated in your bash session, this indicates you did not deploy the vCSA correctly and is lonely the cause of the failures here. You will need to redeploy to fix this and use proper DNS and a FQDN during installation.
Thanks. I found the prerequisites in this link:
Join or Leave an Active Directory Domain
"Verify that the system name of the appliance is an FQDN. If, during the deployment of the appliance, you set an IP address as a system name, you cannot join the vCenter Server Appliance to an Active Directory domain."
I have deployed VCSA and set the IP address as the system name so that I can't join AD domain. Now after I redeploy VCSA using FQDN, everything works.
I was haven't the same problem. Below is what worked for me.
1. FQDN of the domain. [blah.example.com]
2. OU [balnk]
3. [username@blah.example.com]
3. [Password]