Enabling Active Directory on the VMware vCenter Server Appliance 5.x fails with the error: Enabling active directory failed
search cancel

Enabling Active Directory on the VMware vCenter Server Appliance 5.x fails with the error: Enabling active directory failed

book

Article ID: 307104

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
  • Attempting to enable Active Directory on the vCenter Server Appliance (VCSA) fails.
  • You are unable to enable Active Directory on the VCSA through the VMware vCenter Server Appliance Management Interface (VAMI).
  • Enabling Active Directory on the VCSA through the VAMI at https://vCenter_FQDN:5480 fails.
  • You are unable to add a VCSA to an Active Directory domain on the command line using SSH.
  • You see the error:

    ERROR: Enabling active directory failed

    Or

    VC_CFG_RESULT=302
  • The vpxd_cfg.log file (located in /var/log/vmware/vpx) contains entries similar to:

    YYYY-MM-DD 13:38:09 4913: ERROR: Enabling active directory failed: Error: Invalid username [code 0x0000000b] The username 'DOMAIN\[email protected]' is invalid because it contains a backslash. Please use UPN syntax ([email protected]) if you wish to use a username from a different domain.

    ...

    Testing domain (domain.com)
    Enabling active directory: domain.com ssc-gj
    ERROR: Enabling active directory failed: Joining to AD Domain: domain.com With Computer DNS Name: VCSA Error: Required configuration stage not enabled [code 0x0000a606] The configuration of module 'set computer hostname' is required. Please either allow this configuration stage to be performed automatically (by passing '--enable hostname'), or manually perform these configuration steps and rerun the domain join: The following step(s) are required: Change the fqdn from 'VCSA' to 'VCSA. domain.com '. The current fqdn is invalid because it does not contain a dot in the name. Changing the fqdn could be done via DNS, but this program will change it with the following steps...


Environment

VMware vCenter Server Appliance 5.1.x

Cause

This issue can occur when the hostname in the VCSA is set to the host short-name and not the entire Fully Qualified Domain Name (FQDN).

Resolution

To resolve this issue, ensure both of these conditions are met:
  • User credentials use the User Principal Name (UPN) format, for example, [email protected].
  • The VCSA hostname uses the FQDN format.
If the VCSA is configured using only the short name or IP address, use the VAMI to modify the hostname.

To modify the VCSA hostname:
  1. Log into the VAMI as the root user.

    Note: The default URL is https://vCenter_Server_Appliance_IP:5480

  2. Click the Network tab and the Address sub-tab.
  3. In the Hostname field, enter the FQDN, for example, VCSA.domain.com.
  4. Under Actions, click Save Settings.
  5. Restart the VCSA.
  6. When the VCSA restarts, join it to the Active Directory domain using the VAMI.


Additional Information


VMware vCenter Server Appliance 5.x 上で Active Directory を有効にしようとすると失敗し、次のエラーが表示される:Active Directory の有効化に失敗しました
在 VMware vCenter Server Appliance 5.x 上启用 Active Directory 失败并出现错误:启用 Active Directory 已失败

Impact/Risks:



Powered by Wolken Software