"Could not connect to VMware Directory Service via LDAP" - "install.vmafd.vmdir _vdcpromo_error_ 23"
search cancel

"Could not connect to VMware Directory Service via LDAP" - "install.vmafd.vmdir _vdcpromo_error_ 23"

book

Article ID: 315414

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

Deploying, upgrading, or migrating to the vCenter Server Appliance may fail when the vmafd is unable to start with the below symptoms,

  • The error 9127 indicates an intermittent network failure or high network latency situation. 
  • In vmafdvmdirclient.log file you may see entries similar to,
YYYY-MM-DDTHH:MM:SS.620Z:t@139999458604800:ERROR: VmDirReadDCAccountPassword failed with error code: 40700
YYYY-MM-DDTHH:MM:SS.655Z:t@139999458604800:INFO: Lotus server name: (name)
YYYY-MM-DDTHH:MM:SS.750Z:t@139999458604800:INFO: VmDirLocalInitializeHost (vsphere.local)(default-site)() passed
YYYY-MM-DDTHH:MM:SS.753Z:t@139999458604800:ERROR: VmDirAnonymousLDAPBindEx to (ldap://localhost:389) failed. (-1)(Can't contact LDAP server)
YYYY-MM-DDTHH:MM:SS.753Z:t@139999458604800:WARNING: LDAP connect (ldap://localhost:389) failed (9127), 10 seconds passed
  • In vmafdvmdirclient.log file you may see entries similar to,
YYYY-MM-DDTHH:MM:SS.055Z:t@139681815566080:ERROR: VmDirReadDCAccountPassword failed with error code: 40700 act LDAP server)
YYYY-MM-DDTHH:MM:SS.445Z:t@139681815566080:WARNING: LDAP connect (ldap://localhost:389) failed (9127), 40 seconds passed

 

  • In vmafd-firstboot.py_xxxx_stderr.log file you may see entries similar to, 
YYYY-MM-DDTHH:MM:SS.784Z  password:
YYYY-MM-DDTHH:MM:SS.785Z  Initializing Directory server instance ...

YYYY-MM-DDTHH:MM:SS.785Z  <class 'cis.baseCISException.BaseInstallException'>
YYYY-MM-DDTHH:MM:SS.787Z  Exception: Traceback (most recent call last):
  File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 177, in main
    controller.firstboot()
  File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 53, in firstboot
    self.init()
  File "/usr/lib/vmware-vmafd/firstboot/vmafd-firstboot.py", line 59, in init
    service.init()
  File "/usr/lib/vmware-vmafd/firstboot/identityinstall/vmdirInstall.py", line 404, in init
    self.setup_domain()
  File "/usr/lib/vmware-vmafd/firstboot/identityinstall/vmdirInstall.py", line 259, in setup_domain
    problemId = problem)
cis.baseCISException.BaseInstallException: {
    "detail": [
        {
            "id": "install.vmafd.vmdir_vdcpromo_error_23",
            "localized": "Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host.",
            "translatable": "Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host."
        }
    ],
    "problemId": "install.vmafd.vmdir_vdcpromo_error_23",
    "resolution": {
        "id": "install.vmafd.vmdir_vdcpromo_error_23.resolution",
        "localized": "Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request.",
        "translatable": "Please search of these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request."
    },
    "componentKey": "vmafd"
}
 
  • You will see below similar log entries in cloudvm.log file location at /var/log/firstboot/cloudvm.log
YYYY-MM-DDTHH:MM:SS.096Z Running command:['/opt/vmware/share/vami/vami_set_hostname']
YYYY-MM-DDTHH:MM:SS.422Z Done running command
YYYY-MM-DDTHH:MM:SS.422Z Stdout: DNS reverse lookup on ####:10:24:##::## has failed. Unable to obtain hostname from DNS reverse lookup. Please exam DNS/network configuration. Skip setting hostname.​​​​​​​



Environment

VMware vCenter Server Appliance 6.0.x
VMware vSphere 7.0.x
VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.5.x

Cause

Vdcpromo failed. Error[9127] Could not connect to VMware Directory Service via LDAP. Verify VMware Directory Service is running on the appropriate system and is reachable from this host.

Resolution

To resolve the issue check the below information,
  • Ensure that the source from where the vCenter appliance is deployed is on the same network, subnet, and VLAN as the source vCenter, and not connecting via VPN.
  • The ISO mounted for installation should be on the local machine and not presented from a network drive.
  • Ensure there is no time drift between the source and destination appliances or VMs. OR Incorrect DC information with in the appliance.

Process to update domain controller:

To update domain controller follow the steps below:
  1. Take a putty session and run the command /opt/vmware/share/vami/vami_config_net and update correct details and make sure that the DNS entries are with right details.
    • Example:
# Begin /etc/hosts (network card version)

# End /etc/hosts (network card version)
# VAMI_EDIT_BEGIN
# Generated by Studio VAMI service. Do not modify manually.
::1 testvcsa.lab.vmware.com testvcsa localhost ipv6-localhost ipv6-loopback
127.0.0.1 testvcsa.lab.vmware.com testvcsa localhost
# VAMI_EDIT_END
  1. You can also reconfirm from /etc/resolv.conf file 
  2. Check resolving all DNS Server as well as VCSA FQDN using nslookup command 
    • nslookup <VCSA_FQDN>
    • nslookup <DNS_FQDN>
  3. Retry VCSA installation. 


Additional Information