Remove the machine account with the old DN value from
ou=Domain Controllers,dc=vsphere,dc=local, and also check to see if there are still entries for the old name under
cn=Servers,cn=[Site Name],cn=Sites,cn=Configuration,dc=vsphere,dc=local
Using jXplorer
Refer to
https://kb.vmware.com/s/article/2077170 (Steps 1-2 to configure the connection) to connect to the vCenter server with jXplorer. Expand the
Domain Controllers OU and verify if there is an entry for the old PNID of the vCenter. Alternatively, you can select each entry, then select the
Table Editor tab in the main window to see the entry's attributes. If there are two entries with the same
sAMAccountName value, this will cause the vmware-stsd service to fail to start.
To remove the old entry, select it, right-click, and choose
Delete.
There may also be entries under
Sites > [Site Name] > Servers referring to the old vCenter PNID, which can also be deleted (the
Replication Agreements and any
ldapuri:// child entries will need to be removed first).
Using the Command Line
You can get a list of the machine account entries with the following commands:
# SSO_DOMAIN_DN="dc=$(/usr/lib/vmware-vmafd/bin/vmafd-cli get-domain-name --server-name localhost | sed -e 's/\./,dc=/g')"; ldapsearch -LLL -h localhost -b "ou=Domain Controllers,$SSO_DOMAIN_DN" -D "cn=administrator,cn=users,$SSO_DOMAIN_DN" sAMAccountName -W
Enter LDAP Password:
dn: ou=Domain Controllers,dc=vsphere,dc=local
dn: cn=10.20.1.70,ou=Domain Controllers,dc=vsphere,dc=local
sAMAccountName: vcsa70.vmware.com
dn: cn=vcsa70.vmware.com,ou=Domain Controllers,dc=vsphere,dc=local
sAMAccountName: vcsa70.vmware.com
Here we see there are two accounts with the same
sAMAccountName. Assuming the current PNID is
vcsa70.vmware.com, we can remove the other entry with:
# ldapdelete -h localhost -D "cn=administrator,cn=users,$SSO_DOMAIN_DN" -W "cn=10.20.1.70,ou=Domain Controllers,dc=vsphere,dc=local"