Attempting to add a domain to NSX Manager manage domains section fails with the error: "The AD domain operation failed for the entity with the following error message domain conflict with one existing domain"
Article ID: 330206
Updated On:
Products
VMware NSX
Issue/Introduction
- Attempting to add a domain to NSX Manager manage domains section fails.
- You see the error:
The AD domain operation failed for the entity with the following error message domain conflict with one existing domain.- In the vsm.log file, you see entries similar to:
2017-03-28 18:09:39.572 GMT-00:00 WARN http-nio-127.0.0.1-7441-exec-41315 RemoteInvocationTraceInterceptor:87 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.blueprint.directory.facade.DirectoryFacade.updateDomaincom.vmware.vshield.blueprint.exception.DirectoryException: actionable-information:9104:Domain conflict with 1 existing domain(s), first conflict domain id: 25, domain name: CA.HQ.MEDISNA.COM, domain netbios name: nullat com.vmware.vshield.blueprint.service.impl.DomainServiceImpl.saveOrUpdate_aroundBody34(DomainServiceImpl.java:337)at com.vmware.vshield.blueprint.service.impl.DomainServiceImpl$AjcClosure35.run(DomainServiceImpl.java:1)at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96cproceed(AbstractTransactionAspect.aj:59)at org.springframework.transaction.aspectj.AbstractTransactionAspect$AbstractTransactionAspect$1.proceedWithInvocation(AbstractTransactionAspect.aj:65)at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(AbstractTransactionAspect.aj:63)at com.vmware.vshield.blueprint.service.impl.DomainServiceImpl.saveOrUpdate(DomainServiceImpl.java:320)at com.vmware.vshield.blueprint.directory.facade.DirectoryFacadeImpl.updateDomain_aroundBody14(DirectoryFacadeImpl.java:227)at com.vmware.vshield.blueprint.directory.facade.DirectoryFacadeImpl$AjcClosure15.run(DirectoryFacadeImpl.java:1)at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secureFeatureCheck(VsmSecuredAspect.java:154) - Reboot of the NSX Manager does not change the situation.
Environment
VMware NSX Data Center for vSphere 6.x
Resolution
- Use the following API query to find the Directory domains:
GET https://<nsx manager IP>/api/1.0/directory/listDomains
It will return data in XML format that looks like the following. Notice this is what was returned to me even though the GUI was blank<DirectoryDomains><DirectoryDomain><id>1</id><name>testcorp.com</name><type>ACTIVE_DIRECTORY</type><netbiosName>EXAMPLE</netbiosName><username>administrator</username><ignoreDisabledUsers>false</ignoreDisabledUsers></DirectoryDomain><DirectoryDomain><id>2</id><name>UK.TESTCORP.COM</name><type>ACTIVE_DIRECTORY</type><ignoreDisabledUsers>false</ignoreDisabledUsers></DirectoryDomain><DirectoryDomain><id>3</id><name>US.EXAMPLE.COM</name><type>ACTIVE_DIRECTORY</type><lastSynStatus>SUCCESS</lastSynStatus><lastSyncTime class="sql-timestamp">2016-07-15 11:22:34.157</lastSyncTime><netbiosName>US</netbiosName><username>administrator</username><baseDn>DC=us,DC=example,DC=com</baseDn><ignoreDisabledUsers>false</ignoreDisabledUsers></DirectoryDomain></DirectoryDomains>
-
Replace the “DOMAIN ID” with the value in the “ID” field returned above.
DELETE https://<nsx manager IP>/api/1.0/directory/deleteDomain/<DOMAIN ID> - Once you run the command above you should get a
STATUS 200as the result, meaning it was successful. To verify that your delete was successful, simply run the “listDomains” GET statement above and you should see the domain you deleted is now gone.
Feedback
Yes
No
Powered by
