Joining vCenter appliance to AD from cli fails with error "LW_ERROR_INVALID_MESSAGE error (code 0x00009c46)" and from UI it fails with error "Idm client exception: Error trying to join AD, error code [40006]"
search cancel

Joining vCenter appliance to AD from cli fails with error "LW_ERROR_INVALID_MESSAGE error (code 0x00009c46)" and from UI it fails with error "Idm client exception: Error trying to join AD, error code [40006]"

book

Article ID: 341121

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Logins to a vCenter Server Appliance or PSC using Active directory accounts fails with error "Authentication Failure".
  • The PSC or vCenter will still appear to be part of the AD on the SSO configuration.
  • While running the below command, you see the error LW_ERROR_INVALID_MESSAGE error (code 0x00009c46)
    /opt/likewise/bin/domainjoin-cli join domain.com Domain_Administrator Password
  • From UI we see error "Idm client exception: Error trying to join AD, error code [40006]"

In domainjoin.log we see similar entries 

WARNING:Short domain name not specified. Defaulting to 'DOMAIN'
ERROR:LW_ERROR_INVALID_MESSAGE [LW_ERROR_INVALID_MESSAGE]

The Inter Process message is invalid

Stack Trace:
../domainjoin/domainjoin-cli/src/main.c:962
../domainjoin/domainjoin-cli/src/main.c:511
../domainjoin/libdomainjoin/src/djmodule.c:344
../domainjoin/libdomainjoin/src/djauthinfo.c:721
../domainjoin/libdomainjoin/src/djauthinfo.c:1227



Environment

VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 6.5.x
VMware vCenter Server Appliance 8.0.x

Cause

The issue is caused due to the DB cache file of the lsassd service on the appliance is corrupted.

Resolution

To resolve the issue:

  1. Stop the lsassd service
  2. Delete the dbcache file corresponding to the AD domain
  3. Restart the services
To stop the lsassd service use the corresponding commands below:
 
For vCenter 6.0: /etc/init.d/lsassd stop
For vCenter 6.5: /opt/likewise/bin/lwsm stop lwio
 
To change the DB cache location:
 
For vCenter 6.0: cd /var/lib/likewise
For vCenter 6.5: cd /var/lib/likewise/db/
 
To rename the DB cache, use the below command:
mv lsass-adcache.filedb.domain_name lsass-adcache.filedb.domain_name.old
 
To start the likewise agent:
 
For vCenter 6.0: /etc/init.d/lsassd start
For vCenter 6.5/8.0: /opt/likewise/bin/lwsm start lwio
 
Re-login to web client and add vCenter to AD



Additional Information

It may be necessary to have the appliance leave the AD before the fix, and rejoin it after the fix, if it is displayed as still being joined to the AD but the /opt/likewise/bin/lw-get-status returns Unknown as the name and status for the Domain Controller.

Powered by Wolken Software