Cannot Create/Add Directory with Type Active Directory (Integrated Windows Authentication) if Domain Name Does Not Match sAMAccountName
search cancel

Cannot Create/Add Directory with Type Active Directory (Integrated Windows Authentication) if Domain Name Does Not Match sAMAccountName

book

Article ID: 369052

calendar_today

Updated On: 12-02-2024

Products

VMware vCenter Server

Issue/Introduction

When attempting to Join Active Directory Domain you may see the following error:

"java.lang.reflect.InvocationTargetException"

The Active Directory Domain Configuration reflects "localhost.localdomain" And Error: "The node didn't join any Active Directory".

Despite multiple attempts to leave and rejoin the domain using commands like those found in /opt/likewise/bin/, the issue persists

 

Environment

vCenter Server 7.x

vCenter Server 8.x

 

Cause

The vCenter Server Appliance (vCSA) was deployed without using DNS. This can be confirmed by checking the hostname in log files:

egrep -Hi "" $(find . -name "*.log") | less

Example output:

We see 'localhost.localdomain' in the commands.

Resolution

To resolve this issue, update the vCenter Object's "sAMAccountName" via JXplorer or CLI to match the correct AD FQDN.

JXplorer

Example:

1. Connect to the vCenter using Jxplorer (Details available here)

2. Browse to local > vSphere > Domain Controllers > <vCenter_Object>

3. Modify the samAccountName attribute to match the vCenter PNID.

Note: 

To verify the current PNID, run the following command:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

CLI:

Modify the command as required:

ldapmodify -x -D "cn=administrator,cn=users,dc=vsphere,dc=local" -W <<EOF
dn: cn=vcenter.example.com,ou=Domain Controllers,dc=vsphere,dc=local
changetype: modify
replace: samAccountName
samAccountName: vcenter.example.com
EOF