Joining vCenter to an Active Directory Domain Fails with Error: "Idm client exception: Error trying to Join AD , error code [31]"
Article ID: 374759
Updated On:
Products
VMware vCenter Server
Issue/Introduction
- When trying to add a vCenter to an Active Directory Domain, it fails with an error
"Idm client exception: Error trying to Join AD , error code [31] "
Environment
- VMware vCenter Server 7.x
- VMware vCenter Server 8.x
Cause
- This issue is caused due to the time difference of more than 5 minutes between the host and the vCenter, which can lead to authentication failures and prevent the vCenter from joining the domain.
Resolution
- Verify Time Consistency
- Review the time settings on both the ESXi host and the vCenter Server, and confirm that they are synchronized.
- To check the current time on both the ESXi host and the vCenter Server, run the following command in an SSH session:
# date
- Manually Set the Time on the ESXi Host (if needed)
- Prerequisites:
- Ensure that NTP (Network Time Protocol) and PTP (Precision Time Protocol) are not currently enabled on the host.
- If either is enabled, disable them first using the following guide: Delete a Time Synchronization Service on Your ESXi Host
- Procedure:
- Prerequisites:
-
-
- In the vSphere Client, navigate to:
Home > Hosts and Clusters - Select the appropriate host.
- Go to the Configure tab, then select System > Time Configuration.
- Click Manual Set-Up.
- In the Manual Time Configuration dialog box, enter the correct date and time, then click OK.
- In the vSphere Client, navigate to:
-
- Retry Domain Join after ensuring the time on both the host and vCenter is aligned.
- (Optional) Re-enable NTP/PTP once the vCenter Server has successfully joined the domain.
Additional Information
To configure the date and time on the host, refer to the techdoc below.
Feedback
Yes
No
Powered by
