vCenter Server fails to query the AD domain join status
search cancel

vCenter Server fails to query the AD domain join status

book

Article ID: 383173

calendar_today

Updated On:

Products

VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

  • Failed to query the AD domain join status with the error:

    # /opt/likewise/bin/domainjoin-cli query
    Error: LW_ERROR_ACCESS_DENIED [code 0x00009cde]

    Incorrect access attempt

  • In the vCenter UI Administrator - Single Sign On - Configuration - Identity Provider - Active Directory Domain it shows:

    The node didn't join any Active Directory

Environment

VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x

Cause

The AD domain account used to join AD domain is disabled

Resolution

To verify the issue by using the below command:

/opt/likewise/bin/domainjoin-cli --loglevel verbose --logfile /var/log/domain.log join <domain> <ad-domain-user>

It has the below similar output:

Joining to AD Domain: <domain>
With Computer DNS Name: <dc-fqdn>
<ad-domain-user>'s password:
Error: LW_ERROR_ACCOUNT_DISABLED [code 0x00009c78]
The user account is disabled

Need to enable the domain user account in AD.

Powered by Wolken Software