• You run the /usr/lib/vmware-vmafd/bin/dir-cli trustedcert list command on a linked-mode VCSA node, and it fails with error “ERROR_NO_LOGON_SERVERS (1311)”
• journalctl -xe logs report “server is at a higher functional level (4) than partner.”
• The lookupsvc and vmware-vdtc services fail to start or run unreliably
• Authentication to vCenter Server may fail

Seen in:
• vCenter Server Appliance (VCSA), multi-node linked-mode deployment

vCenter servers configured with different domain functional levels cannot authenticate with each other.

Thus,when one server operates at functional level 4 and its partner remains at level 1, the authentication framework rejects connections and prevents directory services from starting, as well as the related services such as lookupsvc and vmware-vdtc.

1. Take a snapshot or file-level backup of each VCSA from the vSphere Client before making changes.

2. Open an SSH session or appliance console to the first VCSA and enable Bash (shell) if prompted.

3. Verify the current functional level:

   Change to directory with dir-cli command
   /usr/lib/vmware-vmafd/bin
   ./dir-cli domain-functional-level get
   

   The command returns 1 on an affected node.

4. Raise the functional level to 4:

   ./dir-cli domain-functional-level set --level 4
   

5. Apply the change:

   # Check critical service status
   service-control --status lookupsvc vmware-vdtc
   
   # If either service is Stopped, restart everything
   service-control --stop --all
   service-control --start --all
   
   # Otherwise, restart only vmdird
   service-control --restart vmdird
   

6. Repeat steps 2 – 5 on the remaining linked-mode VCSAs once the first node is fully online.

7. Confirm the fix on each appliance:

   dir-cli trustedcert list            
   # should list certificates without error
   
   service-control --status lookupsvc vmware-vdtc  
   # both should show Running journalctl -xe | grep functional    
   # no new mismatch entries
   

8. Delete the snapshots once you verified the services remain working.

For more information, see

• VMdir enters failure state after upgrading vCenter Server to 8.0 U1

• Stopping, Starting or Restarting VMware vCenter Server Appliance services

• Stop, Start or Restart Services on vCenter Server 7.x and higher