• When attempting to join a vCenter Server Appliance (VCSA) to an Active Directory domain using the domainjoin-cli utility, the process fails with a configuration stage error. This typically occurs when the system identifies that the FQDN is invalid or does not meet the necessary formatting requirements for the join process.
  
  
• The following error is observed in the command line interface:
  
  root@localhost [ /opt/likewise/bin ]# ./domainjoin-cli join <domain-name> user@<domain-name>

Error: Required configuration stage not enabled [code 0x0000a606]
The configuration of module 'set computer hostname' is required. Please either allow this configuration stage to be performed automatically (by passing '--enable hostname'), or manually perform these configuration steps and rerun the domain join:
The following step(s) are required:
    Change the fqdn from 'vCenter01' to 'vcenter01.fqdn.dom'. The current fqdn is invalid because it does not contain a dot in the name. Changing the fqdn could be done via DNS, but this program will change it with the following steps:
        * Making sure local comes before bind in nsswitch
        * Adding the fqdn before all entries in /etc/hosts that contain 

VMware vCenter Server 7.x

VMware vCenter Server 8.x

The issue is caused by a mismatch between the VCSA Hostname and the Primary Network Identifier (PNID). Specifically, if the Hostname is set to a short name while the PNID is set to an IP address or a different FQDN format, the Likewise service (used for domain joining) cannot reconcile the identity leading to the 0x0000a606 configuration error.

• Executing below command from vCenter SSH the PNID returning an IP address instead of the FQDN prevents the domain join utility from completing the hostname configuration stage

# hostname
<vCenter FQDN>

#/usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
<vCenter IP Address>

The workaround for this issue, the PNID must be updated to match the desired FQDN:

• • Prerequisites (Backup):

    • • Perform a file-based backup of the vCenter Server via the VAMI (Port 5480).
        
        
      • If the vCenter is part of an Enhanced Linked Mode (ELM) group, shut down all nodes in the SSO domain and take offline snapshots of all vCenter Server nodes
        
        

  • Step-by-Step Instructions:

    1. Update DNS Records: Ensure that both the temporary FQDN and the final desired FQDN have valid Forward and Reverse (PTR) DNS records pointing to the vCenter IP.
       
       
    2. Change PNID to Temporary FQDN: Update the PNID to a temporary, unique FQDN to trigger a refresh of the internal identity services.
       
       
       • Navigate to the vCenter Management Interface (VAMI) at https://<vCenter FQDN>:5480.
       • Navigate to Networking > Edit.
       • Change the FQDN to <Temporary FQDN>.
         
         
    3. Reboot vCenter: Perform a full reboot of the VCSA. This step is critical to update the Likewise registry and internal configuration files with the new identity.
       
       
    4. Verify DNS for Final FQDN: Confirm that the desired final FQDN is resolvable from the vCenter SSH.
       
       
    5. Change PNID to Desired FQDN:
       
       
       • Return to the VAMI (https://<Temporary FQDN>:5480).
       • Navigate to Networking > Edit.
       • Change the FQDN to the final desired <vCenter FQDN>.
         
         
    6.  Retry Domain Join: Attempt to join the domain again using the CLI.

Changing your vCenter Server’s FQDN