Overview

When attempting to join vCenter version 8 to a Windows Active Directory domain, you may encounter the following error:

In WebUI

dm client exception: Error trying to join AD, error code [xx], user [xx], domain [mydomain.com], orgUnit []

When trying to join through a Shell:

Try to join the vcenter from the shell: Command: ./domainjoin-cli join domain username password

Example:

Connected to service
    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell
root@vcsa [ ~ ]# cd /opt/likewise/bin
root@vcsa [ /opt/likewise/bin ]# ./domainjoin-cli join domain.com [email protected] 
Joining to AD Domain:   domain.com 
With Computer DNS Name: vcsa.domain.com 
[email protected]'s password:
Error: ERROR_GEN_FAILURE [code 0x0000001f]

Resolution

The issue was caused by a time drifting between the VCSA and the Active Directory (AD) server.

To resolve this, configure the VCSA to use the AD server as its NTP source by following this steps:

  • Open vcenter server, and use default port. For example: https://IP:5480
  • Navigate to time section, and change Timesynchronisation to the following:
Mode: NTP
Timeserver= MyADserver.domain
  • Retry to domain join process.
  • Reboot the Vcenter server.

If you prefer to reboot the Vcenter through the Web UI:

  • Go to Administration > System Configuration
  • Select your vCenter node, and click Reboot node.

Conclusion

Implementing a centralized system for user authentication, such as using Active Directory (AD) for vSphere user authentication, is highly beneficial in many scenarios. To minimize downtime and prevent authentication or infrastructure management issues, it is crucial to regularly back up both your Active Directory domain controller and vCenter Server appliance.

If you encounter issues similar to those described in this article, consider verifying the NTP server configuration to ensure there are no time synchronization discrepancies. However, note that the root cause of the issue may vary and could involve other factors.