Can’t join VMware 5.5 VCSA to Active Directory – Error: Invalid Active Directory Domain

When attempting to add a VMWare vCenter Server Appliance to our Active Directory I encountered this error message: “Error: Invalid Active Directory Domain”.

Within the /var/log/vmware/vpx/vpxd_cfg.log log file I was seeing the following:

<!-- wp:paragraph -->
<p>START locking... /usr/sbin/vpxd_servicecfg ad write</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:31:32 18457: [18454]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'write' 'username@domain.com' CENSORED 'DOMAIN.COM'</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:31:32 18457: Testing domain (DOMAIN.COM)</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:31:32 18457: ERROR: Failed to ping: 'DOMAIN.COM'</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:31:32 18457: VC_CFG_RESULT=301</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:31:32 18457: END execution</p>
<!-- /wp:paragraph -->

It would seem that the root record for the domain is missing, this should resolve to a domain controller, so it has something to bind to.

So within the /etc/hosts I added a record for domain.com that pointed to the IP address of one of our domain controllers.

172.17.5.10 domain.com domain

Then tried again now with success:

2016-01-21 09:45:05 23284: START locking... /usr/sbin/vpxd_servicecfg ad write
<!-- wp:paragraph -->
<p>2016-01-21 09:45:05 23287: [23284]BEGIN execution of: /usr/sbin/vpxd_servicecfg 'ad' 'write' 'username' CENSORED 'DOMAIN.COM'</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:45:05 23287: Testing domain (DOMAIN.COM)</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:45:05 23287: Enabling active directory: 'DOMAIN.COM' 'username'</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:45:11 23287: VC_CFG_RESULT=0</p>
<!-- /wp:paragraph -->

<!-- wp:paragraph -->
<p>2016-01-21 09:45:11 23287: END execution</p>
<!-- /wp:paragraph -->

Reboot the VCSA.

Then login as the administrator@vsphere.local user account and then configure the VCSA with the active directory identity source.

Administration->Single Sign-On->Configuration->Identity Sources

Then add the Active Directory identity source.

You should then be able to remove this line from the hosts file and the AD authentication should continue to work OK. Once you have added permissions to the various AD groups or users you want to have access.

Can’t join VMware 5.5 VCSA to Active Directory – Error: Invalid Active Directory Domain

Create a Network Association to an External IP Address or IP Range (i.e. an IP address that is not “yours”

Traffic Policing vs Traffic Shaping

Reset Vehicle API on Ohme Pro Charger

Related Posts

VMware Datastores Disappear After Rescan

vMOTION (including Storage vMOTION) Fails Migrating from ESXi 5.5 to ESXi 6.0 U1

Error Booting VMWare vCenter Server Appliance 6.0u1 after Deployment