在將VCSA(vCenter Server Appliance)用下列的步驟加入AD domain
- 三條線 > Administrator > Single Sign On > Configuration
- Identity Provider > Active Directory Domain > JOIN AD
- Domain設DOMAIN.COM
- User設USERNAME@domain.com
出現了下列的錯誤訊息:
Idm client exception: Error trying to join AD, error code [42502], user [USERNAME@domain.com], domain [DOMAIN.COM], orgUnit []
網路上面找到的所有解法都失敗,主要包含了三方向:
- 要用FQDN設定VCSA
- VCSA的時間要和AD同步,最少差距要小於五分鐘
- 各種可能被防火牆擋下來的port
GUI失敗後,用SSH登入VCSA,直接在shell下指令:
- /opt/likewise/bin/domainjoin-cli join DOMAIN.COM USERNAME
出現下列的錯誤訊息,重點看橘色字:
Joining to AD Domain: DOMAIN.COM
With Computer DNS Name: HOSTNAMEError: Required configuration stage not enabled [code 0x0000a606]
The configuration of module 'set computer hostname' is required. Please either allow this configuration stage to be performed automatically (by passing '--enable hostname'), or manually perform these configuration steps and rerun thedomain join:
The following step(s) are required:
Change the fqdn from 'HOSTNAME' to 'HOSTNAME.DOMAIN.COM'. The current fqdn is invalid because it does not
contain a dot in the name. Changing the fqdn could be done via DNS, but this program will change it with the following
steps:
* Making sure local comes before bind in nsswitch
* Adding the fqdn before all entries in /etc/hosts that contain the short hostname and removing the old fqdn if it appears on the line
* Restart nscd (if running) to flush the DNS cache
最後發現是 /etc/hosts 裡面有VCSA的FQDN必須要放在第一筆,超雷。修改完之後就可以順利join AD domain,但記得要重開VCSA設定才會生效。官網的加入或離開 Active Directory 網域說明對於此error code的除錯一點用處都沒有。
_EOF_
沒有留言:
張貼留言