vCenter

 View Only
Expand all | Collapse all

Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

  • 1.  Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 27, 2018 11:01 PM

    Trying to join a VCSA 6.5 build 8815520 to an AD 2016 domain getting error code [31]

    What log file would provide more details on the error?

    Thanks



  • 2.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 27, 2018 11:05 PM

    Active Directory 2016 is only supported with vCSA 6.7 Update 1 at this time.



  • 3.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 27, 2018 11:12 PM

    Using domainjoin-cli shows the error ERROR_GEN_FAILURE [code 0x0000001f]

    do i have to enable smb1 to join?

    VMware Knowledge Base

    Looks like SMB1 issue was resolved back in 6.0u3



  • 4.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 27, 2018 11:21 PM

    No, SMB1 isn't needed, but again, what you're attempting is unsupported even to begin with, so it may not work at all in that version.



  • 5.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 27, 2018 11:33 PM

    Just checked the our VC at the HQ site. It's build 9451637 and it's joined to the 2016 domain.



  • 6.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 28, 2018 01:12 AM

    The error code 31 seems to come from Windows. At least I can find exactly this error message "ERROR_GEN_FAILURE [code 0x0000001f]" on the Windows system error list:

    System Error Codes (0-499) | Microsoft Docs

    But the description of this error does not help much:

    A device attached to the system is not functioning.

    However, I would suggest that you investigate the error on the Active Directory system further. Maybe you can find more information in the Windows Event Log.



  • 7.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 28, 2018 03:21 AM

    Seeing a response from the DC KRB Error: KRB5KDC_ERR_PREAUTH_REQUIRED

    Similar issue mentioned here, but on the older vcsa

    Authentication Failure in vSphere 6.0 - Peter D. Jorgensen



  • 8.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 28, 2018 03:25 AM


  • 9.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Oct 28, 2018 01:41 PM

    According to the 6.x diagram TCP 445 to the DC isn't required from the vcsa, but I am seeing TCP requests from VCSA 6.5 to the DC.

    Captured with TCPDUMP on the vcsa.

    https://benjaminulsamer.files.wordpress.com/2017/02/2131180_networkportdiagram-vsphere-6x-referencetable-v2.pdf



  • 10.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []
    Best Answer

    Posted Oct 30, 2018 12:10 AM

    If anyone else runs in to this problem the solution was to allow TCP 445 from the VCenter appliance to the Domain Controller.

    As of this writing vmware KB does not list 445 as one of the ports for vCenter Server and Platform Services Controller, however it's required to join the domain

    Required Ports for vCenter Server and Platform Services Controller



  • 11.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Nov 25, 2018 08:51 AM

    Have you mentioned the OU ( where server will be populated) .Also verify DNS,NTP,reverse DNS,Time sync. My AD level is 2008R2 and we successfully configured it ,



  • 12.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Dec 22, 2022 02:54 AM

    I am also facing the same issue with vCenter 7.0.3. I followed the below reference.

    https://www.gerjon.com/error-31-trying-to-join-vcenter-to-ad/

    Hope, it will help you.



  • 13.  RE: Idm client exception: Error trying to join AD, error code [31], user [admin@corp.local], domain [corp.local], orgUnit []

    Posted Jan 25, 2023 03:58 PM

    For me neither port thing nor the link have helped. It was a very simple issue.

    The domain I specified had couple of characters in upper case, changing them to lower case has immediately accepted without any errors.