How to join VM host to AD

I have set up AD for ESX Admins and now trying to join the host to our domain.  

I have tried but keep getting an error that says:
The host does not have a suitable FQDN

Can someone help..  Maybe I am doing the setup wrong.

Details:
ESXI 4.1
Logged into vSphere Client and went to Configuration tab for the host.   Wen to Authentication services and selected Properties
In Window, I select Active Directory
Domain:   I used our domainname.local
Click Join
Credentials:  I entered domainname\user and the password

What am I doing wrong.

THANKS
bankwestCTO/CashierAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joshua GrantomSenior Systems AdministratorCommented:
When you entered the hostname for the host what format did you use?

hostname

or

hostname.domain.local
0
becraigCommented:
Here are some good steps to follow:
    Created the computer object in AD
    Connected to the vCenter Server via VI Clinet
    configured the NTP settings and restarted the ntp server
    Under the Domain type for Authentication Services for ESXi - Typed - FQDN
    For username used the following syntex - username@FQDN
    Typed the password and it worked

From a VMware thread for a similar issue:
https://communities.vmware.com/thread/328780
0
bankwestCTO/CashierAuthor Commented:
For example:   My host name is localhost.test                      (test is our domain)

I tried it with localhost.test.local

Then credentials were test\username
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Make sure, the ESXi host name has the correct domain name suffix e.g.

cyrus-consultants.co.uk

hostname is esxi.

make sure that you have both DNS IP Addresses specified for your DCs.

This can be changed under the IP Address info for the ESXI server.

Is your AD domain just

test ?

not test.com or test.co.uk ?
0
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
This might not be the answer in your case, but it is something to check/try/confirm.  I know setting up hosts in the past, they really, really wanted the reverse lookup (PTR) records to exist for the hosts.
0
bankwestCTO/CashierAuthor Commented:
Andrew.

domain is test.local
0
Joshua GrantomSenior Systems AdministratorCommented:
I would make sure the computer account is created in AD as becraig suggested above. I've run into issues trying to bind linux machines to AD and creating the account first helped resolve the problem.
0
becraigCommented:
Have you taken a look at the steps I suggested, since on the VMware site others had this same issue and most were either due to NTP configs or other similar issues ?

It is worth it IMHO to give it a once over, it might help the investigation on your side and allow you to bring more details to help us resolve your concern.
0
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Ah, looking at the VMWare knowledgebase... it was the PTR records for the Domain Controllers which need to exist.
0
bankwestCTO/CashierAuthor Commented:
becraig.....In response to above
 Created the computer object in AD.................................................Yes the object is created
     Connected to the vCenter Server via VI Clinet
     configured the NTP settings and restarted the ntp server-------------------One of first things I checked.   and restarted the ntp server
     Under the Domain type for Authentication Services for ESXi - Typed - FQDN------not sure what you mean here.  Sorry, but I am pretty GREEN in this.  If you mean to literally type in FQDN etc..............I tried that and still won't join.

 username used the following syntex - username@FQDN
0
bankwestCTO/CashierAuthor Commented:
If someone will tell me what screenshots you would like to see, then maybe it is easier to see what I have (or don't have)

I can send:   Host Config information
          1. Authentication Services
           2.  DNS and Routing
           3   Time Configuration

Or whatever is needed.
0
becraigCommented:
Can you take a look at this link and tell me if you tried these steps:
 I connected to the Direct Console User Interface (DCUI) and entered the following three missing settings.

IP Address of the DNS Server

Host name

DNS suffix

After the missing settings had been entered and the management network restarted, I was able to join the ESXi host to the AD domain.

http://deinfotech.blogspot.com/2012/10/the-host-does-not-have-suitable-fqdn.html
0
bankwestCTO/CashierAuthor Commented:
becraig

My config is this:

Host Identification
   Name                                localhost
   Domain                             test

DNS Servers
     Preferred                        10.1.x.xx        
     Alt DNS                            208.x.x.x

Default GW                         10.1.x.x
0
becraigCommented:
Ok so based on the link:
In the Direct Console User Interface (DCUI)

1. Ensure the DNS server is the same as the dns server other hosts/ DCs use that are joined to AD (ensure you can reach it as well)
2. Ensure the hostname value is set to the correct value
3. Enter the DNS suffix "test.local" to match your domain.

Restart the management network and retry joining.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Can you add a PC to the domain, using those values ?

 Alt DNS                            208.x.x.x

the above will cause most issues...remove it.

is the domain correct ?

test ?

there is no requirement to create the object, using the correct Domain Credentials, it will create the object.
0
bankwestCTO/CashierAuthor Commented:
Andrew:

Yes I can add PC's to our domain using the above settings.     Gateway and DNS are what I show above

Removed the Alt. DNS.............no change

If I look at a PC that is on our domain............Computer name is GLDxxx
Full computer name is GLDxxx.test.local
Domain is test.local   (which above, my error not putting the .local on the domain name.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
okay so your host should be called....

hostname.test.local

test.local

try this...

fqdn
and then enter test.local as the Domain in domain settings

followed by join with correct AD Account
0
bankwestCTO/CashierAuthor Commented:
Andrew:
Here is a screenshot of what I am trying, but still get the error......

AD-and-ESXi.jpg
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
your domain is test.local *NOT* localhost.test.local

localhost is your ESXi hostname

e.g. hostname.domain
0
becraigCommented:
That definitely explains why it is not working  :~(

Domain FQDN  test.local  
Server FQDN :  server.test.local


if it kept looking for a domain names localhost.test.local it would never find it as it does not exist.
0
bankwestCTO/CashierAuthor Commented:
Andrew,

Attaching a doc with screenshots of each step......
Esxi-and-AD.docx
0
bankwestCTO/CashierAuthor Commented:
Andrew....Sorry..............One screenshot I should have replaced.

I DID use test.local for domain, not the localhost.test.local as in the example.    SO SORRY for confusion
0
becraigCommented:
Let me ask a stupid question, that might have already been asked, but have you ensured your ability to talk to the domain controller ?

Are you able to ping any of the DCs  in the domain you are trying to add the  VM to (from the VM itself) ?
0
bankwestCTO/CashierAuthor Commented:
Yes........

Have been running VM's for over a year and they can talk to DC.     The "guy" that set this up, didn't add  the authentication piece for AD and I am trying to Learn....and get it done.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
there seems to be a reference to bwok.local\user in your doc ?

what is your AD domain ?

do you have DHCP on your LAN ?

do other machines on your LAN get IP address and IP stuff from DHCP, and our on Domain ?
0
bankwestCTO/CashierAuthor Commented:
Again sorry.    I was trying to "hide" actual name.      so what you saw is actual domain

We assign an IP it is not given out automatically
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
so no DHCP ?

can you capture, and put the output from a PC of

ipconfig /all

at a command prompt

so we can see all the TCP/IP info.....

If you can Add a VM to AD easily.....

TCP/IP info is incorrect on the ESXi host (it's also a possibility there could be a issue with the version of ESXi 4.1 maybe!)
0
becraigCommented:
I would second what Andrew suggests do a quick compare of an ipconfig from a VM already joined to the network against the one you are now trying to add and compare the values

Ip address
Gateway
DNS server etc...
0
bankwestCTO/CashierAuthor Commented:
See attached
config.docx
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
okay, so are we using

bwok.local - this is the domain

10.1.1.1 - default gateway

10.1.1.25 - DNS server

I think I would also give you ESXi server a hostname, rather than localhost

e.g. esx001 etc

so fqdn esx001.bwok.local

also I think you need to conduct a test on the ESXi server....

there is a test on the Menu on the console.

I would also create a DNS A record for the ESXi server

10.1.1.x esx001.bwok.local

the test at the console will also check DNS and resolve it

also check you can ping the DNS server, I assume this is also the DC
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bankwestCTO/CashierAuthor Commented:
You are correct on the domain info.  

I will try to do the test today and rename the esxi server.    First of month I have a lot of other items to work on so will get it done as soon as I can and post back.

Yes the DNS is also the DC
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
no problems...
0
bankwestCTO/CashierAuthor Commented:
Please allow me a little more time.  Have not had a chance to get back to this.  Hope to on Monday
0
bankwestCTO/CashierAuthor Commented:
THANK YOU..................................    I gave the ESXi a different hostname.     Added to DNS

Now it has joined the domain.
0
bankwestCTO/CashierAuthor Commented:
THANK YOU.......Very helpful.
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
No problems, glad to assist.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.