Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1475
  • Last Modified:

How to join VM host to AD

I have set up AD for ESX Admins and now trying to join the host to our domain.  

I have tried but keep getting an error that says:
The host does not have a suitable FQDN

Can someone help..  Maybe I am doing the setup wrong.

Details:
ESXI 4.1
Logged into vSphere Client and went to Configuration tab for the host.   Wen to Authentication services and selected Properties
In Window, I select Active Directory
Domain:   I used our domainname.local
Click Join
Credentials:  I entered domainname\user and the password

What am I doing wrong.

THANKS
0
bankwest
Asked:
bankwest
  • 16
  • 9
  • 7
  • +2
1 Solution
 
Joshua GrantomSenior EngineerCommented:
When you entered the hostname for the host what format did you use?

hostname

or

hostname.domain.local
0
 
becraigCommented:
Here are some good steps to follow:
    Created the computer object in AD
    Connected to the vCenter Server via VI Clinet
    configured the NTP settings and restarted the ntp server
    Under the Domain type for Authentication Services for ESXi - Typed - FQDN
    For username used the following syntex - username@FQDN
    Typed the password and it worked

From a VMware thread for a similar issue:
https://communities.vmware.com/thread/328780
0
 
bankwestAuthor Commented:
For example:   My host name is localhost.test                      (test is our domain)

I tried it with localhost.test.local

Then credentials were test\username
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Make sure, the ESXi host name has the correct domain name suffix e.g.

cyrus-consultants.co.uk

hostname is esxi.

make sure that you have both DNS IP Addresses specified for your DCs.

This can be changed under the IP Address info for the ESXI server.

Is your AD domain just

test ?

not test.com or test.co.uk ?
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
This might not be the answer in your case, but it is something to check/try/confirm.  I know setting up hosts in the past, they really, really wanted the reverse lookup (PTR) records to exist for the hosts.
0
 
bankwestAuthor Commented:
Andrew.

domain is test.local
0
 
Joshua GrantomSenior EngineerCommented:
I would make sure the computer account is created in AD as becraig suggested above. I've run into issues trying to bind linux machines to AD and creating the account first helped resolve the problem.
0
 
becraigCommented:
Have you taken a look at the steps I suggested, since on the VMware site others had this same issue and most were either due to NTP configs or other similar issues ?

It is worth it IMHO to give it a once over, it might help the investigation on your side and allow you to bring more details to help us resolve your concern.
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
Ah, looking at the VMWare knowledgebase... it was the PTR records for the Domain Controllers which need to exist.
0
 
bankwestAuthor Commented:
becraig.....In response to above
 Created the computer object in AD.................................................Yes the object is created
     Connected to the vCenter Server via VI Clinet
     configured the NTP settings and restarted the ntp server-------------------One of first things I checked.   and restarted the ntp server
     Under the Domain type for Authentication Services for ESXi - Typed - FQDN------not sure what you mean here.  Sorry, but I am pretty GREEN in this.  If you mean to literally type in FQDN etc..............I tried that and still won't join.

 username used the following syntex - username@FQDN
0
 
bankwestAuthor Commented:
If someone will tell me what screenshots you would like to see, then maybe it is easier to see what I have (or don't have)

I can send:   Host Config information
          1. Authentication Services
           2.  DNS and Routing
           3   Time Configuration

Or whatever is needed.
0
 
becraigCommented:
Can you take a look at this link and tell me if you tried these steps:
 I connected to the Direct Console User Interface (DCUI) and entered the following three missing settings.

IP Address of the DNS Server

Host name

DNS suffix

After the missing settings had been entered and the management network restarted, I was able to join the ESXi host to the AD domain.

http://deinfotech.blogspot.com/2012/10/the-host-does-not-have-suitable-fqdn.html
0
 
bankwestAuthor Commented:
becraig

My config is this:

Host Identification
   Name                                localhost
   Domain                             test

DNS Servers
     Preferred                        10.1.x.xx        
     Alt DNS                            208.x.x.x

Default GW                         10.1.x.x
0
 
becraigCommented:
Ok so based on the link:
In the Direct Console User Interface (DCUI)

1. Ensure the DNS server is the same as the dns server other hosts/ DCs use that are joined to AD (ensure you can reach it as well)
2. Ensure the hostname value is set to the correct value
3. Enter the DNS suffix "test.local" to match your domain.

Restart the management network and retry joining.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Can you add a PC to the domain, using those values ?

 Alt DNS                            208.x.x.x

the above will cause most issues...remove it.

is the domain correct ?

test ?

there is no requirement to create the object, using the correct Domain Credentials, it will create the object.
0
 
bankwestAuthor Commented:
Andrew:

Yes I can add PC's to our domain using the above settings.     Gateway and DNS are what I show above

Removed the Alt. DNS.............no change

If I look at a PC that is on our domain............Computer name is GLDxxx
Full computer name is GLDxxx.test.local
Domain is test.local   (which above, my error not putting the .local on the domain name.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
okay so your host should be called....

hostname.test.local

test.local

try this...

fqdn
and then enter test.local as the Domain in domain settings

followed by join with correct AD Account
0
 
bankwestAuthor Commented:
Andrew:
Here is a screenshot of what I am trying, but still get the error......

AD-and-ESXi.jpg
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
your domain is test.local *NOT* localhost.test.local

localhost is your ESXi hostname

e.g. hostname.domain
0
 
becraigCommented:
That definitely explains why it is not working  :~(

Domain FQDN  test.local  
Server FQDN :  server.test.local


if it kept looking for a domain names localhost.test.local it would never find it as it does not exist.
0
 
bankwestAuthor Commented:
Andrew,

Attaching a doc with screenshots of each step......
Esxi-and-AD.docx
0
 
bankwestAuthor Commented:
Andrew....Sorry..............One screenshot I should have replaced.

I DID use test.local for domain, not the localhost.test.local as in the example.    SO SORRY for confusion
0
 
becraigCommented:
Let me ask a stupid question, that might have already been asked, but have you ensured your ability to talk to the domain controller ?

Are you able to ping any of the DCs  in the domain you are trying to add the  VM to (from the VM itself) ?
0
 
bankwestAuthor Commented:
Yes........

Have been running VM's for over a year and they can talk to DC.     The "guy" that set this up, didn't add  the authentication piece for AD and I am trying to Learn....and get it done.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
there seems to be a reference to bwok.local\user in your doc ?

what is your AD domain ?

do you have DHCP on your LAN ?

do other machines on your LAN get IP address and IP stuff from DHCP, and our on Domain ?
0
 
bankwestAuthor Commented:
Again sorry.    I was trying to "hide" actual name.      so what you saw is actual domain

We assign an IP it is not given out automatically
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
so no DHCP ?

can you capture, and put the output from a PC of

ipconfig /all

at a command prompt

so we can see all the TCP/IP info.....

If you can Add a VM to AD easily.....

TCP/IP info is incorrect on the ESXi host (it's also a possibility there could be a issue with the version of ESXi 4.1 maybe!)
0
 
becraigCommented:
I would second what Andrew suggests do a quick compare of an ipconfig from a VM already joined to the network against the one you are now trying to add and compare the values

Ip address
Gateway
DNS server etc...
0
 
bankwestAuthor Commented:
See attached
config.docx
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
okay, so are we using

bwok.local - this is the domain

10.1.1.1 - default gateway

10.1.1.25 - DNS server

I think I would also give you ESXi server a hostname, rather than localhost

e.g. esx001 etc

so fqdn esx001.bwok.local

also I think you need to conduct a test on the ESXi server....

there is a test on the Menu on the console.

I would also create a DNS A record for the ESXi server

10.1.1.x esx001.bwok.local

the test at the console will also check DNS and resolve it

also check you can ping the DNS server, I assume this is also the DC
0
 
bankwestAuthor Commented:
You are correct on the domain info.  

I will try to do the test today and rename the esxi server.    First of month I have a lot of other items to work on so will get it done as soon as I can and post back.

Yes the DNS is also the DC
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
no problems...
0
 
bankwestAuthor Commented:
Please allow me a little more time.  Have not had a chance to get back to this.  Hope to on Monday
0
 
bankwestAuthor Commented:
THANK YOU..................................    I gave the ESXi a different hostname.     Added to DNS

Now it has joined the domain.
0
 
bankwestAuthor Commented:
THANK YOU.......Very helpful.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
No problems, glad to assist.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 16
  • 9
  • 7
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now