ERROR_GEN_FAILURE [code 0x0000001f] error while adding VCSA to AD Domain
Article ID: 320881
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
Adding vCenter Server Appliance (VCSA) to Active Directory (AD) domain using the command-line interface (CLI) fails.
The error reported is Error: ERROR_GEN_FAILURE [code 0x0000001f].
Server Message Block protocol version 2 (SMB2) is enabled on both the vCenter as well as the in the Domain Controllers (DCs).
Adding vCenter Server Appliance (VCSA) to Active Directory (AD) domain using the command-line interface (CLI) fails.
The error reported is Error: ERROR_GEN_FAILURE [code 0x0000001f].
Server Message Block protocol version 2 (SMB2) is enabled on both the vCenter as well as the in the Domain Controllers (DCs).
Environment
VMware vCenter Server Appliance 6.5.x
VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x
VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.0.x
VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x
VMware vCenter Server Appliance 6.7.x
VMware vCenter Server Appliance 6.0.x
Cause
VCSA is not able to communicate to DCs using Port 445.
Resolution
This is not a VMware issue. This issue may occur when port 445 is blocked on an external firewall or other device in the path from the vCenter to the Domain Controllers.
To resolve the issue, make sure to have Port 445 enabled on external firewall if any.
To test if Port 445 is accessible, run the following command
openssl s_client -connect mydomain.com:445
If result is a "CONNECTED" message: port 445 is enabled.
If result is a "errno" or "error" message: port 445 is not enabled.
To resolve the issue, make sure to have Port 445 enabled on external firewall if any.
To test if Port 445 is accessible, run the following command
openssl s_client -connect mydomain.com:445
If result is a "CONNECTED" message: port 445 is enabled.
If result is a "errno" or "error" message: port 445 is not enabled.
Additional Information
Enabling vCenter Server Appliance to use SMB2
Domain join operation for vCenter Server appliance fails with the Error: ERROR_ACCESS_DENIED when SMBv3 is enabled on Domain Controller
"/opt/likewise/bin/domainjoin-cli", CLI to handle Active Directory Domain Operations Join/Leave/Query on vCenter Server Appliance 6.x
Third-party links:
How to configure a firewall for Active Directory domains and trusts
How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows
Disclaimer: VMware is not responsible for the reilability of any data, opinions, advice, or statements made on third-party websites. Inclusion of such links does not imply that VMware endorses, recommends, or accepts any responsibility for the content of such sites.
Feedback
Yes
No
Powered by
