Monday, November 3, 2014

Manage vCenter server appliance AD authetication from commandline

Recently I faced some issue with my LAB AD and due to this my vmware infrastructure disturbed. While troubleshooting I came across tool vCenter Appliance called domainjoin-cli located under /opt/likewise/bin folder. With this tool you can manage AD authentication settings from command line. Below are the some of the screenshots how the command works.
When you CD to the directory and run this command you will see the standard help and its parameters how to use it.


Below is the query result when computer account for vCenter appliance was deleted from AD.
Error: LW_ERROR_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN [code 0x0000a309]
client not found in Kerberos database



To correct this I manually created new computer account in AD (New Computer account SID (Password) is not matching with vCenter server). Which resulted into below error.
Error: LW_ERROR_PASSWORD_MISMATCH [code 0x00009c56]
The password is incorrect for the given username


 

And this is the one when my AD server was down
Error:LW_ERROR_DOMAIN_IS_OFFLINE [code 0x00009cb9]
The domain is offline


 

You can disjoin vCenter from AD with ./domainjoin-cli leave


This is query status after dis-joining from AD.


When in the last I rejoined it in AD, this the query status (you can use ./domainjoin-cli join command to do the same join this VC in domain.)

1 comment:

Michael Schoenly said...

spot on , thanks!