Attempting to join a freshly deployed VCSA server to a AD domain can be problematic if SMB1 is disabled. In my case it was 5.5 but I believe this issue persists in 6.x. SMB1 was disabled on the DC as it should be as it is broken and insecure. The problem lies in the fact that VCSA doesn’t support SMB2 and this causes the error. The VAMI (web interface) might report something like the following when attempting to join the domain:
Error: Enabling Active Directory failed.
Additionally, on the VCSA, /var/log/vmware/vpx/vpxd_cfg.log contains entries like the following:
2017-08-16 14:30:07 26987: ERROR: Enabling active directory failed: Joining to AD Domain: domain.lan With Computer DNS Name: vcenter-server.domain.lan Error: ERROR_GEN_FAILURE [code 0x0000001f] 2017-08-16 14:30:07 26987: VC_CFG_RESULT=302
Of course DNS resolution of the VCSA’s hostname should be validated before continuing, but assuming everything else is in working order, the fix is to enable SMB2 on the VCSA.
Verify SMB2 is disabled (note the Smb2Enabled key is 0:
vc-01:~ # /opt/likewise/bin/lwregshell list_values '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]' "EchoInterval" REG_DWORD 0x0000012c (300) "EchoTimeout" REG_DWORD 0x0000000a (10) "IdleTimeout" REG_DWORD 0x0000000a (10) "MinCreditReserve" REG_DWORD 0x0000000a (10) "Path" REG_SZ "/opt/likewise/lib64/librdr.sys.so" "ResponseTimeout" REG_DWORD 0x00000014 (20) "SigningEnabled" REG_DWORD 0x00000001 (1) "SigningRequired" REG_DWORD 0x00000000 (0) "Smb2Enabled" REG_DWORD 0x00000000 (0)
vc-01:~ # /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers\rdr]' Smb2Enabled 1
Restart the lwio service:
vc-01:~ # /opt/likewise/bin/lwsm restart lwio
Log out of VAMI web interface, log back in and retry joining to the domain.