Adding vCenters with the similar hostnames to the same Root AD Domain

If you add a Windows Server to a Domain, you have the option of preventing the Domain Controller from changing the servers hostname. The example is if I have server1.acme.com, and I want to add it to my ad.acme.com domain, during the process of registering the server, it will change the servers hostname to server1.ad.acme.com. Not always ideal.

Whats worse is that since the VCSA is based on SUSE Linux, there is no checkbox the uncheck to prevent this during the PSC’s Join Domain functionality.

So why is this important? We had multiple VCSA’s. Their hostnames were:

  • vcenter.site1.acme.com
  • vcenter.site2.acme.com
  • etc…

When we added them to the same domain controller, VCSA 6 would attempt to use the same computer account for all the servers after registering with AD. This means that as soon as VCSA 2 joins, it would break VCSA 1’s authentication and cause inventory service issues. We needed to add the VCSA’s to the domain, without the domain changing the hostname, so that they create individual unique computer accounts.

Well, there is a way. The VCSA uses a software called Likewise, or technically its called Beyond Trust. When you register the with steps below, it creates unique computer accounts like vcenter-D2YJFN.

Open a putty or SSH session to the VCSA logging in as root. If you run VCSA 5.5, you will go straight into bash, if you are running VCSA 6, you will be presented with “command>” and instructions to enable bash.

NOTE: In our case, we had to register to the root domain to prevent issues with Inventory Service.

Do the following steps to register the PSC to the domain without changing the hostname:

  1. Make suer DNS, NTP and hostname are all setup correctly.
  2. ” cd /opt/likewise/bin/ ” <— change directory to where the join domain script is kept.
  3. ” ./domainjoin-cli join –disable hostname {domain} {user@domain} ” <— only change the last two { items }
  4. After this completes, you have to reboot the VCSA, no different than if you joined from the GUI.
  5. Verify that the VCSA is joined to the domain:
    1. In the GUI
      1. Login to Web-Client with Administrator@vsphere.local
      2. Home > Administration > Deployment > System Configuration > Nodes > {vCenter} > Manage (Tab) > Authentication
    2. In the CLI
      1. SSH into VCSA as root
      2. ” cd /opt/likewise/bin “
      3. ” ./domainjoin-cli query “
  6. Check the /etc/hosts file to make sure the hostname isn’t changed.

Now, if you go into your AD Domain Controller, it will have “vcenter” as the first computer account, and each subsequent addition will have the unique identifiers at the end.

Enjoy.

Leave a Reply