Reputation: 2860
Unable to join VM to AD - cannot complete this function
I am having a VMs in Azure and AD VM also in Azure. They are all in same network, although in different subnets.
I have provisioned the VM's by terraform and they are unable to join to AD, hence I am doing manually to see what the error is.
Commands to connect VM to AD is below:
PS C:\Users\scmadmin> $domain = "contoso.com"
PS C:\Users\scmadmin> $password = "<password here>" | ConvertTo-SecureString -asPlainText -Force
PS C:\Users\scmadmin> $username = "$domain\scmadmin"
PS C:\Users\scmadmin> $credential = New-Object System.Management.Automation.PSCredential($username,$password)
PS C:\Users\scmadmin> Add-Computer -DomainName $domain -Credential $credential
The log output after the execution is below:
Add-Computer : Computer 'erxprebussvc01' failed to join domain 'contoso.com' from its current workgroup 'WORKGROUP'
with following error message: Cannot complete this function.
At line:1 char:1
+ Add-Computer -DomainName $domain -Credential $credential
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (erxprebussvc01:String) [Add-Computer], InvalidOperationException
+ FullyQualifiedErrorId : FailToJoinDomainFromWorkgroup,Microsoft.PowerShell.Commands.AddComputerCommand
At Virtual Network level, DNS Server IP is the IP (Private IP) of AD=10.112.1.4
I am able to ping domain,
PS C:\Users\scmadmin> ping contoso.com
Pinging contoso.com [10.112.1.4] with 32 bytes of data:
Reply from 10.112.1.4: bytes=32 time=1ms TTL=128
Reply from 10.112.1.4: bytes=32 time=1ms TTL=128
Reply from 10.112.1.4: bytes=32 time=1ms TTL=128
Reply from 10.112.1.4: bytes=32 time=1ms TTL=128
Ping statistics for 10.112.1.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
Windows Event viewer log reports the below error
The machine erxprebussvc01 attempted to join the domain contoso.com but failed. The error code was 1355.
Unable to understand what is the issue/how to troubleshoot and how to resolve it.
Upvotes: 0
Views: 6735
Answers (1)
Reputation: 28274
I have not provisioned the VMs by terraform. Instead, I manually deploy two Azure VMs (one is as AD and DNS server, the other is as Client) on the Azure portal. The steps are simple as below:
- Deploy both VMs in a different subnet but in the same VNet.
- Set Up server role(ADDC, DNS) on the AD server and make it as the DC server.
- Change the DNS servers to the AD private IP address in the Azure VNet portal.
- Restart two Azure VMs on the Azure portal.
- After VM restoring running, RDP to the client VM, you can join this VM to AD domain
contoso.commanually or via commands.
Generally, VMs in the same subnet could communicate with each other without any port limitation. So It looks like the DNS issue on your side. You can reboot your VMs or ipconfig/flushdns on the client VM. Or verify if the DNS records are created on the DC VM properly.
Moreover, you can refer to this event error code 1355 and this troubleshooting tutorial: How to troubleshoot errors that occur when you join Windows-based computers to a domain
Upvotes: 1
Related Questions
- Microsoft Azure AD Connect Provisioning Agent error 5
- Terraform Azure VM extension does not join VM to Azure Active Directory for Azure Virtual Desktop
- How to resolve 80180026 error when trying to join laptop to Azure Domain
- Azure Join AD Failed in Windows 10
- provisioning a hostpool join domain failed
- How to Joins an Azure virtual machine into an AD Domain using Azure CLI
- Azure VM failed to join the Azure AD Domain
- Trying to join a Domain on WinServer 2008R2 but can't start "Workstation service" because of Error 1075
- How to use attach VM to Azure Active Directory?
- Azure: DNS change after VM setup