vCenter Server linked Mode. Error 28039. Setup cannot join vCenter Server to the linked mode group

vSphere Virtual Center Linked Mode Prerequisites:

Well, yes this article has two headers or titles. Guess what they are almost identical.

I have seen “Error 28039. Setup cannot join vCenter Server to the linked mode group” all over the net & without any one posting resolution for it. hmmmm, how did I find out about this error and what made me looking for resolutions, well I had faced this same ugly error in my own lab. The resolution for it was nothing more than following the pre-requisite to vSphere Virtual Center Linked Mode which most people ignore. Below is the pre-requisite that you must follow for a successful installation of vCenter Linked mode & I will highligh the mostly missed one.
All the requirements for standalone vCenter Server systems apply to Linked Mode systems. In addition, to the following requirements:

The following requirements apply to each vCenter Server system that is a member of a Linked Mode group:

  1. DNS must be operational for Linked Mode replication to work.
  2. The vCenter Server instances in a Linked Mode group can be in different domains if the domains have a two-way trust relationship. Each domain must trust the other domains on which vCenter Server instances are installed.
  3. When adding a vCenter Server instance to a Linked Mode group, the installer must be run by a domain
    user who is an administrator on both the machine where vCenter Server is installed and the target machine of the Linked Mode group.  <== This one is what most people miss. What you really have to do in this step is to create a domain service account & add it to the local administrator group of your original virtual center & your new linked virtual center machines. Then login with this account to the new machine to be installed with linked vCenter & when asked for the service account make sure you chose to use the new created service account credintial instead of the default local admin account.
  4. All vCenter Server instances must have network time synchronization. The vCenter Server installer
    validates that the machine clocks are not more than 5 minutes apart.

If you satisfy all of the above requirements specially the DNS one & the service account one(marked in red) you should have a nice successful installation.

Good luck with your installation, and hope to hear some good comments of success story below.

Comments

  1. I can read the manual as well as you can. This is not the solution to the problem. There is something else that they are not telling us. The following is in the log:

    [2009-08-27 21:48:35 SEVERE] Operation “Join instance VMwareVCMSDS” failed: : Action: Join Instance
    Action: Join Instance
    Action: Create replica instance
    Action: Create Instance
    Problem: Creation of instance VMwareVCMSDS failed: Active Directory could not create the NTDS Settings object for this directory server CN=NTDS Settings,CN=VCENTER66$VMwareVCMSDS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,CN={1FAF683A-F763-45F5-9778-ADB023112C7B} on the remote directory server vCenter67.vi3.vm:389. Ensure the provided network credentials have sufficient permissions.
    Error code: 0x800706ec

    Notice that it is trying to make changes to active directory and that is what is failing. Just what permissions does it need in AD?? There appears to be no stated requirement that it be an AD administrator account, yet it is making changes in AD. I’ve even tried it as Domain Admin, even as Enterprise Admin.

  2. I finally found the answer. It has to do with the installation of ADAM and RPC. I found the following on another site:

    “On investigation we found that ADAM requires 2 more addtional ports
    (Port 135 & a random port between 1025-65535) other than port 2000 to be opened at firewall. If I open those ports I replication happens without any Issues.”

    In simpler terms, turn off the firewall so that RPC can communicate, thus getting rid of the 0x800705ec error.
    Error code: 0x800706ec
    The list of RPC servers available for the binding of auto handles has been exhausted.

  3. Hi Mordock,

    Thanks for your contribution, and sorry for the late reply. Though I am traveling abroad these days and don’t get much of access to the net in here. I am glad you found the solution, and me restating the points in the manual with a bit extra on them was done as I found many people over looked them including me the first time I tried it in lab. Again thanks for your contribution & sharing the solution with us.

  4. Hi There, Ive got this exact same problem but Ive been through all the things listed in your post and im still not able to configure linked mode.

    The VC servers are virtual, but not cloned, they were new installs.
    Time on systems is within 5 mins.
    User account setup in AD and added to the local admin group on each vc server, also domain admin user also fails.
    Both systems in same domain
    DNS configured, all nslookups are 100% ok.

    Im struggling to find the log files, any ideas ?

  5. In my case with this error message I looked into the log file it mentions and it gives me more detail.

    I didn’t realize that all vCenter licenses need to be on Standard vCenter. We have some Essentials kits and Essentials Plus, but these will not work for the LinkMode

  6. Remember right click the config and run as administrator!
    Even if you are logged in as an admin or UAC is turned off

Speak Your Mind

*