DomainJoin Section in terraform is giving me the following code "VMExtensionProvisioningError"

Question

Error Message:

 Error: Code="VMExtensionProvisioningError" Message="VM has reported a failure when processing extension 'domainZone-domainJoin'. Error message: \"Exception(s) occured while joining Domain 'domainZOne.zone'\"\r\n\r\nMore information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot "
│ 
│   with azurerm_virtual_machine_extension.domainJoin[1],
│   on main.tf line 194, in resource "azurerm_virtual_machine_extension" "domainJoin":
│  194: resource "azurerm_virtual_machine_extension" "domainJoin" {

Current Implementation for that:

resource "azurerm_virtual_machine_extension" "domainJoin" {
  count = var.nb_instances #2 #module.winserv.nb_instances #"${var.domain_joined ? var.rdsh_count : 0}"
  name  = "datashieldzone-domainJoin"
  # name                       = "${var.vm_hostname}-${count.index + 1}-domainJoin"
  virtual_machine_id         = module.winserv.vm_ids[count.index]
  publisher                  = "Microsoft.Compute"
  type                       = "JsonADDomainExtension"
  type_handler_version       = "1.3"
  auto_upgrade_minor_version = true

  depends_on = [
    module.winserv,
  ]
  #"/subscriptions/<subscription id>/resourceGroups/WIN10/providers/Microsoft.Compute/virtualMachines/win10addsman" #"${azurerm_virtual_machine.main.*.name[count.index]}"

  lifecycle {
    ignore_changes = [
      settings,
      protected_settings,
    ]
  }

  settings = <<SETTINGS
    {
        "Name": "${var.domain_name}",
        "User": "${var.domain_adminuser}",
        "OUPath": "${var.domain_ou}",
        "Restart": "true",
        "Options": "3"
    }
SETTINGS

  protected_settings = <<PROTECTED_SETTINGS
  {
         "Password": "${var.domain_password}"
  }
PROTECTED_SETTINGS

}

I'm using the guides from Microsoft but it seems that I'm using the right extension. I'm doing this manually on my local machine and is giving me this issue. If I run this pipeline under Github Actions everything seems fine but I don't know why locally is giving me those error messages.

Does anyone have any insights on what this issue could be? Does anyone have any possible solutions?

Answer 1

Initially, I got the same error in my environment when we created the domain join extension to the virtual machine.

Error:

The above error states that the VM was unable to join the domain; thus, please check that the parameters domainToJoin, ouPath, existingDomainUPN, and existingDomainPassword are supplied with the proper values.

I tried with the proper Domain Controller setup and used the same code.

main.tf

provider "azurerm" {
        features {}

}
data "azurerm_resource_group" "example" {
    name = "resource-grp"
}

data "azurerm_virtual_machine" "example"{
    name = "vm-name"
    resource_group_name = data.azurerm_resource_group.example.name
}  
resource "azurerm_virtual_machine_extension" "domainJoin" {
  name  = "datashieldzone-domainJoin"
  # name                       = "${var.vm_hostname}-${count.index + 1}-domainJoin"
  virtual_machine_id         = data.azurerm_virtual_machine.example.id
  publisher                  = "Microsoft.Compute"
  type                       = "JsonADDomainExtension"
  type_handler_version       = "1.3"
  auto_upgrade_minor_version = true

  lifecycle {
    ignore_changes = [
      settings,
      protected_settings,
    ]
  }

  settings = <<SETTINGS
  {
    "Name": "<domainname>.com",
     "User": "<domainname>\\<username>",
     "OUpath":"",
    "Restart": "true",
    "Options": "3"
}
SETTINGS
  protected_settings = <<PROTECTED_SETTINGS
  {
         "Password": "<Password>"
  }
PROTECTED_SETTINGS
  depends_on = [data.azurerm_virtual_machine.example]
}

Output:

Portal:

VM: