When trying to join vCenter to the Active Directory domain for Single Sign on, the following error is displayed:
idm client exception: Error trying to join AD, error code [41887], user [username@domain], domain [domain.local], orgUnit []
Cause:
Joining Active Directory fails in vCenter due to the user attempting to authenticate using a logon name that is not their user principal name (UPN.) Check the user's account object in Active Directory Users & Computers - user logon name - in Account tab.
Solution:
Use the user's UPN to authenticate to AD and the configuration should succeed.
