Error: The Pool Failed to Enable External Authentication in XenServer

Description

When attempting to enable external pool authentication in a XenServer 5.6 Feature Pack 1 pool, the operation fails with one or more of the following errors:
“Error: The pool failed to enable external authentication.”
“Error: Enabling Active Directory Authentication on pool '' - Could not enable external authentication: 52 (0x34) ERROR_DUP_NAME - Unknown error”
User-added image

Resolution

To Avoid the Issue During XenServer Installation

The following screen shot shows how NOT to set the hostname during installation:

User-added image

Instead, the host name must be configured similar to the following:

User-added image

To Resolve AFTER XenServer is Installed

If XenServer is installed and enabling external pool authentication is failing, check to confirm your hosts are configured in the preceding manner described.

Issue the following command on the XenServer host CLI:
# hostname
If the value returned is in FQDN format (such as: myhost.domain.local), then enabling external pool authentication will likely fail. To correct this, first determine the host Universally Unique Identifier (UUID) by issuing the following command:
# xe host-list
Run the following command on the host CLI to reconfigure the host to use the short name instead. For the ‘host-uuid’ parameter, provide the UUID acquired from the previous command:
# xe host-set-hostname-live host-uuid=<HOST_UUID> hostname=<HOST_SHORT_NAME> host-name=<HOST_SHORT_NAME>
Here is an example of the complete command for a host that is named with the FQDN myhost.domain.local:
# xe host-set-hostname-live host-uuid= 81e008db-7239-40c8-becc-934b068d4b22 hostname=myhost host-name=myhost
Reboot the machine and repeat the process for all hosts in the pool.

Problem Cause

Joining XenServer hosts to an Active Directory domain might fail if the host short name is configured as the Fully Qualified Domain Name (FQDN) of the host. The host name can be configured this way during installation of XenServer.

This fails because the XenServer service that communicates to the Active Directory Domain Controller queries Active Directory for its domain suffix at the time the host join is attempted. When it determines what the domain suffix for the domain is, it automatically applies this domain suffix to the host name configuration for the XenServer host. If the host short name is set to be the FQDN then the machine incorrectly registers with Active Directory because it ends up with a host name that cannot be resolved in DNS, per the following logical example:

IF
Host Short Name = myhost.domain.local
AND
AD Domain Suffix = domain.local
THEN
Resulting host name configuration when external pool authentication is enabled is myhost.domain.local.domain.local

This machine will fail to join AD because of the invalid DNS name.

Issue/Introduction

When attempting to enable external pool authentication in a XenServer 5.6 Feature Pack 1 pool, the operation fails with one or more of the following errors: “Error: The pool failed to enable external authentication.” “Error: Enabling Active Directory Authentication on pool '' - Could not enable external authentication: 52 (0x34) ERROR_DUP_NAME - Unknown error”

Additional Information

http://docs.citrix.com/content/dam/docs/en-us/xenserver/xenserver-7-0/downloads/xenserver-7-0-installation-guide.pdf

Section - 4.2. Installing the XenServer Host
Page No- 11

13. Specify the hostname and the DNS configuration, manually or automatically via DHCP.

In the Hostname Configuration section, select Automatically set via DHCP to have the DHCP server provide the hostname along with the IP address. If you select Manually specify, enter the desired hostname for the server in the field provided.

Note: If manually specifying the hostname, enter a short hostname and not the fully qualified domain name (FQDN). Entering an FQDN may cause external authentication to fail, or the XenServer host may be added to AD with a different name.

Welcome to "KB Articles"