Run this command in VDA:

tdbtool /var/lib/samba/private/secrets.tdb store SECRETS/MACHINE_PASSWORD/MCS "your_password\0"

service ad_join restart

Your VDA should be able to register to DDC now.

In case VDA reboots and loses this new password, you will need to save this password with base64 encoded in identity disk:

sed -i "s/^MachinePassword=.*$/MachinePassword=`echo -n your_password | base64`/g" "/mnt/iddisk/PvsVm/CTXSOSID.INI"

For new version lvda
 

To enable this feature, before run /opt/Citrix/VDA/sbin/deploymcs.sh, open /var/xdl/mcs/mcs.conf and set

UPDATE_MACHINE_PW="enabled"

After running /opt/Citrix/VDA/sbin/deploymcs.sh, open /etc/cron.d/mcs_update_password_cronjob, you can set the time and frequency of this job, the default behavior is to update machine password weekly on sunday 2:30AM.

After update machine password, ticket cache on Broker will be invalid, and you may get this error from /var/log/xdl/jproxy.log: