VMware vSphere

Hello all,

I'm running into something interesting that I'm being confused by and hoping someone can point me in the right direction.

I recently joined some ESXi hosts (all are version 7.0.3 build 19898904 or higher) to my AD domain here and edited the Config.HostAgent.plugins.hostsvc.esxAdminsGroup advanced system setting with the appropriate AD security group.  

I then went to verify that I can log into the host with my AD credentials via the ESXi web client (https://hostname/ui).  When I try logging in there, I get the error "Permission to perform this operation was denied."  I tried both ways for the username as well (domain\username and username@domain).

Lockdown mode is disabled (as I can login w/root), firewalls are okay (AD traffic is enabled for all IP addys), nslookups from the ESXi host work just fine and the strangest part, to me, is that I can SSH into the same ESXi host with domain\username credentials without issue.

Sooo...any thoughts as to why I can SSH into the host w/my AD creds but not into the web client itself?  

Hi,

On the ESXi host, when you are logged in as root, can you see the new AD user under host permissions?

Can you get the output of the command esxcli system permission list? 

Thanks for the replies!

I logged into the web client of one of the hosts and do see the AD security group in the host's permissions.  I also SSH'd into the same host as root and ran the command and see the same output (the AD SG having the Admin role).

Any other thoughts?

Kindly check and share a screenshot of the below.

• Lockdown mode on the ESXi host .

As mentioned in my original post, lockdown mode is disabled.