VMware vSphere

 View Only
Expand all | Collapse all

troubleshooting esxi host to join domain

tdubb123

tdubb123Jan 31, 2018 02:56 PM

  • 1.  troubleshooting esxi host to join domain

    Posted Jan 29, 2018 04:18 PM

    I am trying to troubleshooting why a host is not able to join an AD domain

    All necessary ports from this kb has been opened

    VMware Knowledge Base

    but its failing to join

    any idea?

    I tried doing a packet capture

    but do not see anything i can tell in the cap file



  • 2.  RE: troubleshooting esxi host to join domain

    Posted Jan 29, 2018 04:38 PM

    Please provide more information. What is the ESXi version? Can you show how you're attempting to join the domain and what inputs you're providing? Is this an issue with all hosts or just a specific one?



  • 3.  RE: troubleshooting esxi host to join domain

    Posted Jan 29, 2018 07:49 PM

    esxi 5.5

    authentication services

    active directory

    join using username@domain.com

    I did do a nc -v dc 137 and 139 but got no response



  • 4.  RE: troubleshooting esxi host to join domain

    Posted Jan 29, 2018 07:55 PM

    Do you mean authentication proxy? If not, if you can't do a nc -z <DC IP> 88 then you have a firewall issue.



  • 5.  RE: troubleshooting esxi host to join domain

    Posted Jan 29, 2018 08:40 PM

    no not using authtication proxy

    I got response on port 88 but not

    135 or 137



  • 6.  RE: troubleshooting esxi host to join domain

    Posted Jan 29, 2018 08:45 PM

    Testing those two ports aren't necessarily indicative of success/failure. But if you can't reach ports 445, 389/636 (for non/SSL), 88 then you definitely have an issue. In your firewall profile, ensure the Active Directory rules (in/out) are enabled. It should be a single line item.



  • 7.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 02:29 PM

    636 does not respond

    135 does not respond

    123 does not respond

    137 does not respond

    389 does

    445 responds

    139 responds

    3268 responds

    88 responds

    firewall is open on the host



  • 8.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 02:32 PM

    From your ESXi host, can you do an nslookup for the fully-qualified domain name of your AD? How many DCs respond to the DNS query? Is a host possibly trying to contact one in another geo based on the returned results? Need more information about your environment.



  • 9.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 02:42 PM

    All the DCs respond. local DCs and remote DCS



  • 10.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 02:42 PM

    but I cannot ping any of the DCs



  • 11.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 02:45 PM

    The DCs' local firewalls may have ICMP disabled. Sounds like you have network connectivity issues.



  • 12.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 02:56 PM

    but the ports are open.

    does icmp need to be open?



  • 13.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 02:57 PM

    It shouldn't be needed. Need to see log files to know more.



  • 14.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 03:16 PM

    I had this issues and fix it. but still cannot join domain

    VMware Knowledge Base



  • 15.  RE: troubleshooting esxi host to join domain

    Posted Jan 29, 2018 05:44 PM

    Is the host and domain controller on subnet ? First troubleshooting step is, login to DCUI and test the network configuration. DNS server and gateway should be pingable in test from DCUI.



  • 16.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 04:52 PM

    What username are you using.

    Try to use only: username

    This never works: DOMAIN\user

    This never works: user@domain.com



  • 17.  RE: troubleshooting esxi host to join domain

    Posted Jan 31, 2018 02:56 PM

    tried just username

    does not work



  • 18.  RE: troubleshooting esxi host to join domain

    Posted Feb 01, 2018 10:32 AM

    can you attach vmkermel and hostd logs from the host which you try to join AD

    as well what's AD functional level? 2008/2012/2016?



  • 19.  RE: troubleshooting esxi host to join domain

    Posted Feb 01, 2018 10:35 AM

    As well you can enable likewise loggint to troubleshoot the issue

    Here is KB article VMware Knowledge Base

    Enable it and attach as well, please.



  • 20.  RE: troubleshooting esxi host to join domain

    Posted Feb 22, 2018 05:15 PM

    still cannot join domain

    giving me Error in active directory operations

    netlogon.log

    ux/netlogon/server/api/lwnet-pstore.c:83 [code: 136]

    20180222171004:0x2092cb70:INFO:[LWNetSrvGetDCTime() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:434] Determining the current time for domain 'prod.domain.com'

    20180222171004:0x2092cb70:INFO:[LWNetSrvGetDCName() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:97] Looking for a DC in domain 'prod.domain.com', site '<null>' with flags 10

    20180222171004:0x2092cb70:DEBUG:[LWNetCacheDbQuery() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-cachedb.c:765] Cached entry not found: prod.domain.com, , 0

    20180222171004:0x2092cb70:DEBUG:[LWNetPreferredDcPluginBuildServerArray() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:244] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:244 [code: 2453]

    20180222171004:0x2092cb70:DEBUG:[LWNetGetPreferredDcList() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:201] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:201 [code: 2453]

    20180222171004:0x2092cb70:DEBUG:[LWNetSrvGetDCNameDiscoverInternal() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:888] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:888 [code: 2453]

    20180222171004:0x2092cb70:INFO:[LWNetFilterFromBlackList() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:725] Filtering list of 20 servers with list of 0 black listed servers

    20180222171019:0x2092cb70:VERBOSE:[LWNetSrvPingCLdapProcessConnections() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:482] CLDAP timed out:

    20180222171019:0x2092cb70:VERBOSE:[LWNetSrvPingCLdapProcessConnections() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:482] CLDAP timed out:

    20180222171019:0x2092cb70:VERBOSE:[LWNetSrvPingCLdapProcessConnections() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:482] CLDAP timed out:

    20180222171019:0x2092cb70:VERBOSE:[LWNetSrvPingCLdapProcessConnections() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:482] CLDAP timed out:

    20180222171019:0x2092cb70:VERBOSE:[LWNetSrvPingCLdapProcessConnections() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:482] CLDAP timed out:

    20180222171019:0x2092cb70:VERBOSE:[LWNetSrvPingCLdapProcessConnections() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:482] CLDAP timed out:

    20180222171019:0x2092cb70:DEBUG:[LWNetSrvPingCLdapArray() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:633] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:633 [code: 2453]

    20180222171019:0x2092cb70:DEBUG:[LWNetSrvGetDCNameDiscoverInternal() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:937] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:937 [code: 2453]

    20180222171019:0x2092cb70:DEBUG:[LWNetSrvGetDCNameDiscover() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:833] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:833 [code: 2453]

    20180222171019:0x2092cb70:DEBUG:[LWNetSrvGetDCName() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:257] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:257 [code: 2453]

    20180222171019:0x2092cb70:DEBUG:[LWNetSrvGetDCTime() /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:445] Error at /build/mts/release/bora-3378740/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:445 [code: 2453]



  • 21.  RE: troubleshooting esxi host to join domain

    Posted Feb 22, 2018 06:25 PM

    I see timeout errors. At this point it's better to capture network traffic from ESXi host when you attempt to joint it to AD and check what's going on.

    Use pktcap-uw tool and then check dump with wireshark

    VMware Knowledge Base



  • 22.  RE: troubleshooting esxi host to join domain

    Posted Jan 30, 2018 06:10 PM

    Try below

    1.  /etc/init.d/lwsmd start

    2.  chkconfig lwsmd on

    3.  /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.com administrator  password

    You may have to reboot the host .



  • 23.  RE: troubleshooting esxi host to join domain

    Posted Jan 31, 2018 02:56 PM

    there is no lwsmd



  • 24.  RE: troubleshooting esxi host to join domain

    Posted Feb 01, 2018 06:52 AM

    Hi

    please consider below URL maybe can useful for you.

    1-      VMware Knowledge Base

    2-     How to add an ESXi Host to an Active Directory Domain

    Br

    MJ



  • 25.  RE: troubleshooting esxi host to join domain

    Posted Feb 22, 2018 07:44 PM

    Hi ,

    Is SMB1 is disabled on your network ?



  • 26.  RE: troubleshooting esxi host to join domain

    Posted Feb 22, 2018 09:08 PM

    This is an excellent guide on troubleshooting an issue such as yours:

    ESXi and Likewise – troubleshooting guide – part 2 – Virtual Village



  • 27.  RE: troubleshooting esxi host to join domain

    Posted Mar 07, 2018 04:19 PM

    finally got this resolved.

    but when i leave the domain and rejoin. it gives an error

    The operation is not allow in current state

    do i need to reboot an esxi host after leaving a domain before a rejoin?



  • 28.  RE: troubleshooting esxi host to join domain

    Posted Dec 06, 2021 06:50 PM

    Hi,

    Can you share how did you manage to get it resolved?

    Thanks