VMware Cloud Community
robertrosit
Enthusiast
Enthusiast
‎08-14-2017 07:43 AM
Jump to solution

esxi 6.5 domain join with smb 2.0?

host: esxi 6.5.0 vmkernel release build 5969303
domain controller: server 2016 standard with latest cumulative update
no firewall in place.

when adding the esxi host to the domain with SMB 1.0 protocol (default setting), there are no issues. it works fine, tested via webgui and via command line.


unfortunately in our environment we want to get rid of SMB 1.0 completely and uninstall it from the domain controllers. so we followed this (ESXi 6 hangs when joining Active Directory Domain ) post to modify likewise to use smb 2.0

after this change the domain join via webgui "hangs" and does not complete. then the entire webgui becomes unresponsive and from this moment on, we have to reboot the esxi host.

we followed various troubleshooting guides, like this one  (ESXi and Likewise – troubleshooting guide – part 2 – Virtual Village )
for example, we disabled ipv6 on the domain controller like suggested, we disabled the windows firewall on the DC, we disabled the esx firewall.... did not help. dns config, hosts file, etc.. should all be fine and good, as domain join with SMB1.0 works.

to get better debugging info we then tried a manual join with this procedure:

/usr/lib/vmware/likewise/bin/lwsm restart lwio
/etc/init.d/lwsmd stop
/etc/init.d/lwsmd start
esxcli network firewall unload
/usr/lib/vmware/likewise/bin/lwsm set-log file /var/log/likewise.log
/usr/lib/vmware/likewise/bin/lwsm set-log-level debug
/usr/lib/vmware/likewise/bin/domainjoin-cli join domain.local domainadmin@domain.local somepassword

the command prints two messages:

     Joining to AD Domain:   domain.local
     With Computer DNS Name: HV001.domain.local

and then just hangs.

after a failed join attempt like this we have to  ps | grep lwsmd  and kill -9 *pid* - otherwise, we can't interact with lwio/lsass anymore.


the verbose logging gives the following information:


20170814141140:DEBUG:lwio:IoCreateFile():ioapi.c:218: LEAVE: -> 0x00000103 (EE = 0)
20170814141140:DEBUG:lwio:IopIpcCreateFile():ioipc.c:438: LEAVE_IF: -> 0x00000103 (STATUS_PENDING) (EE = 0)
20170814141140:DEBUG:lwio:RdrResolveToDomain():driver.c:889: Error at ../lwio/server/rdr/driver.c:889 [status: STATUS_NOT_FOUND = 0xC0000225 (-1073741275)]
20170814141140:DEBUG:lwio:RdrSocketTaskConnect():socket.c:1019: Error at ../lwio/server/rdr/socket.c:1019 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketTask():socket.c:1246: Error at ../lwio/server/rdr/socket.c:1246 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketRead():socket.c:1773: Error at ../lwio/server/rdr/socket.c:1773 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketReceivePacket():socket.c:701: Error at ../lwio/server/rdr/socket.c:701 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketDispatchPacket2():socket.c:1423: Error at ../lwio/server/rdr/socket.c:1423 [status: STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3 (-1073741629)]
20170814141140:DEBUG:lwio:RdrSocketTaskTransceive():socket.c:1134: Error at ../lwio/server/rdr/socket.c:1134 [status: STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3 (-1073741629)]
20170814141140:DEBUG:lwio:RdrSocketTask():socket.c:1251: Error at ../lwio/server/rdr/socket.c:1251 [status: STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3 (-1073741629)]
20170814141223:VERBOSE:lsass:LsaSrvIpcCheckPermissions():ipc_state.c:79: Permission granted for (uid = 0, gid = 0, pid = 72438) to open LsaIpcServer
20170814141223:VERBOSE:lsass-ipc:lwmsg_peer_log_accept():peer-task.c:271: (session:04df4955d842942b-f5af40d405e6b03c) Accepted association 0xb1016b8
20170814141223:VERBOSE:lwreg:RegDbOpenKey():sqldb.c:1068: Registry::sqldb.c RegDbOpenKey() finished
20170814141223:DEBUG:lwreg:RegDbGetKeyValue_inlock():sqldb_p.c:1227: Error at ../lwreg/server/providers/sqlite/sqldb_p.c:1227 [status: LW_STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 (-1073741772)]
20170814141223:DEBUG:lwreg:RegDbGetValueAttributes_inlock():sqldb_schema.c:846: Error at ../lwreg/server/providers/sqlite/sqldb_schema.c:846 [status: LW_STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 (-1073741772)]

STATUS_INVALID_NETWORK_RESPONSE gives me no additional clue of what's going wrong except that this may simply be a bug in likewise or esxi.


is there any way to get domain join working with SMB 2.0 ?

23 Replies
heman013
Contributor
Contributor
‎12-13-2017 05:28 AM
Jump to solution

Got the issue solved, unfortunately with enabling smb1 on domain controllers and doing nothing on ESXi 6.5.0 Update 1 side (nothing disabled/enabled on SMB aspect).

So I consider this as a workaround with some security downside (WannaCry risk).

Action done on domain controllers:

  • enable smb1
  • reboot server
0 Kudos
scratchfury79
Contributor
Contributor
‎01-02-2018 11:08 AM
Jump to solution

VMware ESXi 6.5, Patch Release ESXi650-201712001 (2151102) fixes the issue.  I just loaded it up and was able to join the domain on the first try.

VMware Knowledge Base

robertrosit
Enthusiast
Enthusiast
‎01-03-2018 03:29 AM
Jump to solution

confirmed on my side. patch, reboot, domain join now ok.

0 Kudos
08Martin80
Contributor
Contributor
‎01-05-2018 01:29 AM
Jump to solution

yes!

VMware ESXi, 6.5.0, 7388607 solves the issues. It works with HP Gen7, too.

Installed with UpdateManager and Domain joined after reboot.

0 Kudos