1 2 Previous Next 23 Replies Latest reply on Jan 5, 2018 1:29 AM by 08Martin80 Go to original post
      • 15. Re: esxi 6.5 domain join with smb 2.0?
        Esprimo1 Lurker

        same issues here.

        ESXI 6.5U1 build 5969303

        SMB2 enabled in ESXI

        SMB1 disabled in Windows AD. (Two AD Servers, one 2008r2, one 2012)

         

        nslookup domain.local

        gives both server back.

        ntp.conf has both servers with DNS included.

         

        /usr/lib/vmware/likewise/bin/lwsm restart lwio
        /etc/init.d/lwsmd stop
        /etc/init.d/lwsmd start
        esxcli network firewall unload
        /usr/lib/vmware/likewise/bin/lwsm set-log file /var/log/likewise.log
        /usr/lib/vmware/likewise/bin/lwsm set-log-level debug
        /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.local administrator somepassword

         

        the command prints two messages:

             Joining to AD Domain:   domain.local
             With Computer DNS Name: xxx.domain.local

         

        and then just hangs.

         

        bye the way, the VCSA 6.5u1a is joining. so AD admin can log into VCSA.

        and the other stuff can join as well.

         

        any new hints?

        • 16. Re: esxi 6.5 domain join with smb 2.0?
          JudgementDay Novice

          Hi.

           

          I also have the requirement to disable SMBv1 and experiencing the same symptoms when trying to join ESXi 6.5 U1

           

          With SMBv1 disabled on the Windows side (2012 R2 for me) and SMBv2 enabled for ESXi, the ESXi Join domain will fail with the same errors you detail.

           

          The ESXi likewise service appears to crash then the host becomes unresponsive. I have to hard boot the host to recover!

           

          Did you get any further with your issue? Any response from VMware support?

           

          Thanks.

          • 17. Re: esxi 6.5 domain join with smb 2.0?
            08Martin80 Lurker

            Thats what happened here:

             

            We have 3 HP DL380 Servers. One is Gen8 and two are Gen7.

            Database is hosting on EMC VNXe

            (Yes i know HP Gen7 Servers are not supported with ESXi 6.5)

            One GEN7 is a cold Backup Server and used for testing, the other Gen7 Servers is only for VCSA 6.5 and some other stuff.

            Produktion Server is Gen8

             

            After switching off SMB1 in Windows AD Server we decided to Upgrade ESXi 5.5 to newest ESXi 6.5U1.

             

            I used VCSA Updatemanager to upgrade the testing Server. After resolving the PSOP Issues with HP-SMX-Provider, it was running fine.

            but I can't join the Domain. Some issues as above.

            The next was the VCSA 6.5 Host. I decided to install it with a modified HPE ISO on USB Stick (without HP-SMX-Provider).

            It was easy and works, but without Domain-Join.

            Last one: The Main System. Upgrade with full HPE ISO. It works and after Reboot it was joined by its own in the AD Domain.

             

            So perhaps its only an issue with old not supported Hardware?

             

            I tried to figure out if there are some wrong drivers, some VIB differences in Gen7 and Gen8 Servers, but all i can see is nearly the same.

            • 18. Re: esxi 6.5 domain join with smb 2.0?
              heman013 Lurker

              I can only state Robertrosit is completely right with what he writes. We have the same situation and no solution for now.

               

              I upgraded to the latest build available, but still no solution.

              vmware -vl

              VMware ESXi 6.5.0 build-6765664

              VMware ESXi 6.5.0 Update 1

              SMB 1 is disabled on our domain controllers, which is rather I good thing, I would say.

               

              /var/log/syslog

              2017-11-16T10:20:59Z lwsmd: [lsass] Joining domain domainname

              2017-11-16T10:20:59Z lwsmd: [netlogon] Looking for a DC in domain 'domainname', site '<null>' with flags 10

              2017-11-16T10:20:59Z lwsmd: [netlogon] Filtering list of 27 servers with list of 0 black listed servers

              2017-11-16T10:20:59Z lwsmd: [lsass] Affinitized to DC 'domcontrollername.domainname' for join request to domain 'domainname''

              2017-11-16T10:20:59Z lwsmd: [netlogon] Determining the current time for domain 'domainname''

              2017-11-16T10:20:59Z lwsmd: [netlogon] Looking for a DC in domain 'domainname'', site '<null>' with flags 10

              2017-11-16T10:20:59Z lwsmd: [netlogon] Looking for a DC in domain 'domainname'', site '<null>' with flags 1001

              2017-11-16T10:20:59Z lwsmd: [netlogon] Filtering list of 27 servers with list of 0 black listed servers

              2017-11-16T10:21:27Z lwsmd: [lsass] Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 31, symbol = ERROR_GEN_FAILURE, client pid = 67767

              2017-11-16T10:21:39Z lwsmd: [lsass] Failed to run provider specific request (request code = 12, provider = 'lsa-activedirectory-provider') -> error = 2692, symbol = NERR_SetupNotJoined, client pid = 68331

              2017-11-16T10:22:39Z lwsmd: [lsass] Failed to run provider specific request (request code = 12, provider = 'lsa-activedirectory-provider') -> error = 2692, symbol = NERR_SetupNotJoined, client pid = 68337

               

              /usr/lib/vmware/likewise/bin/lwsm set-log-level verbose

              20171116102420:VERBOSE:netlogon: Getting address for 'domcontrollername'

              20171116102420:INFO:netlogon: Filtering list of 27 servers with list of 0 black listed servers

              20171116102420:VERBOSE:netlogon: Getting address for 'domcontrollername'

              20171116102420:VERBOSE:netlogon: Getting address for 'domcontrollername'

              20171116102439:VERBOSE:lsass: Permission granted for (uid = 0, gid = 0, pid = 68644) to open LsaIpcServer

              20171116102439:VERBOSE:lsass-ipc: (session:10128abdd4e34055-ea3550bd19beacc8) Accepted association 0xac05148

              20171116102439:ERROR:lsass: Failed to run provider specific request (request code = 12, provider = 'lsa-activedirectory-provider') -> error = 2692, symbol = NERR_SetupNotJoined, client pid = 68644

              20171116102439:VERBOSE:lsass-ipc: (assoc:0xac05148) Dropping: Connection closed by peer

              20171116102443:ERROR:lsass: Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 31, symbol = ERROR_GEN_FAILURE, client pid = 67769

              20171116102443:VERBOSE:lsass-ipc: (assoc:0xac04eb8) Dropping: Connection closed by peer

              20171116102501:VERBOSE:lsass: Permission granted for (uid = 0, gid = 0, pid = 68648) to open LsaIpcServer

              20171116102501:VERBOSE:lsass-ipc: (session:49f43137bc9ef1b4-6b96affaf10ccbf6) Accepted association 0xac04eb8

              20171116102501:VERBOSE:lsass-ipc: (assoc:0xac04eb8) Dropping: Connection closed by peer

              • 19. Re: esxi 6.5 domain join with smb 2.0?
                seagull123 Lurker

                Same issue here!

                 

                Running ESXi 6.5.0 update 1 with smb2 enabled on the hosts and smb1 enabled on the windows win2016 domain controllers. If I turn of smb2 on the esxi hosts the AD joining operation will work fine.

                • 20. Re: esxi 6.5 domain join with smb 2.0?
                  heman013 Lurker

                  Got the issue solved, unfortunately with enabling smb1 on domain controllers and doing nothing on ESXi 6.5.0 Update 1 side (nothing disabled/enabled on SMB aspect).

                  So I consider this as a workaround with some security downside (WannaCry risk).

                   

                  Action done on domain controllers:

                  • enable smb1
                  • reboot server
                  • 21. Re: esxi 6.5 domain join with smb 2.0?
                    scratchfury79 Novice

                    VMware ESXi 6.5, Patch Release ESXi650-201712001 (2151102) fixes the issue.  I just loaded it up and was able to join the domain on the first try.

                     

                    VMware Knowledge Base

                    • 22. Re: esxi 6.5 domain join with smb 2.0?
                      robertrosit Novice

                      confirmed on my side. patch, reboot, domain join now ok.

                      • 23. Re: esxi 6.5 domain join with smb 2.0?
                        08Martin80 Lurker

                        yes!

                        VMware ESXi, 6.5.0, 7388607 solves the issues. It works with HP Gen7, too.

                        Installed with UpdateManager and Domain joined after reboot.

                        1 2 Previous Next