VMware Cloud Community
EdZ
Contributor
Contributor
‎06-24-2011 03:14 PM
Jump to solution

ESX 4.x AD integration not working

I've just tried to implement the ESX 4.x active directory integration. The ESX host seems to have joined the domain. The computer object is visible, and the properties on the configuration tab show the domain name, so everything looks like it is configured OK. Here's the problem, though. When connecting to the ESX host via the vSphere Client directly (via root account) and then attempting to add permissions for users, the dialog box does not show the domain as an option. Is this the proper procedure? I'm wondering how the ESX host can query the domain for user and group objects without having an AD account logged in. Normally, on a Windows machine, you can't browse the directory until you login to the domain. What I'm wondering that maybe this is why the ESX Admins AD account is required initially - when you first connect to the ESX host directly to add users, you can connect using a domain account that is in that group, and it would then use those credentials to query the domain? Or am I completely on the wrong track here?

Thanks,
Ed

Preview file
27 KB
Preview file
20 KB
0 Kudos
1 Solution

Accepted Solutions
chriswahl
Virtuoso
Virtuoso
‎06-24-2011 07:07 PM
Jump to solution

Hello Ed,

I took one of my lab servers and added it to the domain to see if I could recreate the issue you are describing. One thing I did notice from your picture is that the "Trusted Domains" field inside of the Directory Services Configuration section was empty. Can you verify that this, or did you blank out this field for the picture?

I ask because when I configured authentication services on my host, I see a list of all trusted domains in that spot.

Further, I logged onto the host directly as the local root user and attempted to add new permissions to the host. I was able to browse AD and locate my AD account without using an AD account to connect with in the first place.

I believe that the account you connect to the host is irrelvant as the host itself has a computer account within the domain with read access to AD.

VCDX #104 (DCV, NV) ஃ WahlNetwork.com ஃ @ChrisWahl ஃ Author, Networking for VMware Administrators

View solution in original post

0 Kudos
2 Replies
chriswahl
Virtuoso
Virtuoso
‎06-24-2011 07:07 PM
Jump to solution

Hello Ed,

I took one of my lab servers and added it to the domain to see if I could recreate the issue you are describing. One thing I did notice from your picture is that the "Trusted Domains" field inside of the Directory Services Configuration section was empty. Can you verify that this, or did you blank out this field for the picture?

I ask because when I configured authentication services on my host, I see a list of all trusted domains in that spot.

Further, I logged onto the host directly as the local root user and attempted to add new permissions to the host. I was able to browse AD and locate my AD account without using an AD account to connect with in the first place.

I believe that the account you connect to the host is irrelvant as the host itself has a computer account within the domain with read access to AD.

VCDX #104 (DCV, NV) ஃ WahlNetwork.com ஃ @ChrisWahl ஃ Author, Networking for VMware Administrators
0 Kudos
AndreTheGiant
Immortal
Immortal
‎06-24-2011 10:16 PM
Jump to solution

Configuration seems fine.

After that you must see (using vSphere Client connected to the ESX host) also the domain users.

I've tried with ESXi and it works. Could be a problema with ESX firewall... Check if rules has been added.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro