I'm using ESXi 6.0 and I'm trying to connect to a Windows Server 2012 R2 Active Directory server.
When I'm trying to join the domain using the vSphere Client, the error message is: Errors in Active Directory operations.
I've enabled the likewise logs (using a knowledgebase article) and here is what it shows:
20150812124326:VERBOSE:lsass: Permission granted for (uid = 0, gid = 0, pid = 869737) to open LsaIpcServer
20150812124326:VERBOSE:lsass-ipc: (session:60b127d4613799e1-3c9943b0bcec2f2b) Accepted association 0x50101808
20150812124326:ERROR:lsass: Failed to run provider specific request (request code = 12, provider = 'lsa-activedirectory-provider') -> error = 2692, symbol = NERR_SetupNotJoined, client pid = 869737
20150812124326:VERBOSE:lsass-ipc: (assoc:0x50101808) Dropping: Connection closed by peer
20150812124326:VERBOSE:lsass: Permission granted for (uid = 0, gid = 0, pid = 869740) to open LsaIpcServer
20150812124326:VERBOSE:lsass-ipc: (session:bb3a890fae016a35-83383dea7cf6647f) Accepted association 0x50101808
20150812124326:ERROR:lsass: Failed to run provider specific request (request code = 12, provider = 'lsa-activedirectory-provider') -> error = 2692, symbol = NERR_SetupNotJoined, client pid = 869740
20150812124326:VERBOSE:lsass-ipc: (assoc:0x50101808) Dropping: Connection closed by peer
20150812124326:VERBOSE:lsass: Permission granted for (uid = 0, gid = 0, pid = 34569) to open LsaIpcServer
20150812124326:VERBOSE:lsass-ipc: (session:e816176c70a6971e-1f6ec440991e966c) Accepted association 0x50101808
20150812124326:VERBOSE:lsass-ipc: (assoc:0x50101808) Dropping: Connection closed by peer
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbOpenKey() finished
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbUpdateRegValues_inlock() finished
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbSetKeyValue() finished
20150812124326:VERBOSE:lsass: Permission granted for (uid = 0, gid = 0, pid = 34569) to open LsaIpcServer
20150812124326:VERBOSE:lsass-ipc: (session:644ad0b359c08392-9fc0c84aba95f82b) Accepted association 0x50101808
20150812124326:VERBOSE:lsass-ipc: (assoc:0x50101808) Dropping: Connection closed by peer
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbOpenKey() finished
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbUpdateRegValues_inlock() finished
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbSetKeyValue() finished
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbOpenKey() finished
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbUpdateRegValues_inlock() finished
20150812124326:VERBOSE:lwreg: Registry::sqldb.c RegDbSetKeyValue() finished
20150812124326:VERBOSE:lsass: Permission granted for (uid = 0, gid = 0, pid = 34569) to open LsaIpcServer
20150812124326:VERBOSE:lsass-ipc: (session:612362b005f0c432-f795e5852d5aad3b) Accepted association 0x50101808
20150812124326:INFO:netlogon: Looking for a DC in domain 'AD.EXAMPLE.COM', site '<null>' with flags 10
20150812124326:VERBOSE:lsass: Affinitized to DC 'DC01.ad.example.com' for join request to domain 'AD.EXAMPLE.COM'
20150812124326:INFO:netlogon: Determining the current time for domain 'AD.EXAMPLE.COM'
20150812124326:INFO:netlogon: Looking for a DC in domain 'AD.EXAMPLE.COM', site '<null>' with flags 10
20150812124326:INFO:netlogon: Looking for a DC in domain 'AD.EXAMPLE.COM', site '<null>' with flags 1001
20150812124326:INFO:netlogon: Filtering list of 1 servers with list of 0 black listed servers
20150812124326:VERBOSE:lwio: GSS-API error calling gss_init_sec_context: 1 (The routine must be called again to complete its function)
20150812124326:ERROR:lsass: Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 87, symbol = ERROR_INVALID_PARAMETER, client pid = 34569
20150812124326:VERBOSE:lsass-ipc: (assoc:0x50101808) Dropping: Connection closed by peer
(NOTE: I've redacted my real domain in the logs and changed it to example.com)
My workstations are connecting to Active Directory without any problems including an OS X machine so I don't think the problem is my AD server or DNS...
Thanks for any help.
see this KB, might be applicable for ESXi 6 too
Can you check port pre-request? below ports are disabled firewall?