Hi,
I've read a lot about numerous customers having issues with AD authentication on ESXi 6 Update 2.
These issues are documented here and in a number of threads on these forums.
http://www.v-front.de/2016/06/active-directory-issues-with-esxi-60.html
I was hoping patch release ESXi6-2016080001 which specifically mentions some AD authentication issues would fix the problems. It appears this is not the case. I am able to get AD authentication working perfectly for a time, however reboots of the ESXi hosts running this latest version cause AD authentication to start failing with the /var/log/auth.log reporting
pam_succeed_if(sshd_auth) : error retrieving information about user
When using the powershell cmdlet Get-VMHostAuthentication the following is reported...
DomainMembershipStatus: NoServers
Its as if the trust relationship with the domain fails after usual operations such as host reboots etc. Attempts to leave the domain, fail completely and timeout, whether using the vSphere client or powershell. Sometimes these attempts result in the host itself becoming unmanageable.
It appears domain authentication for ESXi6 Update 2 and later is completely unusable in its current state. My only fix for these issues has been a rebuild of the ESXi host completely after deleting the computer object from AD and then rejoining it.
The cause of these issues was likely that the PDC emulator role Primary DC was syncing its time with a different source than the ESXi hosts. Changing that time source to the same time source as the ESXi hosts resolved the issues.
I suggest you to open a support request and report the issue to VMware.
It is also possible that VMware is aware about this and still working.
ESXi 6.0 hosts become unresponsive when joined to an AD domain (2145611) | VMware KB
The cause of these issues was likely that the PDC emulator role Primary DC was syncing its time with a different source than the ESXi hosts. Changing that time source to the same time source as the ESXi hosts resolved the issues.