Can you confirm is your ESXi hosts are time synced with your DC and that your ESXi host are using the DC IP address has the DNS server?

rcporto​

Yes to all.

Although in another thread I mention a problem to keep it synced automatically (ESX time desynchronizes ), I sync it manually right before trying to add it to the AD with no success.

Thanks!

@Manuel_Serrano

Check with a telnet if you arrives to esx since AD at port 389

I have already tried, and I cannot. My Windows firewalls are all disabled.

And I have even disabled the ESX firewall by issuing

esxcli network firewall set --enabled false

and

esxcli network firewall unload

I have no idea what can be filtering these ports...

Thanks!

The esxi and the AD are in the same network?

@Manuel_Serrano

The esxi and the AD are in the same network?

Yes, they are. The AD has only one network card. The ESXi has many of them.

They see each other through the management network (I get ping replies).

Regards!

A ping does not mean that they are on the same network. It is very rare that on the same network you do not arrive with a telnet. By default the ESXi ports are open for the AD. Try with a tracert.

In the security profile of the ESXi, the ports are open?

@Manuel_Serrano

I have issued many telnets without success. I have enabled SSH on ESXi and telnet to port 22 DOES work.

I have opened all in the security settings through vSphere client and enabled all ports from all IPs. Unless I am doing anything wrong, the only telnet I am able to open is against port 22.

¿Is there any screenshot which I can use to check if I am doing it right?

Many thanks for the help.

Find attached my current ESX configuration regarding Services and Firewall, in case it helps.

@Manuel_Serrano

Yes. It's a lab environment, and the ESXi has been resetted thousands of times.

because are many factors in these screenshots that can have problems.

¿Like which ones?

The fact that I can't telnet may be the problem. Something is blocking the ports, and I have no idea of what it is....

Thanks!

you mean telnet to any port is not working or telnet command itself not working?

By default , ESXi does not support telnet command ,instead you have to use the command "nc" to check the connectivity to destination machine on particular port.

Also, following article gives you the required port for AD https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=10123...

TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other net...

check if you have proper port connectivity to DC using the command nc from esxi host.

@Sureshkumar M

I'm trying telnet FROM DC TO ESX. Telnet is installed on Windows. There's something blocking connections from Win to ESX, since port 22 works.

This is a normal ESX ports configuration

@Sureshkumar M

Can you stop and disable windows firewall and antivirus on Windows server and check again ? Sorry if it is a repeated question.

I did that days ago. Thank you . ¿Maybe VMWare workstation internally has some firewall and I haven't noticed?

@Manuel_Serrano

Thanks. I'll try it later. The next thing I'll do is delete Win2012 machines and try with a fresh install of Win2008. This is driving me crazy.

Thank you!

jummmm.

If you are using Workstation, what kind of network are you choosing in the vms?

Do you have firewall in the windows machine where you have the workstation?

@Manuel_Serrano

The networks are "Host Only". Isolated from the Internet. Windows Firewalls are all OFF.

Using VMWare Workstation 12.

Thanks!

Change to bridged or nat (with nat you have to change ips and network) and try it.