Hello.
I've just attented to VMWare 6.0 ICM official course and I'm following the official lab guide in a nested environment.
When it comes to add an ESX host to Active Directoy services, it won't work. In "Authentication Services", I click on "Join Domain", provide the credentials (user@domain) and it always gives me "Errors in Active Directory Operations" error.
All VM's firewalls are off. I am running Win Server 2012 R2 as guest operating systems.
I've tried everything. Even turning off the ESX own firewall via shell commands, with no result.
¿Any clue?
Thanks in advance.
Can you confirm is your ESXi hosts are time synced with your DC and that your ESXi host are using the DC IP address has the DNS server?
Can you confirm is your ESXi hosts are time synced with your DC and that your ESXi host are using the DC IP address has the DNS server?
rcporto
Yes to all.
Although in another thread I mention a problem to keep it synced automatically (ESX time desynchronizes ), I sync it manually right before trying to add it to the AD with no success.
Thanks!
Hi!
If you have problems with AD and with NTP, at 99% I´m secure that you have a conexion problem with AD server.
Check with a telnet if you arrives to esx since AD at port 389
@Manuel_Serrano
Check with a telnet if you arrives to esx since AD at port 389
I have already tried, and I cannot. My Windows firewalls are all disabled.
And I have even disabled the ESX firewall by issuing
esxcli network firewall set --enabled false
and
esxcli network firewall unload
I have no idea what can be filtering these ports...
Thanks!
The esxi and the AD are in the same network?
@Manuel_Serrano
The esxi and the AD are in the same network?
Yes, they are. The AD has only one network card. The ESXi has many of them.
They see each other through the management network (I get ping replies).
Regards!
A ping does not mean that they are on the same network. It is very rare that on the same network you do not arrive with a telnet. By default the ESXi ports are open for the AD. Try with a tracert.
In the security profile of the ESXi, the ports are open?
@Manuel_Serrano
I have issued many telnets without success. I have enabled SSH on ESXi and telnet to port 22 DOES work.
I have opened all in the security settings through vSphere client and enabled all ports from all IPs. Unless I am doing anything wrong, the only telnet I am able to open is against port 22.
¿Is there any screenshot which I can use to check if I am doing it right?
Many thanks for the help.
Wow.
Probably the problem is there, because you have a lot of services started and many ports open that you don´t need.
My advice is if is a lab environment, reset the ESXi because are many factors in these screenshots that can have problems.
@Manuel_Serrano
Yes. It's a lab environment, and the ESXi has been resetted thousands of times.
because are many factors in these screenshots that can have problems.
¿Like which ones?
The fact that I can't telnet may be the problem. Something is blocking the ports, and I have no idea of what it is....
Thanks!
you mean telnet to any port is not working or telnet command itself not working?
By default , ESXi does not support telnet command ,instead you have to use the command "nc" to check the connectivity to destination machine on particular port.
Also, following article gives you the required port for AD https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=10123...
check if you have proper port connectivity to DC using the command nc from esxi host.
@Sureshkumar M
I'm trying telnet FROM DC TO ESX. Telnet is installed on Windows. There's something blocking connections from Win to ESX, since port 22 works.
Can you stop and disable windows firewall and antivirus on Windows server and check again ? Sorry if it is a repeated question.
@Sureshkumar M
Can you stop and disable windows firewall and antivirus on Windows server and check again ? Sorry if it is a repeated question.
I did that days ago. Thank you . ¿Maybe VMWare workstation internally has some firewall and I haven't noticed?
@Manuel_Serrano
Thanks. I'll try it later. The next thing I'll do is delete Win2012 machines and try with a fresh install of Win2008. This is driving me crazy.
Thank you!
jummmm.
If you are using Workstation, what kind of network are you choosing in the vms?
Do you have firewall in the windows machine where you have the workstation?
@Manuel_Serrano
The networks are "Host Only". Isolated from the Internet. Windows Firewalls are all OFF.
Using VMWare Workstation 12.
Thanks!
Change to bridged or nat (with nat you have to change ips and network) and try it.