Trying to join an ESXi 5 host to a 2008R2 domain and get the error "Errors in Active Directory Operations".  It is connecting to the DC and peforming a LDAP query.

I enabled debug logging per http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1026554

The only logs that appear to be pertinant are from netlogond.  Specifically the line in red.

20111204162220:0xffdf9b90:DEBUG:[LWNetSrvGetDCTimeFromDC() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:557] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:557 [code: 40286]
20111204162220:0xffdf9b90:INFO:[LWNetSrvGetDCName() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:97] Looking for a DC in domain 'example.com', site '<null>' with flags 11
20111204162220:0xffdf9b90:DEBUG:[LWNetPreferredDcPluginBuildServerArray() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:244] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:244 [code: 2453]
20111204162220:0xffdf9b90:DEBUG:[LWNetGetPreferredDcList() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:201] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-plugin.c:201 [code: 2453]
20111204162220:0xffdf9b90:DEBUG:[LWNetSrvGetDCNameDiscoverInternal() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:751] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:751 [code: 2453]
20111204162220:0xffdf9b90:INFO:[LWNetFilterFromBlackList() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet.c:588] Filtering list of 1 servers with list of 0 black listed servers
20111204162220:0xffdf9b90:ERROR:[LWNetSrvGetDCTimeFromDC() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:555] Failed ldap search on DC1.example.com error=40286

20111204162220:0xffdf9b90:DEBUG:[LWNetSrvGetDCTimeFromDC() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:557] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:557 [code: 40286]
20111204162220:0xffdf9b90:DEBUG:[LWNetSrvGetDCTime() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:470] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/dcinfo.c:470 [code: 40286]
20111204162222:0xffe0ab90:DEBUG:[LWNetSrvGetCurrentDomain() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83 [code: 136]
20111204162228:0xffe1bb90:DEBUG:[LWNetSrvGetCurrentDomain() /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83] Error at /build/mts/release/bora-396388/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83 [code: 136]

Per the error, an LDAP search is failing which makes me thing the issue is on my domain but I am not sure what the query is or what the expected answer is to further troubleshoot.

Any suggestions?

EDIT:  Running network monitor on the DC, I captured the LDAP query looking like this:

Filter: (&(DnsDomain=example.com)(NtVer=06:00:00:00))

The response returns:

SearchResultDone: Status: Success, MatchedDN: NULL, ErrorMessage: NULL

Which means there was no match.

Running the query directly n the DC with ldp I get this:

***Searching...
ldap_search_s(ld, "(&(DnsDomain=example.com)(NtVer=06:00:00:00))", 0, "(objectClass=*)", attrList,  0, &msg)
Error: Search: Invalid DN Syntax. <34>
Server error: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349, best match of:
    '(&(DnsDomain=example.com)(NtVer=06:00:00:00))'

Error 0x208F The object name has bad syntax.
Result <34>: 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8349, best match of:
    '(&(DnsDomain=example.com)(NtVer=06:00:00:00))

Trying again with just (DnsDomain=example.com) I get:

***Searching...
ldap_search_s(ld, "(DnsDomain=example.com)", 0, "(objectClass=*)", attrList,  0, &msg)
Error: Search: Operations Error. <1>
Server error: 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0

Error 0x20D6 No superior reference has been configured for the directory service. The directory service is therefore unable to issue referrals to objects outside this forest.
Result <1>: 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0

Getting 0 entries:

Curious if this was caused by something wrong with my domain, I spun up a new DC with a new forrest and got the same results.

I am at a bit of a loss here now.  Either I have mis-read the packet captures or there is an issue with ESXi that I am missing.

JBane - added details after the edit line.