I am trying to troubleshooting why a host is not able to join an AD domain
All necessary ports from this kb has been opened
but its failing to join
any idea?
I tried doing a packet capture
but do not see anything i can tell in the cap file
Please provide more information. What is the ESXi version? Can you show how you're attempting to join the domain and what inputs you're providing? Is this an issue with all hosts or just a specific one?
Is the host and domain controller on subnet ? First troubleshooting step is, login to DCUI and test the network configuration. DNS server and gateway should be pingable in test from DCUI.
esxi 5.5
authentication services
active directory
join using username@domain.com
I did do a nc -v dc 137 and 139 but got no response
Do you mean authentication proxy? If not, if you can't do a nc -z <DC IP> 88 then you have a firewall issue.
no not using authtication proxy
I got response on port 88 but not
135 or 137
Testing those two ports aren't necessarily indicative of success/failure. But if you can't reach ports 445, 389/636 (for non/SSL), 88 then you definitely have an issue. In your firewall profile, ensure the Active Directory rules (in/out) are enabled. It should be a single line item.
636 does not respond
135 does not respond
123 does not respond
137 does not respond
389 does
445 responds
139 responds
3268 responds
88 responds
firewall is open on the host
From your ESXi host, can you do an nslookup for the fully-qualified domain name of your AD? How many DCs respond to the DNS query? Is a host possibly trying to contact one in another geo based on the returned results? Need more information about your environment.
All the DCs respond. local DCs and remote DCS
but I cannot ping any of the DCs
The DCs' local firewalls may have ICMP disabled. Sounds like you have network connectivity issues.
but the ports are open.
does icmp need to be open?
It shouldn't be needed. Need to see log files to know more.
I had this issues and fix it. but still cannot join domain
What username are you using.
Try to use only: username
This never works: DOMAIN\user
This never works: user@domain.com
Try below
1. /etc/init.d/lwsmd start
2. chkconfig lwsmd on
3. /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.com administrator password
You may have to reboot the host .
there is no lwsmd
tried just username
does not work
Hi
please consider below URL maybe can useful for you.
2- How to add an ESXi Host to an Active Directory Domain
Br
MJ