Just built two new ESXI Hosts 6.5
I posted earlier that I was having issues updating the two hosts but no one responded.
I got some of the updates on but still non compliant.
So I then decided to had a couple of VM's on they are all working fine.
I wanted to domain join the ESXI host but they fail.
I Installed VCSA and added the two host to my DataCenter and cluster.
On the VCSA I was able to Domain join to my AD Domain with no issue and it was very quick.
When I try to domain join the esxi hosts it takes a very long time and then fails/
When I try to domain join the esxi host I get this error
Errors in Active Directory Operations not much of explanation
I SSH'd into the host and ran this
[root@ESXI-10:/usr/lib/vmware/likewise/bin] ./domainjoin-cli join my.network.com administrator
Joining to AD Domain: our.network.tgcsnet.com
With Computer DNS Name: TGCSESXI-10.our.network.tgcsnet.com
administrator@MY.NETWORK..COM's password:
Error: ERROR_GEN_FAILURE [code 0x0000001f]
[root@ESXI-10:/usr/lib/vmware/likewise/bin]
Using the GUI or CLI I get errors.
I enabled SMB 2 on my ESXI hosts that did not help
I enabled SMB 1 on my Domain Controllers and that did not work
Any ideas or suggestions
Thank you
tom
Hello
Everyone.
I figured out the issue.
It was the version of ESXI I was running
I rebuilt both Hosts and Now running ESXI 6.5 U3a 16576891
After I updated the ESXI Hosts the Domain Joining took seconds and was successful
Thanks for all you help and suggestions.
Please mark this as resolved
Hi,
Have you checked the active directory side? Did you make dns records?
Yes I have A Records in DNS for both ESXI Hosts
I can ping both by DNS name and ip address from any domain joined server or computer.
Have you double and triple checked the necessary ports are open from the host to AD?
To eliminate the host firewall itself, you could temporarily disable it from the CLI
esxcli network firewall set –e false
esxcli network firewall get (to check the status)
then attempt the domain join again.
Then re-enable the host firewall
esxcli network firewall set –e true
Thanks
Andrew
[root@ESXI-19:~] esxcli network firewall get
Default Action: DROP
Enabled: true
Loaded: true
[root@ESXI-19:~] esxcli network firewall set -e false
[root@ESXI-19:~] esxcli network firewall get
Default Action: DROP
Enabled: false
Loaded: true
Still failed
Which Ports on my AD side do I need open?
I just checked
I have 88 TCP UDP 443 TCP UDP 389 TCP UDP all open do I need any more
I went by this one
several attempts
2020-10-09T01:15:15.714Z info hostd[AA81B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34735-auto-qsw-h5:70006025-8-7b-6f5a user=vpxuser:VSPHERE.LOCAL\Administrator] Event 349 : Join domain failed.
[root@ESXI-10:/usr/lib/vmware/likewise/bin] less /var/log/hostd.log | grep domain
LikewisePerformDomainAction: calling DJRunJoinProcess() to JOIN domain...
2020-10-09T01:15:15.714Z info hostd[AA81B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34735-auto-qsw-h5:70006025-8-7b-6f5a user=vpxuser:VSPHERE.LOCAL\Administrator] Event 349 : Join domain failed.
[LikewisePerformDomainAction:168] DJInitModuleStates(): Invalid username (11/0): The username 'mydom\administrator@MY.NETWORK.COM' is invalid because it contains a backslash. Please use UPN syntax (user@domain.com) if you wish to use a username from a different domain.
2020-10-09T01:16:42.762Z info hostd[A781B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34804-auto-qut-h5:70006063-cc-cf-6f89 user=vpxuser:VSPHERE.LOCAL\Administrator] Event 350 : Join domain failed.
[root@ESXI-10:/usr/lib/vmware/likewise/bin] less /var/log/hostd.log | grep domain
LikewisePerformDomainAction: calling DJRunJoinProcess() to JOIN domain...
2020-10-09T01:15:15.714Z info hostd[AA81B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34735-auto-qsw-h5:70006025-8-7b-6f5a user=vpxuser:VSPHERE.LOCAL\Administrator] Event 349 : Join domain failed.
[LikewisePerformDomainAction:168] DJInitModuleStates(): Invalid username (11/0): The username 'our\administrator@OUR.NETWORK.TGCSNET.COM' is invalid because it contains a backslash. Please use UPN syntax (user@domain.com) if you wish to use a username from a different domain.
2020-10-09T01:16:42.762Z info hostd[A781B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34804-auto-qut-h5:70006063-cc-cf-6f89 user=vpxuser:VSPHERE.LOCAL\Administrator] Event 350 : Join domain failed.
LikewisePerformDomainAction: calling DJRunJoinProcess() to JOIN domain...
2020-10-09T01:17:47.924Z info hostd[A440B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34820-auto-qv9-h5:70006073-c3-8d-6fab user=vpxuser:VSPHERE.LOCAL\Administrator] Event 351 : Join domain failed.
[root@ESXI-10:/usr/lib/vmware/likewise/bin]
[LikewisePerformDomainAction:168] DJInitModuleStates(): Invalid username (11/0): The username 'our\administrator@OUR.NETWORK.TGCSNET.COM' is invalid because it contains a backslash. Please use UPN syntax (user@domain.com) if you wish to use a username from a different domain.
Try UPN style with a user which have the rights to join a computer to the AD and be sure that you dont mix Short/Long AD Name together with your E-Mail domain.
Regards,
Joerg
I have tried using upn method still does not join.
There is something underlining here that is not allowing this.
Firewall is off on ESXI host I even turned off firewall on DC's
I looked at the log nothing there either.
Need help on this.
You should open a GSS ticket.
Regards,
Joerg
Hey, quick question
is there any machine account in your domain?
Can you delete if there is?
Warm regards
The name of the ESXI host was in AD already but I deleted them
They are in AD DNS
Try this pleas
It has helped me in the pasthttp://blog.ikigo.net/?p=173
Hello
Everyone.
I figured out the issue.
It was the version of ESXI I was running
I rebuilt both Hosts and Now running ESXI 6.5 U3a 16576891
After I updated the ESXI Hosts the Domain Joining took seconds and was successful
Thanks for all you help and suggestions.
Please mark this as resolved