insearchof
Expert
Expert

Unable to Domain Join ESXI Hosts 6.5

Jump to solution

Just built two new ESXI Hosts 6.5

I posted earlier that I was having issues updating the two hosts but no one responded.

I got some of the updates on but still non compliant.

So I then decided to had a couple of VM's on they are all working fine.

I wanted to domain join the ESXI host but they fail.

I Installed VCSA and added the two host to my DataCenter and cluster.

On the VCSA I was able to Domain join to my AD Domain with no issue and it was very quick.

When I try to domain join the esxi hosts it takes a very long time and then fails/

When I try to domain join the esxi host I get this error

Errors in Active Directory Operations     not much of explanation

I SSH'd into the host and ran this

[root@ESXI-10:/usr/lib/vmware/likewise/bin] ./domainjoin-cli join my.network.com administrator

Joining to AD Domain:   our.network.tgcsnet.com

With Computer DNS Name: TGCSESXI-10.our.network.tgcsnet.com

administrator@MY.NETWORK..COM's password:

Error: ERROR_GEN_FAILURE [code 0x0000001f]

[root@ESXI-10:/usr/lib/vmware/likewise/bin]

Using the GUI or CLI I get errors.

I enabled SMB 2 on my ESXI hosts that did not help

I enabled SMB 1 on my Domain Controllers and that did not work

Any ideas or suggestions

Thank you

tom

0 Kudos
1 Solution

Accepted Solutions
insearchof
Expert
Expert

Hello

Everyone.

I figured out the issue.

It was the version of ESXI I was running

I rebuilt both Hosts  and Now running ESXI 6.5 U3a   16576891

After I updated the ESXI Hosts the Domain Joining took seconds and was successful

Thanks for all you help and suggestions.

Please mark this as resolved

View solution in original post

0 Kudos
12 Replies
batuhandemirdal
Enthusiast
Enthusiast

Hi,

Have you checked the active directory side? Did you make dns records?

0 Kudos
insearchof
Expert
Expert

Yes I have A Records in DNS for both ESXI Hosts

I can ping both by DNS name and ip address from any domain joined server or computer.

0 Kudos
alienjoker
Enthusiast
Enthusiast

Have you double and triple checked the necessary ports are open from the host to AD?

VMware Knowledge Base

To eliminate the host firewall itself, you could temporarily disable it from the CLI

esxcli network firewall set –e false

esxcli network firewall get (to check the status)

then attempt the domain join again.

Then re-enable the host firewall

esxcli network firewall set –e true

Thanks


Andrew

0 Kudos
insearchof
Expert
Expert

[root@ESXI-19:~] esxcli network firewall get

   Default Action: DROP

   Enabled: true

   Loaded: true

[root@ESXI-19:~] esxcli network firewall set -e false

[root@ESXI-19:~] esxcli network firewall get

   Default Action: DROP

   Enabled: false

   Loaded: true

Still failed

Which Ports on my AD side do I need open?

I just checked

I have 88 TCP UDP 443 TCP UDP 389 TCP UDP all open do I need any more

I went by this one

Required Ports for vCenter Server

0 Kudos
insearchof
Expert
Expert

several attempts

2020-10-09T01:15:15.714Z info hostd[AA81B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34735-auto-qsw-h5:70006025-8-7b-6f5a user=vpxuser:VSPHERE.LOCAL\Administrator] Event 349 : Join domain failed.

[root@ESXI-10:/usr/lib/vmware/likewise/bin] less /var/log/hostd.log | grep domain

LikewisePerformDomainAction: calling DJRunJoinProcess() to JOIN domain...

2020-10-09T01:15:15.714Z info hostd[AA81B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34735-auto-qsw-h5:70006025-8-7b-6f5a user=vpxuser:VSPHERE.LOCAL\Administrator] Event 349 : Join domain failed.

[LikewisePerformDomainAction:168] DJInitModuleStates(): Invalid username (11/0): The username 'mydom\administrator@MY.NETWORK.COM' is invalid because it contains a backslash. Please use UPN syntax (user@domain.com) if you wish to use a username from a different domain.

2020-10-09T01:16:42.762Z info hostd[A781B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34804-auto-qut-h5:70006063-cc-cf-6f89 user=vpxuser:VSPHERE.LOCAL\Administrator] Event 350 : Join domain failed.

[root@ESXI-10:/usr/lib/vmware/likewise/bin] less /var/log/hostd.log | grep domain

LikewisePerformDomainAction: calling DJRunJoinProcess() to JOIN domain...

2020-10-09T01:15:15.714Z info hostd[AA81B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34735-auto-qsw-h5:70006025-8-7b-6f5a user=vpxuser:VSPHERE.LOCAL\Administrator] Event 349 : Join domain failed.

[LikewisePerformDomainAction:168] DJInitModuleStates(): Invalid username (11/0): The username 'our\administrator@OUR.NETWORK.TGCSNET.COM' is invalid because it contains a backslash. Please use UPN syntax (user@domain.com) if you wish to use a username from a different domain.

2020-10-09T01:16:42.762Z info hostd[A781B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34804-auto-qut-h5:70006063-cc-cf-6f89 user=vpxuser:VSPHERE.LOCAL\Administrator] Event 350 : Join domain failed.

LikewisePerformDomainAction: calling DJRunJoinProcess() to JOIN domain...

2020-10-09T01:17:47.924Z info hostd[A440B70] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=kg02whrl-34820-auto-qv9-h5:70006073-c3-8d-6fab user=vpxuser:VSPHERE.LOCAL\Administrator] Event 351 : Join domain failed.

[root@ESXI-10:/usr/lib/vmware/likewise/bin]

0 Kudos
IRIX201110141
Champion
Champion

[LikewisePerformDomainAction:168] DJInitModuleStates(): Invalid username (11/0): The username 'our\administrator@OUR.NETWORK.TGCSNET.COM' is invalid because it contains a backslash. Please use UPN syntax (user@domain.com) if you wish to use a username from a different domain.

Try UPN style with a user which have the rights to join a computer to the AD and be sure that you dont mix Short/Long AD Name together with your E-Mail domain.

Regards,
Joerg

0 Kudos
insearchof
Expert
Expert

I have tried using upn method still does not join.

There is something underlining here that is not allowing this.

Firewall is off on ESXI host I even turned off firewall on DC's

I looked at the log nothing there either.

Need help on this.

0 Kudos
IRIX201110141
Champion
Champion

You should open a GSS ticket.

Regards,
Joerg

0 Kudos
nachogonzalez
Commander
Commander

Hey, quick question
is there any machine account in your domain?
Can you delete if there is?

Warm regards

0 Kudos
insearchof
Expert
Expert

The name of the ESXI host was in AD already but I deleted them

They are in AD DNS

0 Kudos
nachogonzalez
Commander
Commander

Try this pleas
It has helped me in the pasthttp://blog.ikigo.net/?p=173

0 Kudos
insearchof
Expert
Expert

Hello

Everyone.

I figured out the issue.

It was the version of ESXI I was running

I rebuilt both Hosts  and Now running ESXI 6.5 U3a   16576891

After I updated the ESXI Hosts the Domain Joining took seconds and was successful

Thanks for all you help and suggestions.

Please mark this as resolved

0 Kudos