I have several ESXi hosts and I'm trying to get them to join AD so I can roll out administrative permissions through AD groups. I have joined the servers to the domain and that part worked as expected.
Now, when I go into Permissions to add a group, as soon as I choose my domain in the dropdown, I get the following error:
"A general system error occurred: Error accessing directory: Can't bind to LDAP server for domain <domain name>. Call "UserDirectory.RetrieveUserGroups" for object "ha-user-directory" on ESXi "<hostname>" failed."
This is occurring on 5 of my 7 ESXi hosts, and there's nothing that I'm aware of that's different on the other two.
Could this be a problem with requiring LDAPS on my domain? If so, why would it work on the other two servers? Just weird.
Any tips would be appreciated. Thanks!
Same thing happened to our servers. Two out of three have the problem mentioned.
There is some workaround though. Domain users can be added manually, without the search through AD, so they are able to log in.
What strike me as strange is: when the domain user has the role of an Administrator it can search through the AD with no problem. But even then that user can not connect through vSphere Client when "Use Windows session credentials" is checked, only when manually providing DOMAIN\username and password, also logging in in a form of username@domain is not working on the servers affected by this issue.
We haven't tried restarting the hosts yet but we will try that when the workload permits us.
I am having the same issue in my LAB and i am in evaluation period version is esxi5.5 but not working what is the work around as of now
I never got a resolution to this. I spent several hours on the phone with support and sent logs several times, trying many things. The last copout answer I got was that I was plugged into a 100Mbps switch instead of the suggest GigE. We all know that's just hogwash.
Once I ordered and activated my ROBO licenses, everything worked with them. Until then, I just had to use the root account.