troubleshooting esxi host to join domain

tdubb123 · ‎01-29-2018

I am trying to troubleshooting why a host is not able to join an AD domain

All necessary ports from this kb has been opened

VMware Knowledge Base

but its failing to join

any idea?

I tried doing a packet capture

but do not see anything i can tell in the cap file

daphnissov · ‎01-29-2018

Please provide more information. What is the ESXi version? Can you show how you're attempting to join the domain and what inputs you're providing? Is this an issue with all hosts or just a specific one?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

vijayrana968 · ‎01-29-2018

Is the host and domain controller on subnet ? First troubleshooting step is, login to DCUI and test the network configuration. DNS server and gateway should be pingable in test from DCUI.

tdubb123 · ‎01-29-2018

esxi 5.5

authentication services

active directory

join using username@domain.com

I did do a nc -v dc 137 and 139 but got no response

daphnissov · ‎01-29-2018

Do you mean authentication proxy? If not, if you can't do a nc -z <DC IP> 88 then you have a firewall issue.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

tdubb123 · ‎01-29-2018

no not using authtication proxy

I got response on port 88 but not

135 or 137

daphnissov · ‎01-29-2018

Testing those two ports aren't necessarily indicative of success/failure. But if you can't reach ports 445, 389/636 (for non/SSL), 88 then you definitely have an issue. In your firewall profile, ensure the Active Directory rules (in/out) are enabled. It should be a single line item.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

tdubb123 · ‎01-30-2018

636 does not respond

135 does not respond

123 does not respond

137 does not respond

389 does

445 responds

139 responds

3268 responds

88 responds

firewall is open on the host

daphnissov · ‎01-30-2018

From your ESXi host, can you do an nslookup for the fully-qualified domain name of your AD? How many DCs respond to the DNS query? Is a host possibly trying to contact one in another geo based on the returned results? Need more information about your environment.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

tdubb123 · ‎01-30-2018

All the DCs respond. local DCs and remote DCS

tdubb123 · ‎01-30-2018

but I cannot ping any of the DCs

daphnissov · ‎01-30-2018

The DCs' local firewalls may have ICMP disabled. Sounds like you have network connectivity issues.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

tdubb123 · ‎01-30-2018

but the ports are open.

does icmp need to be open?

daphnissov · ‎01-30-2018

It shouldn't be needed. Need to see log files to know more.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

tdubb123 · ‎01-30-2018

I had this issues and fix it. but still cannot join domain

VMware Knowledge Base

unsichtbare · ‎01-30-2018

What username are you using.

Try to use only: username

This never works: DOMAIN\user

This never works: user@domain.com

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/

RAJ_RAJ · ‎01-30-2018

Try below

1. /etc/init.d/lwsmd start

2. chkconfig lwsmd on

3. /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.com administrator password

You may have to reboot the host .

RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!

tdubb123 · ‎01-31-2018

there is no lwsmd

tdubb123 · ‎01-31-2018

tried just username

does not work

mj_02003 · ‎01-31-2018

Hi

please consider below URL maybe can useful for you.

1- VMware Knowledge Base

2- How to add an ESXi Host to an Active Directory Domain

Br

MJ