I am unable to add ESXI host to Active directory domain. Checked lsassd service on host, it is stopped. And when tried to start service, am getting error as "Starting Likewise Identity and authentication Servicetouch: /var/lock/subsys/lsassd: No such file
This is a quite known issue in esxi 5 . There is an workaround for this issue. Have a look in to that.
Thanks. Upon following steps as mentioned in KB article, I managed to start lsassd service.
But still original issue is not resolved. Upon adding host to domain, it shows error as "Specified domain doesn't exist or could not be contacted".
Issue started last week only. Previously hosts were working fine.
are you able to ping your host from the computers to make sure its pinging the AD host.
For the issue : This issue occurs when TCP port 53 is not open in the ESXi 5.0 firewall.
Did you configured any firewall rules in your host?
Fix : You can Temporarily disable the ESXi firewall and join the ESXi host to the domain. This can be disabled with the following command:
esxcli network firewall unload
Note :this will destroy any rules configured in the firewall . if not configured any then its okay to go ahead and try this way out.
Hi,
Have you tried first making the directory path inside the AD and then adding ESXi host into domain.
Select Active Directory from the Select Directory Service Type drop down box
Enter CompanyName.com/servers/enterprise in the domain box (this will create the computer account in the correct AD OU)
Click the Join Domain button and enter your admin credentials to join the host to AD like name@CompanyName.com and password
This will create an account in AD and complete the join. Now that this host has been joined to AD, when logging into an SSH session on the host, you should use your AD admin account
I had already tried these option based on below KB:
VMware KB: Unable to add ESXi host to the Active Directory domain
But still no success in adding host to AD domain.
Seems like there is the issuse in time zone sync .
Are your Domain Controllers Virtual, and if so where is the PDC Emulator syncing its time from?
always have my PDC Emulator syncing from a known good time source. Like below.
ESX Hosts ----> NTP Time source
PDC Emulator -----> NTP Time source
DC's and Members -----> Domain time from PDC emulator
Issue occured just a week ago.
Till the time hosts were authenticating to AD.
And no such changes are made in last 1 week.
Also other hosts are authenticating to AD.
Not getting how suddenly issue occured.
It's happen, thats why we are hired to fix these issues.
If nothing works try to update your esxi host to a step upper version .5.1 u1 or whatever applicable. I believe that will fix the issue.
ESXI host version is already 5.1.0 update 1. Even other hosts are also on same version and they are not having any issue.
Being production host we can't upgrade it.
Hi,
Here you go....
There might be a possibility of port 53 is not open in the firewall , but that thing you have already checked and you have also mention that your ESXi is 5.1.0 update 1 so this issue is automatically resolved with the update.
You cannot add an ESXi host to the Active Directory (AD) domain. When you attempt to join an ESXi 5.0 host to an AD environment through the vSphere Client, the task fails with an error message similar to the following:
Could not join <domainname>: The specified domain either does not exist or could not be contacted.
This issue is resolved in this release. Now the outbound TCP port 53 on the firewall of the ESXi host is enabled by default. VMware ESXi 5.0 Update 1 Release Notes
Now let cross check with
1) Check if NFS client in the firewall is enable or not, If not Enable it.
2) Check if you have properly configured DNS IP address with ESXi host
3) Check if you are able to ping to ESXi host with the DNS name you have given , Else re-create the entry in DNS server
4) And finally this issue may also occur if you have entered the user credentials in the <domain\username> format.
To workaround this issue on earlier ESX/ESXi versions, enter the user credentials in the <username> or <username@fqdn_of_the_domain> format.
I entered my user name (without the leading domain\ ) and it worked.
Hi,
I tried above options.
NFS client wan not set in ESXI firewall which I have enabled.
DNS entries are correct only.
Tried credentials in both formats mentioend above.
Still issue persists.
Hi,
Can you try adding the host once again and full the /var/log/syslog.log and upload , which will help us to solve the issue
Please upload/paste the syslog from the host. Looks like some of the configuration already posted above have been checked. Now,it might sound stupid but, check that the IP you are using for this host is actually slated for it and not held somewhere else.
Hello
I had the same issues and this is what worked for me:
- Enabled NFS client on the Firewall;
- Checked if "Active Directory All" was on the Outgoing Connections list (it was);
- Changed the DNS from external (8.8.8.8) to the DNS on the PDC (192.168.x.x);
- On "DNS and Routing" added the domain name on the "Host Identification", and also filled with my domain name on "Look for hosts in the following domains";
- For the Domain (on the Directory Services Configuration), filled with <fqdn_of_the_domain/XXX/Servers> format;
- For login, used in the <username@fqdn_of_the_domain> format;
Many thanks Umesh.
Best
André
Hi,
I was facing this issue for ESXi 6.0 U1, that got resolved after removing duplicate Domain name in "DNS and Routing Configuration" - "Look the hosts in following domains "
This duplicate entry might be added due to host profile.
Thanks,
Prashant.