Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Solved: Esxi server cannot joined into active directory domain

I assigned one task to my junior colleagues to configure authentication services on vmware esxi servers (Join esxi server into domain), They reported to me that they are not able to join few esxi servers in the domain and giving error. They followed correct instructions as shown below from my earlier articles, but still were being ending up in the error.

POWERCLI AND VSPHERE WEB CLIENT: JOIN ESXI INTO ACTIVE DIRECTORY DOMAIN CONTROLLER
Resolved: Esxi Join domain failed - Error in Active Directory Operations
Join domain ESXi to an Active Directory OU : Powercli

When I tried I was also seeing the error in vsphere web client. To troubleshoot it further more I putty into esxi, and verified first esxi can connect and telnet to Ad ports successfully, I checked hostd.log file on esxi under log folder /var/log. While reading logs the word likewise caught into my eyes and I knew Likewise daemon Identity and authentication simplifies the essential configuration wanted to authenticate a Linux machine to an Active Directory domain. Based on winbind, the likewise package takes the pain out of integrating Ubuntu authentication into an existing Windows network.

vmware vsphere esxi var log hostd logs grep domain active direcotyr aunthentication issue resolved solved issue lsass.png

Further more I checked lsassd service (likewise daemon) status under folder /etc/init.d. and I found it is stopped. and started the service, and in the last The chkconfig command used to activate services, In the last after everything worked well I tried with pulling esxi server into AD domain and it was successful

#Shows current version of esxi.
vmware -v

#Check the service status
/etc/init.d/lsassd status

#Start the service
/etc/init.d/lsassd start
Starting Likewise Identity and Authentication Servicetouch: /var/lock/subsys/lsassd: No such file or directory ...ok

#Activate or deactivate service
chkconfig lsassd on

vmware vsphere, vmware -v version esxi build etc initd daemons services lsassd status start chkconfig.png

If you are using esxi version 6 and above Likewise service is name is different it is lwsmd, all other steps are same.

vmware vsphere esxi version lwsmd, inti.d etc service deamon status, whatdog lwsmd, likewise service manager authentication netlogon

If you are still facing issue, there may be issue you don't have rights to create an computer account in active directory, you can create one AD account manually, and try again. Another thing if you have another OU where ad computer exist than the default, this can also be show stopper, When joining esxi into domain provide AD domain name with OU complete path as shown in my earlier articles, This definitely resolves issue.

Useful articles
Reset forgotten ESXi root password on Domain joined Esxi using vSphere web client and Powercli
Reset ESXi root password using Host Profiles on vCenter server: VMWare vSphere Web client
Resolved: Reset Esxi forgotten root password using hiren bootCD step by step
CREATE VIRTUAL DATACENTER AND ADD ESXI HOST ON VCENTER SERVER
ADDING AND ASSIGNING VSPHERE LICENSES IN VCENTER SERVER AND ESXI 
ADDING AND CONFIGURING VMWARE VSPHERE VCENTER SSO ACTIVE DIRECTORY AS LDAP SERVER 
Configuring a vCenter PSC Single sign-on Active directory Integrated windows authentication

Go Back

Comment

Blog Search

Page Views

11274029

Follow me on Blogarama