joining esxi to active directory domain fails due to incorrect credentials even though credentials are correct

active-directory vmware-esxi authentication vmware-vsphere
5,626

There are a few things you could try/check:

  • Have you created a Global Security group in Active Directory with the name ESX Admins? ESXi uses this group to determine who is allowed to logon to the server. Add users to this group to grant them logon permissions.

  • Are the time and date settings set correctly? If there is more than a 5 minute difference between the domain controller and the ESXi server, it won't be possible to authenticate accounts.

  • Has the ESXi server been added to the DNS Server? You need to have an A record configured in your forward lookup zone and reverse lookup zone so the ESXi hostname and IP can be resolved. Make sure you get the correct hostname when you ping the server on it's IP address, also make sure you get the correct IP address when you use "ping -a" to ping the hostname.

Share:
5,626

Related videos on Youtube

Reality Extractor
Author by

Reality Extractor

Updated on September 18, 2022

Comments

  • Reality Extractor
    Reality Extractor over 1 year

    VMware vSphere ESXi 5.1.0 patched to 1157734. Using the vSphere Client 5.1.0 1064113 to connect to the ESXi host directly.

    In ESXi DNS and Routing the Host Identification Domain is set to test.local and in the Security Profile the Firewall outgoing connections for "Active Directory All" are enabled.

    In AD a user name esxiadmin is created and the user is a member of "Domain Admins".

    In ESXi -> Authentication Services -> Properties -> Select Directory Service Type -> Active Directory. Then enter test.local into the Domain Settings Domain field. Then click Join.

    Enter user credentials as esxiadmin with correct password results in error: "The specified domain either does not exist or could not be contacted."

    Enter user credentials as "test\esxiadmin" with correct password results in error: "Cannot complete login due to an incorrect user name or password."

    Enter user credentials as "test.local\esxiadmin" with correct password results in error: "Cannot complete login due to an incorrect user name or password."

    I have verified that the credentials are fine, the username and password match. ESXi logs do not show anything related to this login.

    Any suggestions on what the problem may be or where to continue troubleshooting?

    Update/Resolution

    This turned out to be an AD/DNS issue of some sort. DNS was installed first, and only then (later) AD was installed. Removing AD and DNS, and then installing DNS as part of the AD install fixed this issue. Thanks to everyone who responded.

    • Chopper3
      Chopper3 over 10 years
      I've never really understood why people wish to do this, how often do you plan on logging into the actual host?
    • Keith Stokes
      Keith Stokes over 10 years
      Slightly off topic, but it's good for enforcing password policies. It's not often one logs into the hosts, but it does happen for managing resources or adding/deleting guests.
    • Reality Extractor
      Reality Extractor over 10 years
      @Chopper3 it's really a matter of business continuity, if you join the host to AD then you are very unlikely to ever lock yourself out of the host due to forgotten or misplaced root password (which you could get back in other ways, but still, AD is just a lot easier)
  • Reality Extractor
    Reality Extractor over 10 years
    Thanks for the suggestions Sidney, everything is configured correctly, ESX Admins exists, time&date is fine, ping works from AD DC and from ESXi host forward and reverse, DNS entries exist. Host is using AD DNS for resolution.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

C# / ASP.NET / AD - "The specified directory service attribute or value does not exist."
Authenticate Oracle Database with Active Directory Users
C# netcore ldap authentication using Novell.Directory.Ldap.NETStandard library
How to check AD user credentials when the user password is expired or "user must change password at next logon"
Auto Signin with Active Directory Account in c# ASP.Net Website
SVN + SASL + ActiveDirectory: How to
Java ldap authentication issue
Rails Authentication with Active Directory
git authentication with Active Directory user
How to configure for an Authenticating Proxy Server