Yet another article about joining your ESXi host to Windows Domain

Share this:
“It is common sense to take a method and try it. If it fails, admit it frankly and try another. But above all, try something.” – Franklin D. Roosevelt

“Errors in Active Directory operations” sounds familiar?

Did you check that the following ports (both UDP and TCP) are open for communication between the ESX/ESXi host and Active Directory:
Port 88 – Kerberos authentication
Port 123 – NTP
Port 135 – RPC
Port 137 – NetBIOS Name Service
Port 139 – NetBIOS Session Service (SMB)
Port 389 – LDAP
Port 445 – Microsoft-DS Active Directory, Windows shares (SMB over TCP)
Port 464 – Kerberos – change/password changes
Port 3268- Global Catalog search

Did you follow the steps from KB2075361?

To add an ESXi host to the Active Directory using vSphere Web Client:
1. Browse to the host in the vSphere Web Client inventory.
2. Click the Manage tab and click Settings.
3. Under System, select Authentication Services.
4. Click Join Domain.
5. Enter a domain.
Use the form domain.com or domain.com/OU1/OU2.
6. Enter the user name and password of a directory service user who has permissions to join the host to the domain, and click OK.
7. Click OK to close the Directory Services Configuration dialog box.

Did you try various KBs and articles and nothing seems to work? Even worst, refreshing web client you get your ESXi as joined to domain and you can see the computer account in AD but actually authentication with your AD account is not working?

Well, in this case I have the following recipe for you:

Don’t be afraid to remove (Leave Domain) the host with issues

Leave Domain

Fig. 1 – Leave Domain

In host Settings -> Security Profile -> Services section, you check if Active Directory Service is running.

If not, start it. You might get timeout error but eventually, the service will appear as started.

Active Directory Service

Fig. 2 – Active Directory Service status

Now, you are ready to try again

Join Domain

Fig. 3 – Join Domain (again)

And here you are: the host is successfully joined to Windows Domain.

Task Completed

Fig. 4 – Task Completed

About Gica Livada

Gica is working in Luxembourg as Technical Specialist and is former member of the VMware Centre of Excellence team from IBM Delivery Center in Brno, Czech Republic. He is passionate about virtualization, security and cloud technologies, holds multiple industry certifications.
Bookmark the permalink.

Comments are closed.