Sometimes I run into various problems when jpining VMware ESXi hosts to an Active Directory domain. In this article, I have described typical steps to solve this problem.
- Check the availability of the domain by name (short name and FQDN)
- Check the date and time on the ESXi host (VMware Esxi doesn’t support setting time zones and the time is specified in the UTC format)
- Check your firewall settings:
esxcli network firewall get
If the firewall is enabled, the command will return
Enabled: true. You can temporarily disable the firewall and see if the problem persists:
esxcli network firewall unload
- Check the availability of the Active Directory domain controller:
openssl s_client -connect YourDomain:445
- Check the status of the lwsmd service (Likewise Service Manager – used for simple authentication of Linux devices in an AD domain):
. If the command returns that the service is not running, start it manually:
and add it to the startup:
chkconfig lwsmd on
- Now you can try to join the ESXi host to the domain through the vSphere Client web interface or by using a command:
/usr/lib/vmware/likewise/bin/domainjoin-cli join YourDomain YourDomainAcount
If an error occurs when adding ESXi to a domain:
Error: Lsass Error [code 0x00000718] The account's computer join limit has been exceeded. Talk to your Windows administrators about the limits assigned to your account.
Make sure that your account has been delegated the permissions to join computers to the domain.