VMware ESXi: Can’t Join Active Directory Domain

PowerADM.com / Virtualization / VMware / VMware ESXi: Can’t Join Active Directory Domain

Sometimes I run into various problems when jpining VMware ESXi hosts to an Active Directory domain. In this article, I have described typical steps to solve this problem.

    1. Check the availability of the domain by name (short name and FQDN)
    2. Check the date and time on the ESXi host (VMware Esxi doesn’t support setting time zones and the time is specified in the UTC format)
    3. Check your firewall settings:
      esxcli network firewall get

      If the firewall is enabled, the command will return Enabled: true. You can temporarily disable the firewall and see if the problem persists:

      esxcli network firewall unload
    4. Check the availability of the Active Directory domain controller:
      openssl s_client -connect YourDomain:445
    5. Check the status of the lwsmd service (Likewise Service Manager – used for simple authentication of Linux devices in an AD domain):
      /etc/init.d/lwsmd status

      . If the command returns that the service is not running, start it manually:

      /etc/init.d/lwsmd start

      and add it to the startup:

      chkconfig lwsmd on

      lwsmd service on VMware ESXi - cant join active directory

    6. Now you can try to join the ESXi host to the domain through the vSphere Client web interface or by using a command:
      /usr/lib/vmware/likewise/bin/domainjoin-cli join YourDomain YourDomainAcount

    If an error occurs when adding ESXi to a domain:

    Error: Lsass Error [code 0x00000718]
    The account's computer join limit has been exceeded. Talk to your Windows administrators about the limits assigned to your account.

    Make sure that your account has been delegated the permissions to join computers to the domain.

Leave a Reply

Your email address will not be published. Required fields are marked *