• Cannot add the ESXi host to an Active Directory domain
• Adding the ESXi host to an Active Directory domain fails
• The following error may appear:
  
  Errors in Active Directory operations
   
• If netlogond is enabled on the host, the following entry may appear similar to these in the netlogond.log:
  
  20100820075107:0xf7c74b90:DEBUG:[LWNetSrvGetCurrentDomain() /build/mts/release/bora-234910/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83] Error at /build/mts/release/bora-234910/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83 [code: 136]
  
  Note: For more information on enabling netlogond, see Enabling logging for Likewise agents on ESXi.
  
  
• Trying to join ESXI to domain fails with below error.
  
  
  
  
• In likewise logging the following entry may be seen:
  
  240903101818:ERROR:Isass: Failed to run provide: specific request (request code = 8, provide: = 'lsa-activedirectory-provider') —> error = 40056, symbol = LW ERROR ACCOUNT DISABLED, client pid = 2100765

• Port 88 - Kerberos authentication
• Port 123 – NTP
• Port 135 - RPC
• Port 137 - NetBIOS Name Service
• Port 139 - NetBIOS Session Service (SMB)
• Port 389 - LDAP
• Port 445 - Microsoft-DS Active Directory, Windows shares (SMB over TCP)
• Port 464 - Kerberos - change/password changes
• Port 3268- Global Catalog search

In some cases, the issue can be resolved first by a restart of the lwsmd service with the following commands:

/etc/init.d/lwsmd stop

/etc/init.d/lwsmd start

Workaround:

To workaround this issue on earlier ESXi versions, enter the user credentials in the <username> or <username@fqdn_of_the_domain> format.

For hosts failing to join domain:

• Check with the internal AD team to confirm if the ESXi computer object is disabled.
  • If it is disabled, enable it and retry the domain join.
  • If it is enabled, delete the ESXi computer object in AD and retry domain join.