This is a known issue affecting ESXi 5.x.
Currently, there is no resolution.
To workaround this issue, you can specify a preferred domain controller that is able to contact the domains that contain the groups the user you are authenticating with is a member of.
To specify a preferred domain controller:
- Connect directly to the host using the vSphere Client.
- Select ESX Server > Configuration > Advanced Settings > UserVars.ActiveDirectoryPreferredDomainControllers.
- Enter the IP address or FQDN of the preferred domain controller.
- Click OK to apply the changes.