ESXi 5.x host connects to domain but users cannot authenticate
search cancel

ESXi 5.x host connects to domain but users cannot authenticate

book

Article ID: 339942

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:
  • ESXi 5.x host connects to the domain but users cannot authenticate
  • The hostd logs contain errors similar to:

    Oct 1 09:28:04 hostname nssquery: Group lookup failed for ‘YourDomain\ESX Admins’

  • This issue occurs when:
    • ESXi 5.0 host is joined to Active Directory
    • The forward and reverse DNS resolutions are accurate
    • The ESX Admins group has been added to the domain and authenticating users are in the group

  • You see an incorrect user name or password error when logging into standalone host added to the domain


Environment

VMware vSphere ESXi 5.5
VMware vSphere ESXi 5.0
VMware vSphere ESXi 5.1

Cause

Firewall settings are blocking authentication to the domain.

Resolution

To resolve this issue, enable NFS in the firewall.
To enable NFS in the firewall:
  1. From the vSphere Client connected directly to the host, go to Configuration.
  2. Click Security Profile.
  3. Select Properties under Firewall.
  4. Select NFS Client to open ports 0-65535.
  5. Remove the ESXi host from the domain.
  6. Add the ESXi host to the domain.
  7. Add the host back into Active Directory.




Additional Information

Restarting the Management agents in ESXi

Powered by Wolken Software