ESXi 5.x host connects to domain but users cannot authenticate
search cancel

ESXi 5.x host connects to domain but users cannot authenticate


Article ID: 339942


Updated On:


VMware vSphere ESXi


  • ESXi 5.x host connects to the domain but users cannot authenticate
  • The hostd logs contain errors similar to:

    Oct 1 09:28:04 hostname nssquery: Group lookup failed for ‘YourDomain\ESX Admins’

  • This issue occurs when:
    • ESXi 5.0 host is joined to Active Directory
    • The forward and reverse DNS resolutions are accurate
    • The ESX Admins group has been added to the domain and authenticating users are in the group

  • You see an incorrect user name or password error when logging into standalone host added to the domain


VMware vSphere ESXi 5.5
VMware vSphere ESXi 5.0
VMware vSphere ESXi 5.1


Firewall settings are blocking authentication to the domain.


To resolve this issue, enable NFS in the firewall.
To enable NFS in the firewall:
  1. From the vSphere Client connected directly to the host, go to Configuration.
  2. Click Security Profile.
  3. Select Properties under Firewall.
  4. Select NFS Client to open ports 0-65535.
  5. Remove the ESXi host from the domain.
  6. Add the ESXi host to the domain.
  7. Add the host back into Active Directory.

Additional Information

Restarting the Management agents in ESXi