• Joining an ESXi host to Active Directory using the vSphere Authentication Proxy service fails with the error:
  
  The specified vSphere Authentication Proxy Server is not reachable, or has denied access to the service.
   
• In the hostd.log file, located at /var/log/, you see entries similar to:
  
  <YYY-MM-DDTHH:MM:SS>.506Z [34564B90 info 'Vimsvc.TaskManager' opID=2F9716C2-000001B3-a3-fa] Task Created : haTask-ha-hostvim.host.ActiveDirectoryAuthentication.joinDomainWithCAM-305724229
  CamHttpQueryDomainInfo: 13
  <YYY-MM-DDTHH:MM:SS>.880Z [34564B90 error 'ActiveDirectoryAuthentication' opID=2F9716C2-000001B3-a3-fa] vmwauth ConnectionRefusedException: Exception 0x000004c9: The remote computer refused the network connection.
  <YYY-MM-DDTHH:MM:SS>.880Z [34564B90 info 'Vimsvc.ha-eventmgr' opID=2F9716C2-000001B3-a3-fa] Event 85 : Join domain failed.
  <YYY-MM-DDTHH:MM:SS>.881Z [34564B90 info 'Vimsvc.TaskManager' opID=2F9716C2-000001B3-a3-fa] Task Completed : haTask-ha-host-vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM-305724229 Status error
  <YYY-MM-DDTHH:MM:SS>.216Z [34440B90 verbose 'SoapAdapter'] Responded to service state request
  <YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 info 'Solo.Vmomi'] Activation [N5Vmomi10ActivationE:0x5720578] : Invoke done [waitForUpdates] on [vmodl.query.PropertyCollector:ha-property-collector]
  <YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 verbose 'Solo.Vmomi'] Arg version:
  "2"

<YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 info 'Solo.Vmomi'] Throw vmodl.fault.RequestCanceled

<YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 info 'Solo.Vmomi'] Result:

(vmodl.fault.RequestCanceled) {

dynamicType = <unset>,

faultCause = (vmodl.MethodFault) null,

msg = "",

}

• In the vpxd.log file, located at C:\ProgramData\VMware\VMware VirtualCenter\Logs\, you see entries similar to:
  
  <YYY-MM-DDTHH:MM:SS>.089+01:00 [01616 info 'Default' opID=2F9716C2-000001B3-a3] [VpxLRO] -- ERROR task-70 -- host-38 -- vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM:
  vim.fault.CAMServerRefusedConnection:
  Result:

(vim.fault.CAMServerRefusedConnection) {

dynamicType = <unset>,

faultCause = (vmodl.MethodFault) null,

errorCode = 1225,

camServer = "10.10.10.102",

msg = "The specified vSphere Authentication Proxy server is not reachable, or has denied access to the service.",

}

Args:

1. Log in to the server that is running the vSphere Authentication Proxy as an administrative user. Click Start > Run, type services.msc and click OK.
2. Right-click Authentication Proxy Services and click Stop.
3. Open Server Manager and navigate to Roles > Web Server > Internet Authentication Services > Computer Account Manager > Bindings.
4. Select https and select Edit Change Port.
5. Change the current port to 51915.
6. Modify the vmconfig-cam.xml file, located at C:\ProgramData\VMware\vSphere Authentication Proxy\, using the text editor. Set the port to 51915.
7. Open the C:\ProgramData\VMware\vSphere Authentication Proxy\ssl directory and remove any host-XX files.
8. Restart the Authentication Proxy Services service.

• VMware vSphere 5.1 Security Guide
• VMware vSphere 5.0 Security Guide

To be alerted when this document is updated, click the Subscribe to Article link in the Actions box

Note: The preceding link was correct as of September 15, 2014. If you find the link is broken, please provide feedback and a VMware employee will update the link.