Active Directory users cannot log into the ESXi host UI (https://HostFQDN/ui)

The following error is observed when attempting to login: Authorization to perform this operation has been rejected

/var/run/log/hostd.log reports an error like below:

Er(163) Hostd[2102217]: [Originator@6876 sub=Default opID=esxui rhost=##.##.##.## sid=#] [module:pam_lsass]pam_sm_authenticate: failed [error code:40017]
In(166) Hostd[2102217]: [Originator@6876 sub=Vimsvc.HaSessionManager opID=esxui sid=#] Accepted password for user Domain\Username from ##.##.##.## - session=#

ESXi 8.0.x

The ESX Admins group is missing from the Assigned users and roles for Host In the Manager Permissions menu.

Add the ESX Admins Group to the Assigned users and roles for Host In the Manager Permissions menu.

Related KB articles:

Using the ESX Admins AD group on ESXi: domain membership and user authentication

"Errors in Active Directory operations" error adding the ESXi host to an Active Directory domain