From /var/run/log/syslog.log
the following logs may be found when attempting to login via domain credentials:
2025-03-18T14:48:53.411Z lwsmd[2102415]: [lsass] Failed to lookup object with name = <'[email protected]'> through LDAP (error = 40071, symbol = LW_ERROR_NO_SUCH_OBJECT). Retrying...
2025-03-18T14:48:53.443Z lwsmd[2102415]: [lsass] Clearing ldap DC connection list for domain '<ad.exmaple.com>' due to a network error.
2025-03-18T14:09:40.509Z 1wsmd[2102415]:[netlogon] CLDAP ping to cached DC <domain_controller.example.com> <##.##.##.##> failed, new DC will be looked up
2025-03-18T14:09:40.510Z lwsmd[2102415] : [lsass] Domain '<domain_controller.example.com>' is now offline
2025-03-18T14:09:40.510Z lwsmd [2102415]: [lsass] Ignoring failure enumerating trusts for forest <example.com> Error was <null> (40121)
2025-03-18T15:05:37.026Z lwsmd[2102014] [netlogon] DNS lookup for '<_ldap._tcp.dc._msdcs.example.com>' failed with errno 110 (Connection timed out), h_errno = 2 (Host name lookup failure)
2025-03-18T15:03:39.709Z lwsmd[2102014] [lsass] Failed to lookup object with name = <'[email protected]'> through LDAP (error = 40071, symbol = LW_ERROR_NO_SUCH_OBJECT). Retrying...
2025-03-18T15:03:39.719Z lwsmd[2102014] [lsass] Failed to find user, group, or domain by name (name = <'[email protected]'>, searched host = '<domain_controller>') -> error = 40071, symbol = LW_ERROR_NO_SUCH_OBJECT
2025-03-18T15:03:39.734Z lwsmd[2102014] [lsass] Failed to lookup object with name = <'[email protected]'> through LDAP (error = 40071, symbol = LW_ERROR_NO_SUCH_OBJECT). Retrying...
53 <IP_address_ESXI host> <IP_ADDRESS_DNS_SERVER> DNS 95 Standard query response 0x819a Server failure SRV <_ldap._tcp.dc._msdcs.example.com>>
Domain Name System (response)
Transaction ID: 0x819a
Flags: 0x8182 Standard query response, Server failure
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0010 = Reply code: Server failure (2)
53 <IP_address_ESXI host> <IP_ADDRESS_DNS_SERVER> DNS 154 Standard query response 0x3f16 No such name SRV _kerberos-master._udp.example.com SOA <FQDN OF DOMAIN_CONTROLLER>
User Datagram Protocol, Src Port: 53, Dst Port: 52771
Domain Name System (response)
Transaction ID: 0x3f16
Flags: 0x8183 Standard query response, No such name
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0011 = Reply code: No such name (3)
The error "Connection to ESXi host timed out
" typically occurs when there is a DNS issue. Specifically, the ESXi host is attempting to perform a DNS lookup for the Active Directory service record (_ldap._tcp.dc._msdcs.domain), but the lookup is timing out. This often indicates a DNS resolution issue, where the ESXi host is unable to locate the domain controllers in the Active Directory domain.
Check DNS Configuration on the ESXi Host:
Ensure the ESXi host has correct DNS settings and can resolve the domain controllers. Verify that the DNS server IP addresses are correctly configured in the ESXi host's network settings.
Verify DNS Settings on the Active Directory Server:
Confirm that the Active Directory server's DNS configuration is functioning correctly, and that the DNS service can resolve the required domain controller records.
Test Connectivity to Domain Controllers:
Run a nslookup
or dig
command from the ESXi host to ensure it can resolve the domain controller's FQDN (Fully Qualified Domain Name) and the service record (_ldap._tcp.dc._msdcs.domain). This will help verify that the DNS server is responding correctly.
Check Network Connectivity:
Ensure there is no network issue preventing the ESXi host from reaching the domain controllers. Check for any firewalls or network configurations that may be blocking traffic on the required ports (e.g., 389 for LDAP).
Check Time Synchronization:
Ensure that the ESXi host and the domain controllers are time-synchronized.
Test Login with Root Credentials:
If login using domain credentials fails but root credentials work, the issue is likely related to domain authentication specifically. Continue troubleshooting DNS and domain controller availability.