AD user login to ESXi host fails
search cancel

AD user login to ESXi host fails

book

Article ID: 394626

calendar_today

Updated On:

Products

VMware vSphere ESX 8.x

Issue/Introduction

AD users cannot login to ESXi host UI or SSH. Local users work.

Environment

vSphere ESXi 8.0

Cause

 

The syslog.log on the ESXi host (/var/run/log/syslog.log) will show an entry similar to the following for a failed SSH login:

Er(35) sshd-session[5488499]: error: PAM: User account has expired for example\\<username> from ###.###.##.#



the syslog.log also shows entries similar to:

Db(31) lwsmd[2099399]: [netlogon] LWNetSrvGetDCName():dcinfo.c:134: Looking for a DC in domain example.domaoin , site '<null>' with flags 14
0
Db(31) lwsmd[2099399]: [netlogon] LWNetCacheDbQuery():lwnet-cachedb.c:1060: Cached entry not found: , , 0
Db(31) lwsmd[2099399]: [netlogon] LWNetSrvGetDCName():dcinfo.c:183: Error at ../netlogon/server/api/dcinfo.c:183 [code: 1355]
Db(31) lwsmd[2099399]: [netlogon] LWNetTransactGetDCName():ipc_client.c:249: Error at ../netlogon/client/ipc_client.c:249 [code: 1355]
Db(31) lwsmd[2099399]: [netlogon] LWNetGetDCNameExt():dcinfo.c:133: Error at ../netlogon/client/dcinfo.c:133 [code: 1355] Db(31) lwsmd[2099399]: [lsass-ipc] lwmsg_peer_task_handle_assoc_error():peer-task.c:904: (assoc:0x1c0a1cc710) Dropping: Connection closed by peer Db(31) lwsmd[2099399]: [lwreg] RegDbGetKeyValue_inlock():sqldb_p.c:1227: Error at ../lwreg/server/providers/sqlite/sqldb_p.c:1227 [status: LW_STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 (-1073741772)]
Db(31) lwsmd[2099399]: [lwreg] SqliteGetValueAttributes_Internal():regschema.c:355: Registry::sqldb.c SqliteGetValueAttributes_Internal() finished
Db(31)[+] lwsmd[2099399]:Db(31) lwsmd[2099399]: [lwreg] RegDbGetKeyValue_inlock():sqldb_p.c:1227: Error at ../lwreg/server/providers/sqlite/sqldb_p.c:1227 [status: LW_STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 (-1073741772)]
Db(31) lwsmd[2099399]: [lwreg] SqliteGetValueAttributes_Internal():regschema.c:355: Registry::sqldb.c SqliteGetValueAttributes_Internal() finished



Note: If you cannot join an ESXi host to AD and see the entry "LW_STATUS_OBJECT_NAME_NOT_FOUND" in syslog.log then review KB: https://knowledge.broadcom.com/external/article/394299/ 

Resolution

Rejoin the domain with the ESXi

to leave: 

/usr/lib/vmware/likewise/bin/domainjoin-cli leave

to join 

/usr/lib/vmware/likewise/bin/domainjoin-cli join <domain-fqdn> <AD_admin_username>
Powered by Wolken Software