Leaving Domain on ESXi fails with error "The user/group name "<domain_name>/<user_name>' doesn't exist."
search cancel

Leaving Domain on ESXi fails with error "The user/group name "<domain_name>/<user_name>' doesn't exist."

book

Article ID: 395261

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • Leaving the host out of domain from the vSphere Client fails with the error - "The user/group named "<domain_name>/<user_name>" does not exist."

  • Removing the group from the ESXi host client fails with error - "vim.fault.UserNotFound"

  • /var/run/log/hostd.log will have the following log snippets:

YYYY-MM-DDTHH:MM info hostd[2101018] [Originator@6876 sub=Vimsvc.TaskManager opID=esxui-####-##b9 user=root] Task Created : haTask-ha-host-vim.host.ActiveDirectoryAuthentication.leaveCurrentDomain-459
YYYY-MM-DDTHH:MM warning hostd[2107024] [Originator@6876 sub=UserDirectory opID=esxui-####-##b9 user=root] Group lookup failed for '<domain_name>/<user_name>'
YYYY-MM-DDTHH:MM info hostd[2107024] [Originator@6876 sub=Vimsvc.ha-eventmgr opID=esxui-####-##b9 user=root] Event 157 : Leave domain failed.
YYYY-MM-DDTHH:MM info hostd[2107024] [Originator@6876 sub=Vimsvc.TaskManager opID=esxui-####-##b9 user=root] Task Completed : haTask-ha-host-vim.host.ActiveDirectoryAuthentication.leaveCurrentDomain-459 Status error
YYYY-MM-DDTHH:MM info hostd[2107024] [Originator@6876 sub=Solo.HttpSvc.HTTPService.HttpConnection] HTTP Connection read failed while waiting for further requests; <io_obj p:0x00000001eb2e7158, h:-1, <TCP '127.0.0.1 : 8309'>, <TCP '127.0.0.1 : 25871'>>, N7Vmacore16TimeoutExceptionE(Operation timed out: Stream: <io_obj p:0x00000001eb2e7158, h:-1, <TCP '127.0.0.1 : 8309'>, <TCP '127.0.0.1 : 25871'>>, duration: HH:MM:SS (hh:mm:ss.us))
--> [context]zKq7AVICAgAAAEskdwEJaG9zdGQAANJCF2xpYnZtYWNvcmUuc28AAM7RGgDzITMAv1UuAMzHLQBUAy4AAhE/ATt9AGxpYnB0aHJlYWQuc28uMAACbdEObGliYy5zby42AA==[/context]
YYYY-MM-DDTHH:MM error hostd[2107936] [Originator@6876 sub=Default] DJGetComputerDN: 0xa309: Client not found in Kerberos database
-->
YYYY-MM-DDTHH:MM error hostd[2107936] [Originator@6876 sub=Default] Stack Trace:
YYYY-MM-DDTHH:MM warning hostd[2099446] [Originator@6876 sub=UserDirectory] Group lookup failed for '<domain_name>/<user_name>'

Environment

  • ESXi 7.0.x

Cause

  • This issue is encountered due to a missing or a stale entry of AD groups on the ESXi.

Resolution

To resolve the issue follow the below steps:

1. Connect to ESXi host SSH as root user.. 
2. Stop hostd service.

/etc/init.d/hostd stop

3. Restore the default permission

cp /etc/vmware/hostd/.#authorization.xml /etc/vmware/hostd/authorization.xml

4. Start hostd service.

/etc/init.d/hostd start

    • ESXi 7.0.3

1. Connect to ESXi host SSH as root user.
2. Stop the hostd service.

/etc/init.d/hostd stop

3. Dump the default host permissions from the config store to a JSON file.

/bin/configstorecli config default get -c esx -g authorization -k permissions -outfile /tmp/tmp.json

4. Delete all permissions from the config store -

/bin/configstorecli config current delete --all -c esx -g authorization -k permissions

5. Update the config store with the previous JSON file -

/bin/configstorecli config current set -c esx -g authorization -k permissions -infile /tmp/tmp.json

6. Start the hostd service

/etc/init.d/hostd start

7. Leave the domain from the Host client.

Powered by Wolken Software