Unable to add host to AD from the UI or command line with the error "ERROR ACCESS DENIED"
search cancel

Unable to add host to AD from the UI or command line with the error "ERROR ACCESS DENIED"

book

Article ID: 412507

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

On enabling the likewise logging we see the following error:

/var/log/likewise.log

YYYY-MM-DDTHH:MM:SS.XXXX VERBOSE lwio: GSS-API error calling gss_init_sec_context: 1 (The routine must be called again to complete its function) 
YYYY-MM-DDTHH:MM:SS.XXXX ERROR lsass: Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider' ) -> error = 5, symbol = ERROR ACCESS DENIED, client pid = 525659 
YYYY-MM-DDTHH:MM:SS.XXXX VERBOSE lsass-ipc: (assoc:0xe04768c020) Dropping: Connection closed by peer

Validated the host is reachable(DNS, Firewall, etc) and correct permissions are available for the admin user on AD. 

Environment

VMware vSphere 7.x

VMware vSphere 8.x

Cause

Stale/Manual entry added to the AD for an existing computer object with the ESXi host’s name.

Resolution

Check Active Directory Users and Computers for an existing computer object with the ESXi host’s name

  • If a stale entry is found and not in use, delete it, then retry the join.
  • If any entry is manually added for the host remove that and reattempt.

Additional Information

Similar issues:

Unable to join the ESXi host to the Active Directory (AD) domain with Error: NERR_DCNotFound [code 0x00000995]

Same steps are also valid in case of VCSA:

1.> Delete existing computer account.

2.> Re-join the vCenter to domain and reboot the vCenter.

 

Powered by Wolken Software