Unable to join the ESXi host to the Active Directory (AD) domain with Error: NERR_DCNotFound [code 0x00000995]
search cancel

Unable to join the ESXi host to the Active Directory (AD) domain with Error: NERR_DCNotFound [code 0x00000995]

book

Article ID: 416532

calendar_today

Updated On:

Products

VMware vSphere ESX 7.x VMware vSphere ESX 8.x VMware vSphere ESXi VMware vSphere ESX 6.x

Issue/Introduction

You will see error from /var/log/likewise.log:

ERROR netlogon: DNS lookup for '<incorrect_fqdn>' failed with errno 0 (Success ), h_errno = 1 (Unknown host) 
ERROR lsass: Failed to find DC for domain <DC_FQDN> 
ERROR lsass: Failed to run provider specific request (...) -> error = 2453, symbol = NERR_DCNotFound 
VERBOSE lsass-ipc: Dropping: Connection closed by peer

Environment

VMware vSphere 7.x

VMware vSphere 8.x

Cause

The issue occurred because the domain join command was executed with the host’s FQDN instead of the Active Directory domain name. This caused the lookup for the domain controller (DC) to fail, resulting in the NERR_DCNotFound error.

Resolution

Use the correct domainjoin-cli command syntax when joining the host to the Active Directory domain:

/usr/lib/vmware/likewise/bin/domainjoin-cli join <AD-DOMAIN> <USERNAME>

For more details refer: 

Steps to enable the use of Active Directory accounts to open SSH sessions on ESXi using the domainjoin-cli command

 

Powered by Wolken Software