Performing a domain join operation for ESXi using Authetication Proxy may report "Errors in Active Directory operations." due to incorrect DNS configuration
search cancel

Performing a domain join operation for ESXi using Authetication Proxy may report "Errors in Active Directory operations." due to incorrect DNS configuration

book

Article ID: 422591

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

  • Attempting to join ESXi host to domain using VMware vSphere Authentication Proxy may report error "Errors in Active Directory operations."
  • /var/log/vmware/vpxd/vpxd.log (on vCenter Server)

YYYY-MM-DDTHH:MM:SS info vpxd[PID] [Originator@6876 sub=vpxLro opID=<OP ID>-h5:70121222-b4] [VpxLRO] -- BEGIN task-<Task ID> -- activeDirectoryAuthentication-1449 -- vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM -- <>
YYYY-MM-DDTHH:MM:SS error vpxd[PID] [Originator@6876 sub=Default opID=<OP ID>-h5:70121222-b4] [VpxLRO] -- ERROR task-<Task ID> -- <> -- activeDirectoryAuthentication-1449 -- vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM: :vim.fault.ActiveDirectoryFault
--> Result:
--> (vim.fault.ActiveDirectoryFault) {
-->    faultCause = (vmodl.MethodFault) null,
-->    faultMessage = <unset>,
-->    errorCode = -65536
-->    msg = "Errors in Active Directory operations."
--> }
--> Args:
-->
--> Arg domainName:
--> "<domain name>"
--> Arg camServer:
--> "<vCenter Server IP>"

  • /var/run/log/hostd.log (on ESXi host)

YYYY-MM-DDTHH:MM:SS In(166) Hostd[PID]: [Originator@6876 sub=Vimsvc.TaskManager opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] Task Created : haTask-ha-host-vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM-43609370
YYYY-MM-DDTHH:MM:SS In(166) Hostd[PID]: [Originator@6876 sub=Default opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] Adding host to domain: Attempt (1/4)
YYYY-MM-DDTHH:MM:SS In(166) Hostd[PID]: [Originator@6876 sub=Default opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] Adding host to domain: Attempt (2/4)
YYYY-MM-DDTHH:MM:SS In(166) Hostd[PID]: [Originator@6876 sub=Default opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] Adding host to domain: Attempt (3/4)
YYYY-MM-DDTHH:MM:SS In(166) Hostd[PID]: [Originator@6876 sub=Default opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] Adding host to domain: Attempt (4/4)
YYYY-MM-DDTHH:MM:SS Er(163) Hostd[PID]: [Originator@6876 sub=Default opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] [LikewiseJoinDomainWithMachineAccount:1012] LwSetupMachineSession(): 41887
YYYY-MM-DDTHH:MM:SS Er(163) Hostd[PID]: [Originator@6876 sub=ActiveDirectoryAuthentication opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] vmwauth Exception: N6vmware14authentication16UnknownExceptionE(Exception 0xffff0000: Unknown exception)
YYYY-MM-DDTHH:MM:SS In(166) Hostd[PID]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] Event 108345 : Join domain failed.
YYYY-MM-DDTHH:MM:SS In(166) Hostd[PID]: [Originator@6876 sub=Vimsvc.TaskManager opID=<OP ID>-h5:<> sid= user=vpxuser:<Domain>\<User>] Task Completed : haTask-ha-host-vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM-43609370 Status error

  • /var/run/log/vpxa.log (on ESXi host)

YYYY-MM-DDTHH:MM:SS Wa(164) Vpxa[PID]: [Originator@6876 sub=Vmomi opID=mizji0yw-473387-auto-a59o-h5:70121222-b4-d2] VMOMI activation LRO failed; <<<>, <TCP '127.0.0.1 : 8089'>, <TCP '127.0.0.1 : 27053'>>, activeDirectoryAuthentication, vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM, <vpxapi.version.v8_0_3_0, official, 8.0.3.0>, (null)>, N3Vim5Fault20ActiveDirectoryFault9ExceptionE(Fault cause: vim.fault.ActiveDirectoryFault

YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: [Originator@6876 sub=Default opID=mizji0yw-473387-auto-a59o-h5:70121222-b4-d2] [VpxLRO] -- ERROR task-<Task ID> -- <> -- activeDirectoryAuthentication -- vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM: :vim.fault.ActiveDirectoryFault
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> Result:
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> (vim.fault.ActiveDirectoryFault) {
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: -->    faultCause = (vmodl.MethodFault) null,
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: -->    faultMessage = <unset>,
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: -->    errorCode = -65536
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: -->    msg = "Errors in Active Directory operations."
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> }
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> Args:
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: -->
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> Arg domainName:
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> "<domain name>"
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> Arg camServer:
YYYY-MM-DDTHH:MM:SS Er(163) Vpxa[PID]: --> "<vCenter Server IP>"

Cause

This issue is typically caused by an incorrect or mismatched DNS server configuration on the ESXi host.

Resolution

Update the DNS configuration on the ESXi host and reattempt the Domain join operation using Authentication Proxy

Option A:

Update the DNS server address using vSphere Client

  1. Log in to vCenter Server using vSphere Client
  2. Navigate to Inventory -> Select the host
  3. Click on Configure -> Under networking click on TCP/IP Configuration
  4. Click on the ellipsis for Default TCP/IP Stack and select edit
  5. Update the Preferred DNS server value with the IP address of DNS and click ok

Option B:

Update DNS server using ssh session on ESXi

  1. Log in to ESXi using ssh
  2. Execute the below command to update the DNS server

esxcli network ip dns server add --server=<DNS server IP>

Note: Execute the above command multiple times in case if more than 1 DNS server is required

  1. Execute the below command to remove the DNS IP address

esxcli network ip dns server remove --server=<DNS server IP>

 

Additional Information

Enable logging for Likewise agents on ESXi/ESX

Powered by Wolken Software