When attempting to log in to an ESXi 9.0 host using Active Directory (AD) credentials, the login fails with the following error:

"Cannot complete login due to an incorrect user name or password."

• VMware ESXi: 9.0

• Active Directory: Hardened environments where RC4 Kerberos encryption and SMBv1/v2 protocols are disabled.

By default, the authentication service used by ESXi (Likewise/lsass) may attempt to use legacy encryption types (RC4_HMAC) or older SMB dialects to communicate with Domain Controllers.
If the Domain Controllers are configured to only allow AES encryption (AES128/256) and SMBv3, the authentication handshake will fail even if the credentials are correct.

Configure AD and join the ESXi host with RC4 and SMB v2.0 enabled
Once ESXi has finished joining the domain, disable RC4 and SMB v2.0 on the Active Directory side