Domain membership status for the ESXi host is showing : "Other Problem" even if the ESXi is joined to the domain.
Article ID: 423695
Updated On:
Products
Issue/Introduction
Unable to login the ESXi host with domain ID as the domain membership status for the ESXI is showing "Other Problem"
syslog.log
yyyy-mm-ddT06:09:01.708Z Er(27) lwsmd[2102553]: GSS API error calling gss_init_sec_context(): majorStatus = 0x000d0000 (Unspecified GSS failure. Minor code may provide more information), minorStatus = 0x96c73a20 (Ticket expired)
yyyy-mm-ddT06:09:01.726Z Wa(28) lwsmd[2102553]: [LwKrb5GetTgtImpl ../lwadvapi/threaded/krbtgt.c:262] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
yyyy-mm-ddT06:09:32.839Z Wa(28) lwsmd[2102553]: [LwKrb5GetTgtImpl ../lwadvapi/threaded/krbtgt.c:262] KRB5 Error code: -1765328360 (Message: Preauthentication failed)
yyyy-mm-ddT06:09:32.839Z Er(27) lwsmd[2102553]: [lsass] Failed to run provider specific request (request code = 14, provider = 'lsa-activedirectory-provider') -> error = 40022, symbol = LW_ERROR_PASSWORD_MISMATCH, client pid = 72157517
Environment
VMware ESXi 7.x
VMware ESXi 8.x
Cause
Local machine's account (ESXI) password has become out of sync with the password stored in Active Directory (AD).
Resolution
Either of the below steps to re-establish the sync and clear the cache on the ESXi host.
1. Disjoin the ESXi from domain and rejoin back.
2. Clear cache for the ESXi host using the command /usr/lib/vmware/likewise/bin/lw-lsa ad-cache --delete-all and restart the likewise manager service using the command : /etc/init.d/lwsmd restart
Feedback
