• Adding ESXi host to AD domain fails when adding via vCenter(VC) UI or CLI.
• User with non-AD administration role is used to add the host to domain.
• Adding the host to the domain using AD domain administrator accounts is successful.
• DNS configured and resolvable
• Both vcenter and esxi hosts are pointing to the same ntp server. NTP services are up and running
• Likewise services are running.
  

  /etc/init.d/lwsmd status

  running

• From /var/run/log/syslog.log,we see entries of the following type:
  Failed to run provider specific request (request code = 12, provider = 'lsa-activedirectory-provider') -> error = 2692, symbol = NERR_SetupNotJoined, client pid = 2105274

VMware vSphere ESXi 8.0.3

vCenter Server 8.0.3

This issue is caused by lack of permissions, when a user who is not the AD domain administrator is used to join the host to AD domain. 

To resolve the issue verify the non-AD admin user permissions and assign either only the required or Full permissions: 

1. Add ONLY required permissions as per step 9 in Joining vCenter Server Appliance or ESXi host into Active Directory domain fails with error: LW_ERROR_LDAP_CONSTRAINT_VIOLATION or LW_ERROR_LDAP_INSUFFICIENT_ACCESS 
2. Add FULL permissions as per Trying to join ESXi host to Active Directory domain with vSphere Authentication Proxy fails with error "The specified vSphere Authentication Proxy server is not reachable, or has denied access to the service" 

Pre-requisite steps to verify the environment is ready to add the host to the domain : The ESXi host is unable to successfully join the Active Directory domain.