Error "The specified domain either does not exist or could not be contacted" when attempting to join ESXi host to domain
search cancel

Error "The specified domain either does not exist or could not be contacted" when attempting to join ESXi host to domain

book

Article ID: 433247

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • The error "The specified domain either does not exist or could not be contacted" is encountered when an attempt is made to join the ESXi host to the domain from the vSphere client following KB/316623 .
  • Similarly, when an attempt is made to join the ESXi host to the domain using the 'domainjoin-cli' command, the following error is encountered:

[root@ESXihostname :~ ] /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.example.com DomainUser
Joining to AD Domain:
With Computer DNS Name: ESXihostname.domain.example.com

[email protected]'s password:
Error: DNS ERROR BAD PACKET [code 0x0000251e]

A bad packet was received from a DNS server. Potentially the requested address
does not exist.

  • In the /var/run/hostd.log and syslog.log of the ESXi host, the following errors returned from the DNS server during the domain join action:

    • hostd.log:

      YYYY-MM-DDTHH:MM:SSZ In(166) Hostd[2098700]: [Originator@6876 sub=Default opID=#####-####-######-##-##-## sid=##### user=vpxuser:DomainName\DomainUser] LikewisePerformDomainAction: calling DJRunJoinProcess() to JOIN domain...
      YYYY-MM-DDTHH:MM:SSZ In(166) Hostd[2098648]: -->
      YYYY-MM-DDTHH:MM:SSZ In(166) Hostd[2098700]: [Originator@6876 sub=Default opID=#####-####-######-##-##-## sid=##### user=vpxuser:DomainName\DomainUser] LikewisePerformDomainAction: DJRunJoinProcess() returned.
      YYYY-MM-DDTHH:MM:SSZ Er(163) Hostd[2098700]: [Originator@6876 sub=Default opID=#####-####-######-##-##-## sid=##### user=vpxuser:DomainName\DomainUser] [LikewisePerformDomainAction:18
      5] DJRunJoinProcess(): DNS_ERROR_BAD_PACKET (9502/0): A bad packet was received from a DNS server. Potentially the requested address does not exist.
      YYYY-MM-DDTHH:MM:SSZ Er(163) Hostd[2098648]: -->
      YYYY-MM-DDTHH:MM:SSZ Er(163) Hostd[2098700]: [Originator@6876 sub=ActiveDirectoryAuthentication opID=#####-####-######-##-##-## sid=##### user=vpxuser:DomainName\DomainUser] vmwauth NoSuchDomainException: N6vmware14authentication21NoSuchDomainExceptionE(Exception 0x0000054b: The specified domain either does not exist or could not be contacted.)
      YYYY-MM-DDTHH:MM:SSZ In(166) Hostd[2098700]: [Originator@6876 sub=Vimsvc.ha-eventmgr opID=#####-####-######-##-##-## sid=##### user=vpxuser:DomainName\DomainUser] Event 7823 : Join domain failed.
      YYYY-MM-DDTHH:MM:SSZ In(166) Hostd[2098700]: [Originator@6876 sub=Vimsvc.TaskManager opID=#####-####-######-##-##-## sid=##### user=vpxuser:DomainName\DomainUser] Task Completed : haTask-ha-host-vim.host.ActiveDirectoryAuthentication.joinDomain-1107110376 Status error


    • syslog.log:

      In the provided log snippet, the domain controller servers reported in the error are observed to be hosted in a different geographical location and have been decommissioned.

      YYYY-MM-DDTHH:MM:SSZ Er(27) lwsmd[2306747]: [netlogon] Unable to get IP address for 'dc1.example.com'
      YYYY-MM-DDTHH:MM:SSZ Er(27) lwsmd[2306747]: [netlogon] Unable to get IP address for 'dc2.example.com'
      YYYY-MM-DDTHH:MM:SSZ Er(27) lwsmd[2306747]: [netlogon] Unable to get IP address for 'dc3.example.com'
      YYYY-MM-DDTHH:MM:SSZ In(30) lwsmd[2306747]: [netlogon] Filtering list of 26 servers with list of 0 black listed servers
      YYYY-MM-DDTHH:MM:SSZ Er(27) lwsmd[2306747]: [netlogon] Unable to get IP address for 'dc4.example.com'
      YYYY-MM-DDTHH:MM:SSZ In(30) lwsmd[2306747]: [netlogon] Filtering list of 0 servers with list of 0 black listed servers
      YYYY-MM-DDTHH:MM:SSZ Er(27) lwsmd[2306747]: [lsass] Failed to find DC for domain DOMAIN.EXAMPLE.COM
      YYYY-MM-DDTHH:MM:SSZ Er(27) lwsmd[2306747]: [lsass] Failed to run provider specific request (request code = 8, provider = 'lsa-activedirectory-provider') -> error = 9502, symbol = DNS_ERROR_BAD_PACKET, client pid = #####

Environment

ESXi 8.x

Cause

The ESXi host attempts to communicate with decommissioned or geographically distant Active Directory Domain Controllers during the domain join process. This occurs when the Active Directory Sites and Services topology lacks a specific Site Link or Subnet definition for the ESXi host's network.

Resolution

To resolve this issue, engage your active directory/networking team to allow required access to valid active directory and DNS servers in the environment.

Additional Information

Note: For information regarding required ports that need to be open between the ESXi hosts and the Active Directory domain controller, see the VMware Ports and Protocols guide (Filter for "Microsoft Active Directory Domain Controllers"). 

Powered by Wolken Software