The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
ESXi 5.0 host connects to domain but users cannot authenticate (2033531)
- ESXi 5.0 host connects to the domain but users cannot authenticate
- The hostd logs contain errors similar to:
Oct 1 09:28:04 hostname nssquery: Group lookup failed for ‘YourDomain\ESX Admins’
- This issue occurs when:
- ESXi 5.0 host is joined to Active Directory
- The forward and reverse DNS resolutions are accurate
- The ESX Admins group has been added to the domain and authenticating users are in the group
- You see an incorrect user name or password error when logging into standalone host added to the domain
To resolve this issue, enable NFS in the firewall.
To enable NFS in the firewall:
- From the vSphere Client connected directly to the host, go to Configuration.
- Click Security Profile.
- Select Properties under Firewall.
- Select NFS to open ports 0-65535.
- Remove the ESXi host from the domain.
- Add the ESXi host from the domain.
- Restart the Management agents Restarting the Management agents on an ESXi or ESX host (1003490).
- Restart the lsassad services (/etc/init.d/lsassad restart).
- Add the host back into Active Directory.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.