Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

ESXi 5.0 host connects to domain but users cannot authenticate (2033531)

Symptoms

  • ESXi 5.0 host connects to the domain but users cannot authenticate
  • The hostd logs contain errors similar to:

    Oct 1 09:28:04 hostname nssquery: Group lookup failed for ‘YourDomain\ESX Admins’

  • This issue occurs when:
    • ESXi 5.0 host is joined to Active Directory
    • The forward and reverse DNS resolutions are accurate
    • The ESX Admins group has been added to the domain and authenticating users are in the group

  • You see an incorrect user name or password error when logging into standalone host added to the domain

Cause

Firewall settings are blocking authentication to the domain.

Resolution

To resolve this issue, enable NFS in the firewall.
 
To enable NFS in the firewall:
  1. From the vSphere Client connected directly to the host, go to Configuration.
  2. Click Security Profile.
  3. Select Properties under Firewall.
  4. Select NFS to open ports 0-65535. 
  5. Remove the ESXi host from the domain.
  6. Add the ESXi host from the domain.
  7. Restart the Management agents Restarting the Management agents on an ESXi or ESX host (1003490).
  8. Restart the lsassad services (/etc/init.d/lsassad restart).
  9. Add the host back into Active Directory.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 0 Ratings
Actions
KB: