This issue may occur when the network firewall is blocking the required ports.
To resolve this issue, ensure that the following ports (both UDP and TCP) are open for communication between the ESX/ESXi host and Active Directory:
- Port 88 - Kerberos authentication
- Port 123 – NTP
- Port 135 - RPC
- Port 137 - NetBIOS Name Service
- Port 139 - NetBIOS Session Service (SMB)
- Port 389 - LDAP
- Port 445 - Microsoft-DS Active Directory, Windows shares (SMB over TCP)
- Port 464 - Kerberos - change/password changes
- Port 3268- Global Catalog search
Note: This issue may also occur if you have entered the user credentials in the <domain\username> format. This issue is resolved in ESXi 5.0 and later.
In some cases, the issue can be resolved first by a restart of the lwsmd service with the following commands:
/etc/init.d/lwsmd start
/etc/init.d/lwsmd start
To workaround this issue on earlier ESX/ESXi versions, enter the user credentials in the <
username> or <
username@fqdn_of_the_domain> format.