Search the VMware Knowledge Base (KB)
View by Article ID

Joining ESXi host to Active Directory using vSphere Authentication Proxy fails with the error: The specified vSphere Authentication Proxy Server is not reachable, or has denied access to the service (2058689)

  • 7 Ratings

Symptoms

  • Joining an ESXi host to Active Directory using the vSphere Authentication Proxy service fails with the error:

    The specified vSphere Authentication Proxy Server is not reachable, or has denied access to the service.

  • In the hostd.log file, located at /var/log/, you see entries similar to:

    <YYY-MM-DDTHH:MM:SS>.506Z [34564B90 info 'Vimsvc.TaskManager' opID=2F9716C2-000001B3-a3-fa] Task Created : haTask-ha-hostvim.host.ActiveDirectoryAuthentication.joinDomainWithCAM-305724229
    CamHttpQueryDomainInfo: 13
    <YYY-MM-DDTHH:MM:SS>.880Z [34564B90 error 'ActiveDirectoryAuthentication' opID=2F9716C2-000001B3-a3-fa] vmwauth ConnectionRefusedException: Exception 0x000004c9: The remote computer refused the network connection.
    <YYY-MM-DDTHH:MM:SS>.880Z [34564B90 info 'Vimsvc.ha-eventmgr' opID=2F9716C2-000001B3-a3-fa] Event 85 : Join domain failed.
    <YYY-MM-DDTHH:MM:SS>.881Z [34564B90 info 'Vimsvc.TaskManager' opID=2F9716C2-000001B3-a3-fa] Task Completed : haTask-ha-host-vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM-305724229 Status error
    <YYY-MM-DDTHH:MM:SS>.216Z [34440B90 verbose 'SoapAdapter'] Responded to service state request
    <YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 info 'Solo.Vmomi'] Activation [N5Vmomi10ActivationE:0x5720578] : Invoke done [waitForUpdates] on [vmodl.query.PropertyCollector:ha-property-collector]
    <YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 verbose 'Solo.Vmomi'] Arg version:
    "2"
<YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 info 'Solo.Vmomi'] Throw vmodl.fault.RequestCanceled
<YYY-MM-DDTHH:MM:SS>.609Z [FFDC2B90 info 'Solo.Vmomi'] Result:
(vmodl.fault.RequestCanceled) {
dynamicType = <unset>,
faultCause = (vmodl.MethodFault) null,
msg = "",
}
  • In the vpxd.log file, located at C:\ProgramData\VMware\VMware VirtualCenter\Logs\, you see entries similar to:

    <YYY-MM-DDTHH:MM:SS>.089+01:00 [01616 info 'Default' opID=2F9716C2-000001B3-a3] [VpxLRO] -- ERROR task-70 -- host-38 -- vim.host.ActiveDirectoryAuthentication.joinDomainWithCAM:
    vim.fault.CAMServerRefusedConnection:

    Result:
(vim.fault.CAMServerRefusedConnection) {
dynamicType = <unset>,
faultCause = (vmodl.MethodFault) null,
errorCode = 1225,
camServer = "10.10.10.102",
msg = "The specified vSphere Authentication Proxy server is not reachable, or has denied access to the service.",
}
Args:

Cause

This issue occurs if the Authentication Proxy service is not listening on port 51915.

Resolution

To resolve this issue, change the Authentication Proxy service to port 51915.
 
To change the Authentication Proxy service to port 51915:
  1. Log in to the server that is running the vSphere Authentication Proxy as an administrative user. Click Start > Run, type services.msc and click OK.
  2. Right-click Authentication Proxy Services and click Stop.
  3. Open Server Manager and navigate to Roles > Web Server > Internet Authentication Services > Computer Account Manager > Bindings.
  4. Select https and select Edit Change Port.
  5. Change the current port to 51915.
  6. Modify the vmconfig-cam.xml file, located at C:\ProgramData\VMware\vSphere Authentication Proxy\, using the text editor. Set the port to 51915.
  7. Open the C:\ProgramData\VMware\vSphere Authentication Proxy\ssl directory and remove any host-XX files.
  8. Restart the Authentication Proxy Services service.

Additional Information

Currently vSphere Authentication Proxy supports only IIS 6 and IIS 7.  Windows 2012 and 2012 R2 running IIS 8.x are not supported. For more information on IIS versions, see Microsoft Knowledge Base 224609

For related information, see:

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

Note: The preceding link was correct as of September 15, 2014. If you find the link is broken, please provide feedback and a VMware employee will update the link.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 7 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 7 Ratings
Actions
KB: