Symptoms
Cannot add the ESX/ESXi host to an Active Directory domainAdding the ESX/ESXi host to an Active Directory domain failsYou see the error: Errors in Active Directory operations If netlogond is enabled on the host, you see entries similar to these in the netlogond.log: 20100820075107:0xf7c74b90:DEBUG:[LWNetSrvGetCurrentDomain() /build/mts/release/bora-234910/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83] Error at /build/mts/release/bora-234910/likewise/esxi-esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83 [code: 136] Note: For more information on enabling netlogond, see Enabling logging for Likewise agents on ESXi/ESX (1026554).
Resolution
This issue may occur when the network firewall is blocking the required ports.
To resolve this issue, ensure that the following ports (both UDP and TCP) are open for communication between the ESX/ESXi host and Active Directory:
Port 88 - Kerberos authenticationPort 123 – NTPPort 135 - RPCPort 137 - NetBIOS Name ServicePort 139 - NetBIOS Session Service (SMB)Port 389 - LDAPPort 445 - Microsoft-DS Active Directory, Windows shares (SMB over TCP)Port 464 - Kerberos - change/password changesPort 3268- Global Catalog search
Note: This issue may also occur if you have entered the user credentials in the <domain\username> format. This issue is resolved in ESXi 5.0 and later.
In some cases, the issue can be resolved first by a restart of the lwsmd service with the following commands:/etc/init.d/lwsmd start/etc/init.d/lwsmd start
To workaround this issue on earlier ESX/ESXi versions, enter the user credentials in the <username> or <username@fqdn_of_the_domain> format.
Related Information
Enabling logging for Likewise agents on ESXi/ESX向 Active Directory 域中添加 ESX/ESXi 主机失败,并显示以下错误:在 Active Directory 操作中出错 Active Directory ドメインへの ESX/ESXi ホストの追加がエラー「Errors in Active Directory operations」で失敗する
