When adding a 4.1 ESX/ESXi host to an Active Directory domain it fails or whilst adding you receive an error “Errors in Active Directory operations“. If you have netlogond enabled on the host, you can check to see if you have similar entries in the netlogond.log:
20100820075107:0xf7c74b90:DEBUG:[LWNetSrvGetCurrentDomain
() /build/mts/release/bora-234910/likewise/esxi-
esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83] Error
at /build/mts/release/bora-234910/likewise/esxi-
esxi/src/linux/netlogon/server/api/lwnet-pstore.c:83 [code: 136]
The issue is more than likely down to TCP/UDP ports not open between the ESX/ESXi host and Active Directory server. Make sure you have the following TCP and UDP ports open:-
- Required (TCP and UDP) ports are
- Port 88 – Kerberos authentication
- Port 123 – NTP
- Port 135 – RPC
- Port 137 – NetBIOS Name Service
- Port 139 – NetBIOS Session Service (SMB)
- Port 389 – LDAP
- Port 445 – Microsoft-DS Active Directory, Windows shares (SMB over TCP)
- Port 464 – Kerberos – change/password changes
- Port 3268- Global Catalog search
Please NOTE that in earlier versions of ESX/ESXi the issue could also occur if you entered the user credentials as <domainusername> format, try user credentials in the <username> or <username@fqdn_of_the_domain> format instead.
