host: esxi 6.5.0 vmkernel release build 5969303
domain controller: server 2016 standard with latest cumulative update
no firewall in place.
when adding the esxi host to the domain with SMB 1.0 protocol (default setting), there are no issues. it works fine, tested via webgui and via command line.
unfortunately in our environment we want to get rid of SMB 1.0 completely and uninstall it from the domain controllers. so we followed this (ESXi 6 hangs when joining Active Directory Domain ) post to modify likewise to use smb 2.0
after this change the domain join via webgui "hangs" and does not complete. then the entire webgui becomes unresponsive and from this moment on, we have to reboot the esxi host.
we followed various troubleshooting guides, like this one (ESXi and Likewise – troubleshooting guide – part 2 – Virtual Village )
for example, we disabled ipv6 on the domain controller like suggested, we disabled the windows firewall on the DC, we disabled the esx firewall.... did not help. dns config, hosts file, etc.. should all be fine and good, as domain join with SMB1.0 works.
to get better debugging info we then tried a manual join with this procedure:
/usr/lib/vmware/likewise/bin/lwsm restart lwio
/etc/init.d/lwsmd stop
/etc/init.d/lwsmd start
esxcli network firewall unload
/usr/lib/vmware/likewise/bin/lwsm set-log file /var/log/likewise.log
/usr/lib/vmware/likewise/bin/lwsm set-log-level debug
/usr/lib/vmware/likewise/bin/domainjoin-cli join domain.local domainadmin@domain.local somepassword
the command prints two messages:
Joining to AD Domain: domain.local
With Computer DNS Name: HV001.domain.local
and then just hangs.
after a failed join attempt like this we have to ps | grep lwsmd and kill -9 *pid* - otherwise, we can't interact with lwio/lsass anymore.
the verbose logging gives the following information:
20170814141140:DEBUG:lwio:IoCreateFile():ioapi.c:218: LEAVE: -> 0x00000103 (EE = 0)
20170814141140:DEBUG:lwio:IopIpcCreateFile():ioipc.c:438: LEAVE_IF: -> 0x00000103 (STATUS_PENDING) (EE = 0)
20170814141140:DEBUG:lwio:RdrResolveToDomain():driver.c:889: Error at ../lwio/server/rdr/driver.c:889 [status: STATUS_NOT_FOUND = 0xC0000225 (-1073741275)]
20170814141140:DEBUG:lwio:RdrSocketTaskConnect():socket.c:1019: Error at ../lwio/server/rdr/socket.c:1019 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketTask():socket.c:1246: Error at ../lwio/server/rdr/socket.c:1246 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketRead():socket.c:1773: Error at ../lwio/server/rdr/socket.c:1773 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketReceivePacket():socket.c:701: Error at ../lwio/server/rdr/socket.c:701 [status: STATUS_PENDING = 0x00000103 (259)]
20170814141140:DEBUG:lwio:RdrSocketDispatchPacket2():socket.c:1423: Error at ../lwio/server/rdr/socket.c:1423 [status: STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3 (-1073741629)]
20170814141140:DEBUG:lwio:RdrSocketTaskTransceive():socket.c:1134: Error at ../lwio/server/rdr/socket.c:1134 [status: STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3 (-1073741629)]
20170814141140:DEBUG:lwio:RdrSocketTask():socket.c:1251: Error at ../lwio/server/rdr/socket.c:1251 [status: STATUS_INVALID_NETWORK_RESPONSE = 0xC00000C3 (-1073741629)]
20170814141223:VERBOSE:lsass:LsaSrvIpcCheckPermissions():ipc_state.c:79: Permission granted for (uid = 0, gid = 0, pid = 72438) to open LsaIpcServer
20170814141223:VERBOSE:lsass-ipc:lwmsg_peer_log_accept():peer-task.c:271: (session:04df4955d842942b-f5af40d405e6b03c) Accepted association 0xb1016b8
20170814141223:VERBOSE:lwreg:RegDbOpenKey():sqldb.c:1068: Registry::sqldb.c RegDbOpenKey() finished
20170814141223:DEBUG:lwreg:RegDbGetKeyValue_inlock():sqldb_p.c:1227: Error at ../lwreg/server/providers/sqlite/sqldb_p.c:1227 [status: LW_STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 (-1073741772)]
20170814141223:DEBUG:lwreg:RegDbGetValueAttributes_inlock():sqldb_schema.c:846: Error at ../lwreg/server/providers/sqlite/sqldb_schema.c:846 [status: LW_STATUS_OBJECT_NAME_NOT_FOUND = 0xC0000034 (-1073741772)]
STATUS_INVALID_NETWORK_RESPONSE gives me no additional clue of what's going wrong except that this may simply be a bug in likewise or esxi.
is there any way to get domain join working with SMB 2.0 ?