Hi,
i tried to join a domain with my ESX Hosts in our Production. It won't work and i don't know why.
Here is the Case, probabyl someone has got an answer, that will work for me.
Production:
ESX6 Version 4600944
Windows Active Directory 2012
AD Account: User -> See all Computer Objects, Can create computer objects, Can delete computer objects
Output:
[root@esx4:~] /usr/lib/vmware/likewise/bin/domainjoin-cli join DOMAIN.COM administrator@DOMAIN.COM
Joining to AD Domain: DOMAIN.COM
With Computer DNS Name: esx4.DOMAIN.COM
administrator@DOMAIN.COM's password:
Error: LW_ERROR_KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN [code 0x0000a309]
Client not found in Kerberos database
LDAP Paths:
DC=DOMAIN DC=COM OU=Server OU= Test OU=Infrastruktur
LAB:
ESX6 Version 4600944
Windows Active Directory 2012
AD Account: Administrator
AD Account: User -> All rights
Output:
[root@esx4:~] /usr/lib/vmware/likewise/bin/domainjoin-cli join DOMAIN.COM administrator@DOMAIN.COM
Joining to AD Domain: DOMAIN.COM
With Computer DNS Name: esx4.DOMAIN.COM
administrator@DOMAIN.COM's password:
SUCCESS
LDAP Paths:
1st way:
DC=DOMAIN DC=COM OU=Computers
2nd Way:
DC=DOMAIN DC=COM OU=Server OU= Test OU=Infrastruktur
Ways i tried:
- Reach DNS Server [successful]
- Reach DC [successful]
- Lookup DNS [successful]
Update:
- Tried to connect to Port 636,389,53,88 from ESX to DC. [successful]
Maybe some rights are missing, do you know, which rights i need, for joining the domain.