During our ESXi deployment automation, we use Set-VMHostAuthentication to join the ESXi v6.5 server to the AD domain.
This works flawlessly about 2/3 of the time.
The other 1/3, the join succeeds, (Get-VMHostAuthentication).DomainMembershipStatus -eq "OK", and the computer's domain account has been updated (we pre-create the account and make sure all DC's know about the account before attempting the join).
However,
- the field (Get-VMHostAuthentication).TrustedDomains -eq $null (normal completion shows the one trusted sub-domain)
- When we try to grant a domain user/group permissions, we see error
+ CategoryInfo : ObjectNotFound: (myDomain\myGroup:String) [New-VIPermission], VimException
- If we reboot the ESX server, there is no joined domain.
Domain-related DNS and AD replication all appear to be properly configured.
This behaviour also occurs using the web client, which is why I'm posting this here and not in the PowerCLI forum.
Before I go down the Likewise logging/debugging path, I'm wondering if anyone has experienced something similar and/or can provide pointers to the root cause.
Thank you for this.