I have two ESXI 6.7U1 vhosts which I would like to connect to a domain; I'm starting with vhost1, (IP=##.##.##.2). The domain runs on two Windows Server 2016 domain controllers (VMs) named dc1 and dc2, IPs are ##.##.##.10 and ##.##.##.11 respectively. SMBv1 is disabled on both domain controllers. I have removed any/all IPv6 on the network as much as I've found, including on the hosts and their VMs. I don't have any indication that the domain is otherwise nonfunctional, but in the past I have had to re-sync the group policy / SYSVOL shares, so it's not impossible that my problem lies with the DCs somehow.
I have tried to join the domain from both hosts, with identical results. Joining via the webui, Manage, Authentication, Join Domain results in a message in recent tasks: "failed - The specified domain either does not exist or could not be contacted." I went to CLI (logged in as root), and I am pasting my interactions which are mostly some copy/paste from various pages I've Googled, including solutions that worked for people and which only appear to return (multiple) errors for me.
[root@vhost1:~] /etc/init.d/lwsmd start
Starting Likewise Service Manager [memory reservation set] SUCCESS
[Setting SMBv2 enabled to true] [starting lsass service] Starting service: lsass
...ok
[root@vhost1:~] chkconfig lwsmd on
[root@vhost1:~] /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.local administrator
Joining to AD Domain: domain.local
With Computer DNS Name: vhost1.domain.local
administrator@DOMAIN.LOCAL's password:
Error: Lsass Error [code 0x00000043]
Network name not found.. Failure to lookup a domain name ending in ".local" may be the result of
configuring the local system's hostname resolution (or equivalent) to use Multi-cast DNS. Please refer
to the Likewise manual at
witch for more information.
[root@vhost1:~] /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.local administrator@domain.local
Joining to AD Domain: domain.local
With Computer DNS Name: vhost1.domain.local
administrator@DOMAIN.LOCAL's password:
Error: ERROR_GEN_FAILURE [code 0x0000001f]
[root@vhost1:~] /usr/lib/vmware/likewise/bin/lwsm set-log file /var/log/likewise.log
[root@vhost1:~] /usr/lib/vmware/likewise/bin/lwsm set-log-level info
[root@vhost1:~] /etc/init.d/lwsmd stop
watchdog-lwsmd: PID file /var/run/vmware/watchdog-lwsmd.PID does not exist
watchdog-lwsmd: Unable to terminate watchdog: No running watchdog process for lwsmd
Stopping Likewise Service Manager [memory reservation released] ...failed
[root@vhost1:~] /etc/init.d/lwsmd start
Starting Likewise Service Manager [memory reservation set] SUCCESS
[Setting SMBv2 enabled to true] [starting lsass service] Starting service dependency: netlogon
Starting service dependency: lwio
Starting service dependency: rdr
Starting service: lsass
...ok
[root@vhost1:~] /usr/lib/vmware/likewise/bin/domainjoin-cli join domain.local administrator
Joining to AD Domain: domain.local
With Computer DNS Name: vhost1.domain.local
administrator@DOMAIN.LOCAL's password:
Error: DNS_ERROR_BAD_PACKET [code 0x0000251e]
A bad packet was received from a DNS server. Potentially the requested address does not exist.
[root@vhost1:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
##.##.##.2 vhost1.domain.local vhost1
[root@vhost1:~] /etc/init.d/lsassd stop
-sh: /etc/init.d/lsassd: not found
[root@vhost1:~] esxcli network ip dns server list
DNSServers: ##.##.##.10, ##.##.##.11
[root@vhost1:~] cat /etc/krb5.conf
[libdefaults]
default_tgs_enctypes = AES256-CTS AES128-CTS RC4-HMAC
default_tkt_enctypes = AES256-CTS AES128-CTS RC4-HMAC
preferred_enctypes = AES256-CTS AES128-CTS RC4-HMAC
allow_weak_crypto = true
dns_lookup_kdc = true
pkinit_kdc_hostname = <DNS>
pkinit_anchors = DIR:/etc/likewise/trusted_certs
pkinit_cert_match = <EKU>msScLogin
pkinit_eku_checking = kpServerAuth
pkinit_win2k_require_binding = false
pkinit_identities = PKCS11:/usr/lib/vmware/likewise/lib/libpkcs11wrapper.so.0
default_realm = DOMAIN.LOCAL
[likewise]
disable_modifications = false
version = 1
[domain_realm]
.domain.local = DOMAIN.LOCAL
[realms]
DOMAIN.LOCAL = {
auth_to_local = RULE:[1:$0\$1](^DOMAIN\.LOCAL\\.*)s/^DOMAIN\.LOCAL/DOMAIN/
auth_to_local = RULE:[1:$0\$1](^DOMAIN\.LOCAL\\.*)s/^DOMAIN\.LOCAL/DOMAIN/
auth_to_local = DEFAULT
}
[appdefaults]
pam = {
mappings = DOMAIN\\(.*) $1@DOMAIN.LOCAL
forwardable = true
validate = true
}
httpd = {
mappings = DOMAIN\\(.*) $1@DOMAIN.LOCAL
reverse_mappings = (.*)@DOMAIN\.LOCAL DOMAIN\$1
}
[root@vhost1:~] ping dc1
PING dc1 (##.##.##.10): 56 data bytes
64 bytes from ##.##.##.10: icmp_seq=0 ttl=128 time=0.247 ms
64 bytes from ##.##.##.10: icmp_seq=1 ttl=128 time=0.631 ms
--- dc1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.247/0.439/0.631 ms
[root@vhost1:~] ping dc2
PING dc2 (##.##.##.11): 56 data bytes
64 bytes from ##.##.##.11: icmp_seq=0 ttl=128 time=0.307 ms
64 bytes from ##.##.##.11: icmp_seq=1 ttl=128 time=0.558 ms
--- dc2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.307/0.432/0.558 ms
Vhost1 is afresh install on new hardware, still running the temporary license. Vhost2 is more established, licensed as a free ESXi host. There is no VCSA currently (although I did set one up to show off how nice VMotion/HA is, but that's not part of the Essentials pack so it's cost-prohibitive). My general question from all this is, what does this tell me I need to troubleshoot next from here? What more info should I grab to confirm what is and isn't working?