Hi All,
I have a requirement to add AD Authentication to several standalone ESXi Hosts at various branch locations around the globe - i.e. no vCenter - so just the traditional join the host to AD via Configuration ->Authentication Services.
There are a mixture of ESXi 5.1, 5.5 and 6.0 hosts, but having the same problem with them all - so it potentially suggests something with the domain maybe?
Anyway - set up time sync as per VMware KB article (VMware KB: Synchronizing ESXi/ESX time with a Microsoft Domain Controller) and joined to domain successfully
We have an AD Group called ESX-Admins - and before joining to the domain I have modified the "Config.HostAgent.plugins.hostsvc.esxAdminsGroup" so it auto adds the correct group name to have permissions at the top level of the host.
Join the host to the domain at this point (and verified its there in AD and waited for replication to catch up as well) but I am just unable to log in with my AD user and I cannot work out why!
I just get the error "The vSphere Client could not connect to "<Hostname or IP>". You do not have permission to login to the server: <Hostname or IP>"
Thats it, thats all I get - the hosts have not been locked down (not connected to vCenter as I said) - most of which are clean builds with very little tweaking of any settings, the DC's at the sites are not RODC's or anything like that?
Any pointers.....its totally doing my head right in!!!!
Thanks
Paul