You have everything hooked up to AD, right?
There’s no better way to compromise your entire lab than having a SSO password for just about everything. I’m not (entirely) serious of course, but that’s a discussion for another day; So here’s a quick run down on adding ESXi 6.5 hosts to AD instead.
Create an AD Security Group
In Active Directory, open Active Directory Users and Computers
Select Users, then Create a new group in the current container. Give it a name that will make sense so that it isn’t accidentally deleted
Select an administrator that should have access to ESXi via AD, right click them and choose Add to a group. Enter the name of the group that was just created
Add Hosts to AD
Head to the new(ish) host client at https://HOST_IP/ui/
Navigate to Manage -> Security and Users -> Authentication the select Join Domain
Enter the domain name, an administrator user name and their password
It shouldn’t take long
The final task is to tell ESXi about the security group that was created initially. Head to Manage -> System -> Advanced settings, then look for plugins.hostsvc.esxAdminsGroup. Select Edit option, then enter the name of the security group created earlier
Propagation should take around a minute before you can log in with AD credentials.
Some things to check if joining fails
Enable SSH, then-
- Ping the AD DC IP – failure indicates a connectivity issue
- Ping the AD DC domain name – failure indicates a DNS issue
- telnet DC_IP_ADDRESS 389 – failure indicates a firewall issue
- Check time is synchronised between ESXi and the domain controller
- /etc/init.d/lwsmd start – if errors include likewise service manager [failed to set memory reservation], free some physical memory then try again