Home  »  Could not join domain: the specified domain either does not exist or could not be contacted

Could not join domain: the specified domain either does not exist or could not be contacted


Disable firewall on your ESXi 5 if you experiencing problems when joining to AD.

If you joining your freshly installed ESXi 5 to the Active Directory, you might run into a difficulties and receive an error.  This error is due to a ESXi 5.à firewall default settings. ESXi 5.0 has a new firewall engine that is not based on iptables. The firewall is service oriented, and is a stateless firewall. For remote hosts, you can specify the IP addresses or range of IP addresses that are allowed to access each service.

You can get an error like this:

Could not join <domainname> The specified domain either does not exist or could not be contacted.

Why is that happening?

The DNS lookup queries are sent through the TCP port 53 which is not open by default on the ESXi 5.0 firewall. So in order for the request to succeed, the firewall (or the port) must be temporarily disabled (opened).

The firewall sits between the ESXi host management interface and the management network on the local area network. You can configure it by using the vSphere Client. Go to Host Configuration > Software > Security Profile.

You can use host profiles for the ESXi 5.0 firewall configuration as well.

Update: On the screenshot bellow the UDP port is opened, but If a DNS lookup returns a packet greater than 512 bytes over UDP port 53, the command may fail. Sot that’s why (if it happens) you must disable the firewall temporarily…  DNS queries are then sent over TCP port 53 for a reliable response.

ESXi 5.0 Firewall - Port 53 for DNS requests

In addition, you can also use a new esxcli interface (esxcfg-firewall) is available in ESXi 5.0.

If you need more information about the ESXi 5.0 firewall, see the vSphere Security Guide. And also What’s New in VMware vSphere 5.0: Platform Whitepaper (page 6).

Source: KB article 2008226

 

 

Vladan SEGET

Vladan is an Independent consultant, vExpert, VCP and owner of this website. This website ESX Virtualization started as a bookmarking site, but very fast found itself many readers and supporters. Feel free to network via Twitter @vladan

More Posts - Website - Twitter - Facebook - LinkedIn - Google Plus

You may also like:

  1. Serial Port handling in ESXi 4.1
  2. How to configure vMA as a destination of ESXi log files
  3. vCenter ports requirements
  4. How to activate SSH for ESX Server
  5. How and where to change default ports for communication with ESX(i) hosts if needed
  6. How to configure ESXi 5 for iSCSI connection to Drobo
  7. French vBeers in Copenhagen – join us
Tagged with:   
  • http://vcp5.wordpress.com Preetam

    Did you meant TCP port that should be open? In screen above it is UDP port

    • http://www.vladan.fr Vladan SEGET

      Oops… I corrected the article, to better explain how it works.

      Thanks
      vladan