KnowledgeBase: If one of the address families on a dual stack Domain Controller is not enabled, adding VMware ESXi hosts to the domain might randomly fail

There is an issue in VMware ESXi 7.0, where adding ESXi hosts to Active Directory Domain Services fails randomly in networks with both IPv4 and IPv6 enabled.

             

The situation

In many environments, VMware vCenter environments or VMware ESXi hosts are added to Active Directory Domain Services to allow for single sign-on with domain accounts and role-based access control (RBAC).

The default configuration of Windows Server is to offer a dual network stack, offering both IPv4 and IPv6 connectivity to hosts on the network.

           

The issue

When you’re adding VMware ESXi hosts to Active Directory Domain Services, this action fails randomly.

You may experience time-outs. You may experience an error:

Error: NERR_DCNotFound [code 0x00000995].

As a result, you might fail to add ESXi hosts to the domain.

             

The cause

One of the address families on a dual stack Active Directory Domain Controller is not enabled, for example IPv6. Even after disabling IPv6 on the Domain Controller, a CLDAP ping to the IPv6 address may remain possible and gain precedence.

                         

The solution

This issue is resolved in VMware ESXi 7.0, Patch Release ESXi 7.0b  and described as part of VMware PR 2556037.

Note:
ESXi-7.0b-16324942 rollup bulletin contains the latest VIBs with all the fixes since the initial release of ESXi 7.0. Starting with vSphere 7.0, VMware uses components for packaging VIBs along with bulletins. The ESXi and ESX-update bulletins are dependent on each other. Always include both in a single ESXi host patch baseline or include the rollup bulletin in the baseline to avoid failure during host patching.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.