vSphere 6.0 Basics – Part 6 – Installing vSphere Authentication Proxy

This is part 6 of the vSphere 6.0 Basics, detailing the installation of vSphere Authentication Proxy on Windows Server 2012 R2.

This is a 6 part series, describing the installation basics of vSphere 6.0:

  1. vSphere 6.0 Basics – Part 1 – ESXi Install
  2. vSphere 6.0 Basics – Part 2 – vSphere Client Install
  3. vSphere 6.0 Basics – Part 3 – vCenter Server Appliance Install
  4. vSphere 6.0 Basics – Part 4 – vCenter Server Install with Windows Server 2012 R2
  5. vSphere 6.0 Basics – Part 5 – vSphere Update Manager
  6. vSphere 6.0 Basics – Part 6 – vSphere Authentication Proxy

UPDATE – WARNING – This post has been constructed using the vSphere 6.0 Release Candidate (RC – Build 2172336), there are significant improvements in the GA code (see comment below), so check the official VMware documentation for guidance.

As in previous versions, the optional vSphere Authentication Proxy is used to allow ESXi hosts to join an Active Directory domain without credentials.  The most common use-case is for AutoDeploy (PXE Boot) with Host Profiles.


Install the vSphere Authentication Proxy

  1. Mount or extract the VIM 6.0 ISO image to the Microsoft Windows Server 2012 R2 system that will be used for the “vSphere Authentication Proxy”.  Note: the Microsoft .NET Framework 3.5 SP1 is required to be installed before you begin, there is an install option built-in, but it requires access to the Internet.  You also need the IIS feature installed with IIS 6 Metabase Compatibility, ISAPI Extensions, IP and Domain Restrictions.
  2. Make sure you use a Domain account that has Domain Admin privileges, this is because the installation software creates a Domain account with the required privileges for the Authentication Proxy to function.  Otherwise your installation will fail with the message “Error 29106”.
  3. Execute the “autorun.exe” file.
  4. In the “VMware vCenter Installer” window, select the “vSphere Authentication Proxy” object under the “VMware vCenter Support Tools” option and press the “Install” button.
  5. Select your language (default “English (United States)”) and press “OK”.
  6. In the “VMware vSphere Authentication Proxy” window, press “Next”.
  7. In the “End User License Agreement” window, accept the licence agreement and select “Next”.
  8. In the “Destination Folder” window, change the destination folders if required and then press “Next”.
  9. In the “VMware vCenter Server Information” window, enter the vCenter server “Name”, “HTTP Port”, “Username”, “Password” and then press “Next”.
  10. Press “Yes” to the “SSL Certificate Trust” message.
  11. In the “VMware vSphere Authentication Proxy Identification” window, select the vUM identity and then press “Next”.
  12. In the “Ready to Install” window, press “Install”.
  13. In the “Completing the Installation Wizard” window, press “Finish”.
  14. Open the “IIS Manager” and select the “IP Address and Domain Restrictions” icon.  Press the “Add Allow Entry” and create an “Add Allow Restriction Rule” for the DHCP range being used by the ESXi hosts.
  15. Open the vSphere Web Client, under Manage, open the Settings object for the reference host.  In the Authentication Services window, press the “Join Domain” button and enter the AD name under “Domain” and the IP Address of the Authentication Proxy under “Using proxy server”.  Press “OK” and the ESXi host will be added to the Active Directory Domain.

vSphere_Auth_Proxy_1 vSphere_Auth_Proxy_2 vSphere_Auth_Proxy_3 vSphere_Auth_Proxy_4 vSphere_Auth_Proxy_5 vSphere_Auth_Proxy_6 vSphere_Auth_Proxy_7 vSphere_Auth_Proxy_8 vSphere_Auth_Proxy_9 vSphere_Auth_Proxy_10 vSphere_Auth_Proxy_11 vSphere_Auth_Proxy_12 vSphere_Auth_Proxy_13vSphere_Auth_Proxy_19 vSphere_Auth_Proxy_16 vSphere_Auth_Proxy_17 vSphere_Auth_Proxy_18vSphere_Auth_Proxy_14vSphere_Auth_Proxy_15

Published by


Chief Enterprise Architect and Strategist, 4xVCDX#133, NPX#8, DECM-EA.

6 thoughts on “vSphere 6.0 Basics – Part 6 – Installing vSphere Authentication Proxy”

  1. You will need to update all of this by GA, we have even further improved our products, screens, usability and performance. You might be misleading others if you keep it as is.

    1. Thank you for the heads up, Orna. Warning message inserted into the article; when I get the GA code and if I have time, I will update the procedure.

  2. Hi, do you absolutely need auto deploy with it? Also, I have a windows 2012 R2 machine and I cannot join domain on my esx with it.. I see in the doc that the prerequisite is: Windows 2008 and Auto deploy… am I mistaken? thanks

    1. Hello Marc-Andre, No, you do not. Authentication Proxy is needed with AutoDeploy since ESXi is stateless and uses the Host Profiles to be configured. Authentication Proxy allows you to avoid the need to cache AD credentials within the Host Profile.

Comments are closed.