vSphere Authentication Proxy – No Support for 2012/2012R2 Domains

After checking this internally it turns out that vSphere Authentication is in fact supported with 2012 and 2012R2 functional levels and the KB will be updated. 

Surprisingly vSphere Authentication Proxy currently has no support for domains that have a functional level of 2012 or 2012R2.

The product will install correctly and register the CAM account but will be unable to authenticate the ESXi host with the domain.


Domain Functional Level
Windows 2000 native Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2
ESXi Version 4.x Yes Yes Yes No No 1,2 No 1,2
5.0 Yes Yes Yes Yes Yes 2,3 No 1,2
5.1 No Yes Yes Yes Yes 2 Yes 2,4
5.5 No Yes Yes Yes Yes 2 Yes 2,5
6.0 No Yes Yes Yes Yes 2 Yes 2


  1. Due to the most recent revisions of ESXi having been released before the release of the Domain Functionality level at the time of this article’s writing, the ESXi version is untested to run on the Active Directory Domain Functionality Level.
  2. Due to limitations in the vSphere Authentication Proxy, this version of Active Directory will not work. vSphere Authentication Proxy will only work with Windows Server 2008 R2 or lower. For more information, see Install or Upgrade vSphere Authentication Proxy section in the vSphere Installation Guide. If you are not using vSphere Authentication Proxy, this may be ignored.
  3. As of vSphere 5.0 Update 3, this Active Directory Domain Functionality Level is now supported.
  4. As of vSphere 5.1 Update 3, this Active Directory Domain Functionality Level is now supported.
  5. As of vSphere 5.5 Update 1, this Active Directory Domain Functionality Level is now supported.

Source: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2113023