Install vSphere Authentication Proxy to enable ESXi hosts to join a domain without using Active Directory credentials. vSphere Authentication Proxy enhances security for PXE-booted hosts and hosts that are provisioned using Auto Deploy by removing the need to store Active Directory credentials in the host configuration.

If an earlier version of the vSphere Authentication Proxy is installed on your system, this procedure upgrades the vSphere Authentication Proxy to the current version.

You can install vSphere Authentication Proxy on the same machine as the associated vCenter Server, or on a different machine that has network connection to the vCenter Server. vSphere Authentication Proxy is supported with vCenter Server versions 5.0 and later.

The vSphere Authentication Proxy service binds to an IPv4 address for communication with vCenter Server, and does not support IPv6. The vCenter Server instance can be on a host machine in an IPv4-only, IPv4/IPv6 mixed-mode, or IPv6-only network environment, but the machine that connects to the vCenter Server through the vSphere Web Client must have an IPv4 address for the vSphere Authentication Proxy service to work.


  • Install Microsoft .NET Framework 3.5 on the machine where you want to install vSphere Authentication Proxy.
  • Verify that you have administrator privileges.
  • Verify that the host machine has a supported processor and operating system.
  • Verify that the host machine has a valid IPv4 address. You can install vSphere Authentication Proxy on a machine in an IPv4-only or IPv4/IPv6 mixed-mode network environment, but you cannot install vSphere Authentication Proxy on a machine in an IPv6-only environment.
  • If you are installing vSphere Authentication Proxy on a Windows Server 2008 R2 host machine, download and install the Windows hotfix described in Windows KB Article 981506 on the Web site. If this hotfix is not installed, the vSphere Authentication Proxy Adapter fails to initialize. This problem is accompanied by error messages in camadapter.log similar to Failed to bind CAM website with CTL and Failed to initialize CAMAdapter.
  • Download the vCenter Server installer.
Gather the following information to complete the installation or upgrade:
  • The location to install vSphere Authentication Proxy, if you are not using the default location.
  • The address and credentials for the vCenter Server that vSphere Authentication Proxy will connect to: IP address or name, HTTP port, user name, and password.
  • The host name or IP address to identify vSphere Authentication Proxy on the network.


  1. Add the host machine where you will install the authentication proxy service to the domain.
  2. Use the Domain Administrator account to log in to the host machine.
  3. In the software installer directory, double-click the autorun.exe file to start the installer.
  4. Select VMware vSphere Authentication Proxy and click Install.
  5. Follow the wizard prompts to complete the installation or upgrade.
    During installation, the authentication service registers with the vCenter Server instance where Auto Deploy is registered.


When you install the vSphere Authentication Proxy service, the installer creates a domain account with appropriate privileges to run the authentication proxy service. The account name begins with the prefix CAM- and has a 32-character, randomly generated password associated with it. The password is set to never expire. Do not change the account settings.

What to do next

Configure ESXi to use vSphere Authentication Proxy to join a domain. See the vSphere Security documentation.