Troubleshooting Active Directory issues in the VMware Horizon View environment (1030465)
- Unable to deploy virtual desktops to a second domain
- Adding a secondary domain to your VMware Horizon View environment fails
- You see the error:
- Deploying desktop pools is successful, but the virtual machines are deleted after the deployment
VMware Horizon View Manager environments are dependent on Microsoft Active Directory (AD) services. For your VMware Horizon View environment to function properly, the Active Directory permissions must be set correctly. You must know the correct path names for contextual items and you must set up a two way trust for any additional domains that you want to utilize for authentication or deployment.
This article provides the steps to troubleshoot Active Directory issues within a VMware Horizon View environment.
One way trust relationship between Active Directory domains will be supported from upcoming release of Horizon View.
Each step given here provides instructions and a link to a document for performing the step and taking corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and to identify the proper resolution. After completing each step, verify if you are able to add a secondary domain to your VMware Horizon View environment. Work through each troubleshooting step in order, and do not skip a step.
To troubleshoot potential Active Directory issues in your VMware Horizon View environment:
- Ensure that you have a proper two way trust. For more information, see Adding a domain to the VMware View Composer service on the Connection Broker fails with the error: Bad Domain Name (1026817).
- Ensure that you have set appropriate permissions for Composer operations. For more information, see Minimum permissions required for View Composer (1007659).
- Ensure that you have set up the destination organizational units (OUs) properly. If this is not set up correctly, the machines will attempt to deploy, and then delete themselves because there are no permissions or ownership over a OU, or the OU does not exist. This may also cause issues if you migrate virtual desktops between OUs. For more information, see Error during provisioning or deploying a virtual machine (1009436).
- Ensure that you are using NT 4 compatible encryption with a Windows Server 2008 domain controller. For more information, see View Composer linked clones fail to finish customizing (1028164).
If your problem continues to exist after trying the steps in this article:
- Collect the VMware Horizon View diagnostic bundle. For more information, see Collecting VMware Horizon View logs and diagnostic information (1017939).
- File a support request with VMware Support and quote this Knowledge Base article ID (1030465) in the problem description. For more information, see How to Submit a Support Request.
- Adding a domain to the VMware View Composer service on the Connection Broker fails with the error: Bad Domain Name (1026817)
- Provisioning linked clone desktops fail with the error: View Composer agent initialization state error (18): Failed to join the domain (1027087)
- Using the vdmadmin command to exclude or include a domain on a search list for View Administrator or Security Server (2006292)
- Connecting to linked clones in VMware Horizon View fails with the error: The trust relationship between this workstation and the primary domain failed (2084433)
- Logging in to a VMware Horizon View desktop in a multi-domain environment fails with the error: Authentication Failed (2085374)