VMware Horizon Community
Diablosonans
Contributor
Contributor
‎01-23-2017 06:34 AM
Jump to solution

Horizon 7 , instant clone and Windows 10- major issue with AD computer account creation

Hi.

I have been using Horizon 7 since 7.0.0, and have updated to  .2 and now .3 to try and resolve this problem.

Problem description:

Upon creation of a virtual machine for the first time, there is no problem. It registers correctly in AD.

However, when they are deleted and recreated, there is a high chance that the computer object is created wrong, lacking ServicePrincipalName.

I suspect this has something to do with replication in AD being too slow for Horizon, but i cant be certain.

I have 2 solutions running here. in one, there is a dedicated domain for the horizon instant clone environment, with only 2 DCs. i rarely have any issues here, when creating 300 machines in one go.

Then there is the other environment, that has about 30 DCs. Here i create 15 machines, and originally when first activating the pool, there are no issues, but on delete/recreate, there is a 70-80% chance they are created missing the ServicePrincipalName.

If this is a AD slowness issue(replication seems to be working fine in AD. I have been running health checks.), i would very much hope for an option to randomize computer names used by Horizon view, so that it does not pick the same name during recreation of a vm.

Or some better checks done by the connection server when creating instant clones before making them available to the users.

0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
‎01-23-2017 10:57 AM
Jump to solution

Can you please check this KB and see whether it addresses your issue?

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21471...

View solution in original post

0 Kudos
7 Replies
angelage1
VMware Employee
VMware Employee
‎01-23-2017 10:50 AM
Jump to solution

Hi there, I'm the product manager for instant clone.  could I ask you to open a ticket with GSS so that we can take a look at this issue?  Thanks!

Angela Ge Product Line Manager, VMware Horizon
0 Kudos
admin
Immortal
Immortal
‎01-23-2017 10:57 AM
Jump to solution

Can you please check this KB and see whether it addresses your issue?

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21471...

0 Kudos
angelage1
VMware Employee
VMware Employee
‎01-23-2017 10:58 AM
Jump to solution

Hi, my engineers just told me this may have been addressed already. 


"I think this is already addressed in View 7.0.1 where you can specify a dedicated domain controller on LDAP database to bypass the slow replication issue."

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=21471...


If this doesn't resolve your issue, then open a ticket with GSS.


-Angela Ge

Angela Ge Product Line Manager, VMware Horizon
Diablosonans
Contributor
Contributor
‎01-24-2017 12:08 AM
Jump to solution

Thank you! This was exactly what i was looking for. Must have missed it in the release notes, as i always check those.

I will test it today ans see what comes of it.

0 Kudos
Diablosonans
Contributor
Contributor
‎01-24-2017 05:05 AM
Jump to solution

This has now been tested and found to be a working solution. Thanks a lot for the help!

0 Kudos
Diablosonans
Contributor
Contributor
‎01-27-2017 01:02 AM
Jump to solution

I would also like to add, after testing this solution for a few days, that it was not a perfect fix. It got the issue down from happening 70%-80% of the time, down to about 5%. So a major improvement.

I'm currently trying to test this fix in combination with post 10 in this link

Horizon 7 Instant Clone failed to update machine group policy

1) Follow this KB to connect to ADAM db on any one of the brokers (https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=20123...).

2) Go to OU=Server Groups and double click on the Instant Clone pool name that has they want to test.

3) Scroll down to attribute named pae-VmNameReuseAllowed and change its value to 0.

4) Give it a few minutes and then try out deletion/pushImage operations

0 Kudos
jmatz135
Hot Shot
Hot Shot
‎01-27-2017 11:01 AM
Jump to solution

I am seeing this issue as well.  Windows 7 SP1, Horizon View 7.02 and I have about 15-20% of machines come up with the servicePrincipalName missing the HOST and RestrictedKrbHost entries.  I'll try the solutions provided here, but restricting the Horizon View server to use only one domain controller kind of defeats the purpose of a multi-domain controller site.  I also really don't like having to set each desktop pool manually to not reuse the same computer object name.

0 Kudos