VMware Horizon Community
balagbm2017
Enthusiast
Enthusiast
‎01-27-2018 01:07 AM

Instant Clone - Issues

During push image , we have noticed the following error several times, Any possible root cause ?? Kindly advise

The SAM database on the windows server does not have a computer account for this workstation trust relationship.

The Horizon version was 7.3.2

Instant clone pool has enabled "reuse Pre-existing computer accounts"

Master image is not joined to domain

Windows 10 1703 build

Thanks

Bala

14 Replies
admin
Immortal
Immortal
‎01-27-2018 01:15 AM

Sound like a DNS issue.  Do you see any DNS or name resolution related errors in the event log?

You need to update the SPN with correct values - http://portal.sivarajan.com/2010/05/workstation-trust-relationship-issue.html

If you really want to understand the background process, review Joes’s blog - http://blog.joeware.net/2012/06/05/2508/

0 Kudos
balagbm2017
Enthusiast
Enthusiast
‎01-27-2018 01:26 AM

We have to run these commands and verity it in the master image or where?? .

This is happening not all the times, for example I have created a domain user called vmadmin and assigned a VDI pool for this user, the pool has 3 VDI desktops, when the vmadmin logged into the pool the first time, 2nd time and 3rd time he is able to login & logout successfully, on his 4th time he gets the sam database error when he clicks the error he gets VMware SSO screen.

0 Kudos
Progressiverdj
Contributor
Contributor
‎02-09-2018 03:47 AM

Same here with Horizon 7.4 and "Instant clone pool has enabled "reuse Pre-existing computer accounts"

Instant-Clone Windows 10 x64 1709 - AppVolumes - Writable volumes, Master Image is not joined to Domain.

jmatz135
Hot Shot
Hot Shot
‎02-14-2018 09:09 AM

If I use the reuse pre-existing computer accounts setting on the pools I only ever get this with vdi desktops that are spun up that have not already been created before and therefore don't have an AD object yet.  This was such an issue for me that I actually wrote a powershell script to search the domain for computer objects that do not have the SPNs set correctly.  Now since it isn't such an issue with the setting I just run the script every now and then to make sure everything is fine and recover any computers that have the issue.

On a side note:  Once the AD object is borked you if you are using the reuse pre-existing setting you will need to delete the ad object and then recover the desktop until it is created properly.

0 Kudos
balagbm2017
Enthusiast
Enthusiast
‎03-05-2018 10:14 AM

we are still facing this issues even though I have enabled "Reuse of existing computer account" in the pool settings. Any thoughts to have permanent fixes.

0 Kudos
sjesse
Leadership
Leadership
‎03-05-2018 10:20 AM

before you shutdown on the parent run ipconfig /flushdns and ipconfig /release. I saw the same thing with windows 7 desktops

0 Kudos
balagbm2017
Enthusiast
Enthusiast
‎03-05-2018 10:25 AM

I do ipconfig/release always but didn't do the ipconfig /flushdns will try this and update you.

0 Kudos
Wimp777
Enthusiast
Enthusiast
‎03-06-2018 08:51 AM

Do you see any errors on your domain controllers? I had a major problem with my instant clones not authenticating with my dc and failing to receive gpos etc after subsequent refreshes and logins? I could see errors on my domain controllers of my instant clones failing to auth during their build process with your same setup but with Windows 7. It took awhile but I have resolved my problem and haven't had issues in months.

pastedImage_0.png

Progressiverdj
Contributor
Contributor
‎07-23-2018 07:48 AM

What did you do to resolve this errors??

0 Kudos
Wimp777
Enthusiast
Enthusiast
‎07-23-2018 11:07 AM

I installed a hotfix for vmxnet 3 and another windows hotfix I will need to track down again. I also pointed my connection server to one dc. So that all my desktops being created and being used through Horizon are working through one domain controller so I don't have any sync issues between them. Since then I haven't had any issues after 7.1 with these fixes.

Haven't had any issues since 7.1 with my instant clones authenticating to my domain or receiving the GPOs.

0 Kudos
Wimp777
Enthusiast
Enthusiast
‎07-23-2018 11:10 AM

Unable to edit my last response. Another step I had to do is laid out in the Microsoft KB that was done to my master image in the registry.

https://support.microsoft.com/en-us/help/154501/how-to-disable-automatic-machine-account-password-ch...

0 Kudos
LetsFox
Contributor
Contributor
‎11-15-2018 08:41 AM

I've run down this issue and found that it's due to the way the domain is targeted during a clone refresh.

When the computer account reuse option is used, the computer account is reset when a new instant clone is built. In some networks, this operation can happen on a domain controller that is not local to the site where Horizon is deployed. Thus replication delays cause the computer to be unable to link up with the domain.

I'm looking for a way to target a specific domain controller, and will let you know if I find one.

0 Kudos
sjesse
Leadership
Leadership
‎11-15-2018 08:47 AM

Open a ticket, I'm pretty sure support has a way to point to one domain controller or something similar, I've seen other posts like this but I can't find them at the moment.

0 Kudos
Wimp777
Enthusiast
Enthusiast
‎11-15-2018 09:06 AM

With my support ticket back in 7.2 when I had this problem. Working with their support I added one domain controller that I wanted the connection server to communicate with use for the instant clone process. I haven't had issues with any of my desktops since then or with new versions of Horizon.

Connect to ASDI edit on your connection server. Go into Properties > ngvcAdDomain > pae-AdDomainController

0 Kudos