VMware Horizon Community
freyuh
Contributor
Contributor

Composer fails after Horizon upgrade from 7.6 to 7.8

Hello,

we have a problem with building new (Win7 and Win10) VMs after upgrading Horizon environment to 7.8.

The Horizon Administrator throws the following error:  Composer agent initialization state error (18): Failed to join the domain (waited 610 seconds)

But we see the new clients on the DCs.

And there are no errors about a join failure in the vmware-viewcomposer.log.

View and Composer running on W2K12R2

vCenter and ESXi running version 6.7

Sincerely,

Ulrich Frey.

Reply
0 Kudos
11 Replies
Kishoreg5674
Enthusiast
Enthusiast

You need to look the netsetup.log under C:\Windows\debug folder on the VDI which has failed, this will give you the exact reason for domain join failure.

Reply
0 Kudos
freyuh
Contributor
Contributor

The only error I see is: failed to validate machine account for W10-1 against master.onex.local (or datengrube.onex.local)

Both are SAMBA 4 DCs

Reply
0 Kudos
freyuh
Contributor
Contributor

On the Windows 7 VM I see the following error in the vmware-viewcomposer-ga-new.log:

2019-05-14 09:06:53,250 [1596] INFO  VolumesReady  -  ["VolumesReady.cpp", 115] Launching the Join Domain script: C:\Program Files (x86)\Common Files\VMware\View Composer Guest Agent\vmware-svi-ga.exe /JoinDomain

2019-05-14 09:06:53,250 [1596] DEBUG Wow64FsRedirectionOff  -  ["Wow64FsRedirectionOff.cpp", 109] Successfully disabled WOW FS redirection.

2019-05-14 09:06:54,187 [1596] INFO  Guest  -  ["Guest.cpp", 573] Script C:\Program Files (x86)\Common Files\VMware\View Composer Guest Agent\vmware-svi-ga.exe /JoinDomain exit code: 18

2019-05-14 09:06:54,187 [1596] DEBUG Wow64FsRedirectionOff  -  ["Wow64FsRedirectionOff.cpp", 135] Successfully reverted WOW FS redirection.

2019-05-14 09:06:54,187 [1596] DEBUG VolumesReady  -  ["VolumesReady.cpp", 130] Joining Domain script failed

Reply
0 Kudos
freyuh
Contributor
Contributor

And in the SAMBA Log I see the following:

[2019/05/14 11:41:51.016795,  0, pid=6131] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:284(dcesrv_netr_ServerAuthenticate3_helper)

  dcesrv_netr_ServerAuthenticate3_helper: schannel required but client failed to offer it. Client was W10-01$

But domain joins by hand are working ...

Reply
0 Kudos
freyuh
Contributor
Contributor

Okay, problem has been solved.

There has to be a new/changed entry in the smb.conf:

[global]

         server schannel = auto

Because since SAMBA 4.8 the default is 'server schannel = mandatory'. And this won't work with QuickPrep.

And sometime in the future this config switch will disappear from SAMBA.

So I hope VMware will change the behavior how QuickPrep works and use schannel in the future ...

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso

Have you opened an SR with VMware about this?

Reply
0 Kudos
freyuh
Contributor
Contributor

No, because we only have a Horizon Standard license.

And as I'm told this won't allow us to open a SR ...

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso

We have Horizon Standard and currently have 2 cases open. The question is whether or not you have Software and Support contracts (SnS).

Reply
0 Kudos
freyuh
Contributor
Contributor

We only have basic support.

Don't know if htis includes to open a case ...

Reply
0 Kudos
freyuh
Contributor
Contributor

So, now I've opened a support case.

Let's see what's happening ...

Reply
0 Kudos
freyuh
Contributor
Contributor

Here is the answer from VMware:

Thank you for the update and unfortunately this is not supported  for clarity

https://kb.vmware.com/s/article/2070887

So some time in the future Horizon View and SAMBA AD won't work together any more ... Smiley Sad

Reply
0 Kudos