Hello,
we have a problem with building new (Win7 and Win10) VMs after upgrading Horizon environment to 7.8.
The Horizon Administrator throws the following error: Composer agent initialization state error (18): Failed to join the domain (waited 610 seconds)
But we see the new clients on the DCs.
And there are no errors about a join failure in the vmware-viewcomposer.log.
View and Composer running on W2K12R2
vCenter and ESXi running version 6.7
Sincerely,
Ulrich Frey.
You need to look the netsetup.log under C:\Windows\debug folder on the VDI which has failed, this will give you the exact reason for domain join failure.
The only error I see is: failed to validate machine account for W10-1 against master.onex.local (or datengrube.onex.local)
Both are SAMBA 4 DCs
On the Windows 7 VM I see the following error in the vmware-viewcomposer-ga-new.log:
2019-05-14 09:06:53,250 [1596] INFO VolumesReady - ["VolumesReady.cpp", 115] Launching the Join Domain script: C:\Program Files (x86)\Common Files\VMware\View Composer Guest Agent\vmware-svi-ga.exe /JoinDomain
2019-05-14 09:06:53,250 [1596] DEBUG Wow64FsRedirectionOff - ["Wow64FsRedirectionOff.cpp", 109] Successfully disabled WOW FS redirection.
2019-05-14 09:06:54,187 [1596] INFO Guest - ["Guest.cpp", 573] Script C:\Program Files (x86)\Common Files\VMware\View Composer Guest Agent\vmware-svi-ga.exe /JoinDomain exit code: 18
2019-05-14 09:06:54,187 [1596] DEBUG Wow64FsRedirectionOff - ["Wow64FsRedirectionOff.cpp", 135] Successfully reverted WOW FS redirection.
2019-05-14 09:06:54,187 [1596] DEBUG VolumesReady - ["VolumesReady.cpp", 130] Joining Domain script failed
And in the SAMBA Log I see the following:
[2019/05/14 11:41:51.016795, 0, pid=6131] ../../source4/rpc_server/netlogon/dcerpc_netlogon.c:284(dcesrv_netr_ServerAuthenticate3_helper)
dcesrv_netr_ServerAuthenticate3_helper: schannel required but client failed to offer it. Client was W10-01$
But domain joins by hand are working ...
Okay, problem has been solved.
There has to be a new/changed entry in the smb.conf:
[global]
server schannel = auto
Because since SAMBA 4.8 the default is 'server schannel = mandatory'. And this won't work with QuickPrep.
And sometime in the future this config switch will disappear from SAMBA.
So I hope VMware will change the behavior how QuickPrep works and use schannel in the future ...
Have you opened an SR with VMware about this?
No, because we only have a Horizon Standard license.
And as I'm told this won't allow us to open a SR ...
We have Horizon Standard and currently have 2 cases open. The question is whether or not you have Software and Support contracts (SnS).
We only have basic support.
Don't know if htis includes to open a case ...
So, now I've opened a support case.
Let's see what's happening ...
Here is the answer from VMware:
Thank you for the update and unfortunately this is not supported for clarity
https://kb.vmware.com/s/article/2070887
So some time in the future Horizon View and SAMBA AD won't work together any more ...