VMware Horizon Community
Michael42
Contributor
Contributor
‎12-28-2015 11:55 AM
Jump to solution

Cannot "login as current user" through security server

Hello community,

I got a problem using the "login as current user" option against a security server from outside corporate network. Login by entering username/password manually works fine from outside corporate network For internal connections using a connection server instead of security server everything works as expected without manually typing username/password.

Single domain

Horizon Client is 3.5.2 and domain joined

2x Security Server 6.2.1

2x Connection Server 6.2.1

On one of the connection servers I got the following error when trying to connect via horizon client using the "login as current user" option:

2015-12-28T20:21:15.207+01:00 INFO  (0B08-0E34) <ajp-nio-8009-exec-7> [PAEContext] (SESSION:a774_***_b2fb) Idle Timer Executor using 1 thread(s)

2015-12-28T20:21:15.625+01:00 ERROR (0744-0AEC) <MessageFrameWorkDispatch> [ws_winauth] [GSSApiProcessServerContext]: Negotiate failed. Error  0x0000000080090300 (Not enough memory is available to complete this request) {SESSION:a774_***_b2fb}

2015-12-28T20:21:15.626+01:00 WARN  (0B08-04B8) <ajp-nio-8009-exec-8> [GssapiHandler] (SESSION:a774_***_b2fb) GSSAPI login failed: Not enough memory is available to complete this request

2015-12-28T20:21:15.627+01:00 ERROR (0B08-04B8) <ajp-nio-8009-exec-8> [GssapiHandler] (SESSION:a774_***_b2fb) Unable to close context 7d36-***-00d3 with error: Failed to locate requested context

2015-12-28T20:21:15.627+01:00 ERROR (0B08-04B8) <ajp-nio-8009-exec-8> [GssapiAuthFilter] (SESSION:a774_***_b2fb) Problem performing GSSAPI authentication - GSSAPI_ERROR: GSSAPI failed: Not enough memory is available to complete this request

The connection server has 12GB memory in total and 9.5GB free/available memory.

In the windows event log, the following error appears:

BROKER_USER_AUTHFAILED_GENERAL

User <UNAUTHENTICATED> failed to authenticate

Attributes:

  Node=hostnameofconnectionsserver.mydomain.com

  Severity=AUDIT_FAIL

  Time=Mon Dec 28 19:51:16 CET 2015

  Module=Broker

  UserDisplayName=<UNAUTHENTICATED>

  Source=com.vmware.vdi.broker.filters.GssapiAuthFilter

  Acknowledged=true

0 Kudos
1 Solution

Accepted Solutions
bjohn
Hot Shot
Hot Shot
‎01-05-2016 07:30 AM
Jump to solution

Just tried from a domain joined machine thru the security server. Unable to login as current user. We also have MFA enabled on external connections, but I dont think that should make a difference.

View solution in original post

0 Kudos
4 Replies
admin
Immortal
Immortal
‎12-28-2015 04:44 PM
Jump to solution

Michael,

login as current user request the client machine to be joined in the domain. In your case, I think it won't work since it is outside of corporate network.

0 Kudos
Michael42
Contributor
Contributor
‎12-28-2015 10:06 PM
Jump to solution

I guess it should work from outside corporate network. Can somebody confirm that?

0 Kudos
Michael42
Contributor
Contributor
‎01-05-2016 02:00 AM
Jump to solution

Can somebody confirm "login as current user" should be possible from outside corporate network?

0 Kudos
bjohn
Hot Shot
Hot Shot
‎01-05-2016 07:30 AM
Jump to solution

Just tried from a domain joined machine thru the security server. Unable to login as current user. We also have MFA enabled on external connections, but I dont think that should make a difference.

0 Kudos