VMware Horizon Community
ctelljohn
Contributor
Contributor
‎07-18-2022 01:28 PM

Enabling a desktop pool fails with error: could not authenticate with domain administrator credentia

In Horizon version 7.13.1 – build 18057992 after enabling an Instant Clone pool, status remains at 0% then fails with the message:

Error: could not authenticate with domain administrator credentials

KDC error in the following Log C :\ProgramData\VMware\VDM\logs\debug-2022-07-06-0631.txt

2022-07-12T09:12:30 DEBUG (1A3C-280C) <WFE-20>[UbidConnectionPool]LoginException while creating LdapConnectionPool: KDC has no support for encryption type (14)

This error started to occur after we updated our domain controllers to the latest DISA Stig for Server 2019 Domain Controllers. Since the debug log returned a KDC error we looked at the following setting in group policy applied to the Domain Controllers:

Security Settings > Local Policies > Security Options>Network security: Configure encryption types allowed for Kerberos

We enabled RC4_HMAC_MD5 and enabled the instant-clone pools which finished building and were able to be accessed from the zero clients without issue.

My question is: Is there a way to configure Horizon to accept the AES256_HMAC_SHA1 ? Is there a version of Horizon that does?

Reply
0 Kudos
3 Replies
richiefez
Enthusiast
Enthusiast
‎07-19-2022 02:39 AM

Wonder if the the service account used for instant clone AD domain account is set to use AES encryption.

richiefez_0-1658223522765.png

 

Tags (1)
Reply
ctelljohn
Contributor
Contributor
‎07-19-2022 02:06 PM

thanks for the reply, I checked the Account Options in the Service Account's Properties and no Kerberos Options are selected.

Reply
richiefez
Enthusiast
Enthusiast
‎07-21-2022 10:20 PM

Thanks. Just curious to know if enabling it worked?

Reply
0 Kudos