VMware Horizon Community
Santi_Julian
Contributor
Contributor
Jump to solution

Error in View Composer. Permissions Required

We have a customer where we are working in a POC for View Manager. At time to configure View Composer, we have a user with admin roles for OU (Organization Unit). Internally in this company it is not possible to have a user with adminitrator role in Local Domain.

Local Domain is in Malaisya and they have several organization Units accross different countries (Arab Emirates, Quatar, India and more).

At time to connect with view composer we get the error message: "Error while attempting connection"

Please, anybody has any suggestion to resolve it?

Thanks from Dubai

Reply
0 Kudos
1 Solution

Accepted Solutions
DCasota
Expert
Expert
Jump to solution

Hi

We've done some research a couple of moths ago about this issue (least privilege needed). Maybe this Step-by-step-guide will help.

We created 2 view users:

  • One user has the role "View composer" vCenter internally with appropriate rights (see View Guide) and on the vCenter system local admin rights.

  • the second user has the rights created by following procedure:

  • 1. Open on a domain controller of your local domain the Active Directory Users and Computers Snap-in.

  • 2. Go to the OU for the virtual desktops

  • 3. Right mouse click on the OU container -> "Delegate Control..."

  • 4. Select the appropriate user or group

  • 5. Select ‘‘Create a custom task to delegate‘‘

  • 6. Leave "Delegate control of:" on Default ("This folder, existing...) and select Next

  • 7. On "Show these permissions:" select ''General'' and select 'Creation/deletion of specific child objects‘

  • 8. On the same window select "Create Computer objects" and "Delete Computer Objects" -> Next

  • 9. Finish

Hope this helps.

Bye

Daniel

View solution in original post

Reply
0 Kudos
4 Replies
MayurPatel
Expert
Expert
Jump to solution

Create a new OU in AD at your local domain and set this path the AD container to OU=VDI in the QuickPrep Settings so the link-cloned VM's get created in this OU.

Create a user in the local domain give privileges to create computer accounts in this OU along with View Composer Role in VC, check page 104 of the Admin Guide for details on the correct permissions for the View Composer Role.

Hope this helps.

MP

Reply
0 Kudos
DCasota
Expert
Expert
Jump to solution

Hi

We've done some research a couple of moths ago about this issue (least privilege needed). Maybe this Step-by-step-guide will help.

We created 2 view users:

  • One user has the role "View composer" vCenter internally with appropriate rights (see View Guide) and on the vCenter system local admin rights.

  • the second user has the rights created by following procedure:

  • 1. Open on a domain controller of your local domain the Active Directory Users and Computers Snap-in.

  • 2. Go to the OU for the virtual desktops

  • 3. Right mouse click on the OU container -> "Delegate Control..."

  • 4. Select the appropriate user or group

  • 5. Select ‘‘Create a custom task to delegate‘‘

  • 6. Leave "Delegate control of:" on Default ("This folder, existing...) and select Next

  • 7. On "Show these permissions:" select ''General'' and select 'Creation/deletion of specific child objects‘

  • 8. On the same window select "Create Computer objects" and "Delete Computer Objects" -> Next

  • 9. Finish

Hope this helps.

Bye

Daniel

Reply
0 Kudos
Santi_Julian
Contributor
Contributor
Jump to solution

Thanks Daniel,

Today we will test to do it at customer.

Santiago

Reply
0 Kudos
Santi_Julian
Contributor
Contributor
Jump to solution

Daniel

Thanks for your answer. Now we have connection between View Manager and View Composer.

Santiago

Reply
0 Kudos