Solved: Re: Horizon 7 Instant Clones get trust relationshi...

vplstingels · ‎06-28-2016

Hi everyone,

I was wondering if anyone else getting an error when they recover their instant clones related to AD trust relationship of the instant clones machines.

Full message:

The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.

The objects are located in AD and seem to be fine. And the initial deployment of the desktop pool works fine. It is just when I go to recover them that all of the desktops fail.

Additional Information:

1 AppVolume AppStack mounted (ver 2.11)

1 AppVolume Writable mounted no profile template

LehiCity · ‎11-01-2016

Hey vplstingels‌, we are seeing this same problem. Running on 7.0.2. I have decided to remove rather than recover because recover is causing these SAM database issues.

View solution in original post

dparashar · ‎07-07-2016

Could you upgrade to Horizon 7.0.1 and try again.

Thx

LehiCity · ‎11-01-2016

Hey vplstingels‌, we are seeing this same problem. Running on 7.0.2. I have decided to remove rather than recover because recover is causing these SAM database issues.

vplstingels · ‎11-01-2016

Thank you for the info. I have been crazy busy with another project. This is very helpful. Thank you!

Erossman · ‎05-17-2017

We created a new infrastructure with Horizon 7.1 and see the same message in our instant clone pool.

This issue doesn't appear at every logon. I have no idea what can be the reason for this.

The bad thing that all the vm shows as status "available" in horizon. So you cannot see which VMs have this issue.

If a user login to a VDI session to a vm with this issue, he is unable to work with this vm. He have to call the helpdesk to destroy his floating vm.

We don't also the user to reset his session.

Regards,

Eric

rpeb1723 · ‎06-22-2017

Anyone have a permanent fix for this? We have tried multiple hotfixes, changing the minimum password age settings, the machines are set to delete on logoff and still no luck

Erossman · ‎06-22-2017

I have a case opened at vmware. The support guy told me it's a domain infrastructure issue.

We should speak with our domain guys about this issue.

VMware send us a hotfix for windowser 2012 domain controllers

https://support.microsoft.com/en-us/help/3070083/duplicate-spn-check-on-windows-server-2012-r2-based...

Our domain guys complained to install this hotfix on all our domain controllers.

But we could fix this issue after als vdi-vms and horizon-view-componentens are moved to the same active directory site!

We still search for a solution for our second pool which belongs to a different trusted domain.

In this pool the error still exsist. Maybe upgrade to horizon 7.2 will help us. because there you can set the option "reuse pre-existing computer accounts " in instant clone pools.

jmatz135 · ‎06-22-2017

We had major issues with this until we upgraded everything to Horizon View 7.0.3 from 7.0.2. Now we don't see the issue except occasionally when we first create an instant clone pool. This is a replication timing issue which causes the serviceprincipalname attribute on the computer object in the AD to not be fully populated. You can actually fix it manually by editing this attribute by hand (or script) but obviously that isn't really a solution. Funny thing though is we have two separate environments with 2 different domains for prod and dev and we only saw the issue in one of the domains.

rpeb1723 · ‎07-07-2017

Upgrading to 7.2 and enabling the "reuse pre-existing computer accounts" seems to have fixed the problem. Thanks.

All

Horizon 7 Instant Clones get trust relationship issue after Recover process