VMware Horizon Community
icloudserv
Enthusiast
Enthusiast

Horizon View 6 Sign On problem

Hello everyone. Maybe this is noob question but How do you enable Hosted Apps in Horizon 6 or Desktops in any Horizon View to Open Up instantly without being asked for windows password?

What I have right now:

1. Horizon View Client - I login and see bunch of Apps and Desktops.

2. I click on app or desktop and instead to open it right away, it opens Windows Server 2008 R2 Window and wants something.

"The User has requested type of Logon that has not been granted" then I click OK button and it shows me User "VMWare SSO User" which I cannot find anywhere not on Domain not on any other Server... When I click on it, nothing happens, but when I click on top of it it asked me for User Name and Password, I enter Granted User and Password and it gives me something like this "To login to this computer, you must be granted the Allow...."

Am I missing something? I just want to click on App and open it up using Login and Pass I entered in View Client. Thanks in advance.Horizon Client.jpg

1.jpg

2.jpg

3.jpg

30 Replies
mpryor
Commander
Commander

You haven't included the user in the Remote Desktop Users group, as the error explains. Unlike PCoIP to a desktop (which remotes the console session), RDSH needs the permission to access remotely on Windows : Add users to the Remote Desktop Users group: Terminal Services Client (Remote Desktop)

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Actually all users that I ve been trying to login are in Remote Desktop Users group on Domain, RDSH Server and everywhere (I just made same users on every VM and added them to groups) so problem is not solved.

Reply
0 Kudos
mpryor
Commander
Commander

And you can also authenticate as the View user by direct RDP desktop access to the machine? I've only ever seen this error when the user genuinely hasn't had permissions.

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Correct I can login and enter windows using RDP using same user which I assigned for VMWare View (For Pools and Hosted Apps and desktops)

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Do I need RDS Host to be joined in Domain?

Reply
0 Kudos
bsguru
VMware Employee
VMware Employee

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Ok one more time, I am able to connect using RDP no problem at all with RDP, I need to Connect with PCoIP , and thats where problem goes, I checked this link you gave me, I have every settings setup up correct way. RDP doesnt fail, PCoIP fails for some reason. When I enter Credentials of Administrator of Domain Controller , it lets me go through with no problem.

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

and yes I ve checked settings on DC and everything is set as it should be.

Reply
0 Kudos
mpryor
Commander
Commander

>Do I need RDS Host to be joined in Domain?

I assumed that it was, given you reference testing with the domain administrator account. Yes, you'd need it to be in a domain as it will need to trust the user account. That you can connect as the View user directly over RDP presumably also confirms that.

If the View user can connect to the RDSH server through RDP, it should work for PCoIP as well. At this point I don't have any other suggestions, you should probably open a support request. Will update the thread if I think of anything else.

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

The reason why I asked this, is because it is Joined to Domain Controller and I thought maybe I should Leave domain in order to get it work. I guess all my settings are correct and I still have problem... Mystery.

Maybe problem lies in SSO (single sign-on) I dont have it in web client in administration tab for some reason, so I need to enter credentials two times all the time instead of one. vCenter is Linux standalone version and there is SSO option there , but I cannot configure it as I would in Web Client, so how do I add SSO to Web Client (I tried to install SSO saparately and it didnt show in web client)?

Reply
0 Kudos
mpryor
Commander
Commander

The SSO component for login to RDSH is unrelated to vSphere SSO - it's handled within View between client, broker and agent. I read your original post again and it sounds like you've also tried authenticating by manually entering username and password after the initial failure and you still get denied, so it's probably not the agent SSO. If you turn on trace logging, reproduce the problem, and collect the log bundle (VMware KB: Collecting diagnostic information for VMware Horizon View 5.x ) then it should be possible to confirm.

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Ok I created log bundles for Agent, Client, Server (didnt do for composer since I dont use it)

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

I think I was right about SSO 

Troubleshooting single sign-on into a remote desktop in View | VMware End-User Computing Blog - VMwa...

"If you see a "VMware SSO User" tile automatically selected

The other screen you may see when single sign-on fails is a screen that says "VMware SSO Tile" and only has as Cancel button.  If you see this, it means that our single sign-on failed for some reason, but there is no general guidance I can give here.  You would want to post a question on the Forums with info about what you are seeing."

Reply
0 Kudos
mpryor
Commander
Commander

SSO is failing, but it only looks to be failing for the same reason the manual credentials are failing - i.e. it's not a problem with the SSO process itself.

I'm confused - you referenced logging in as domain administrator before, but that is not possible if the machine is not joined to a domain. According to the support bundle you generated, the machine is not in a domain so SSO is not going to work and you will not be able to authenticate as the View domain user:

2014-07-22T20:20:55.028-07:00 DEBUG (0120-0E2C) <MessageFrameWorkDispatch> [ws_winauth] WinAuth::getPrimaryDomain: NetGetJoinInformation returned workgroup: WORKGROUP

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Ok found a problem SSO was not configured at all. Thanks for help.

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Strange because it is joined in Domain...

view.jpg

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

But the problem is with SSO im sure first of all I was noobie and didnt sign on to Web Client with SSO User credentials, Now I have in administrator SSO Configuration options. But I have difficulty in configuring Identity Source.

1st step what I do is (shown on screenshot)

SSO1.jpg

what it gives me:

SSO2.jpg

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

I checked all servers and found that my vCenter Server which is Linux based, is not joined to Domain. Its the only one that is not joined and it doesnt want to join it through VMware vCenter Server Appliance. Error message pops up "Error: Invalid hostname. FQDN is required for joining a domain." Im pretty sure I am entering same information.

Reply
0 Kudos
icloudserv
Enthusiast
Enthusiast

Ok fixed vCenter trough VMware vCenter Server Appliance, now its joined into Domain, the problem was that in Network settings there was no DNS (ip of the DC) and in the Host it was no Domain name.

Reply
0 Kudos