Horizon View 8 (2103) computer account trouble

Oleth · ‎04-15-2021

I have some limited experience with View 7, but this is my first v8. Also this is my first instant clone floating pool.

On my first testpool things somewhat worked, except that when logging off virtual machines the connection server was not able to reset the clones and they ended as powered off. Errors were like

Resync of VM testpool-pc1 has failed, LdapException: resetComputerAccount: Fail to create computer account testpool-pc1. Entry already exists

I decided to delete the pool and start over, making the Horizon AD account domain admin to solve if it was some privilege error.

The second pool also did create the clones and the computer accounts, but after logging off the first clone my pool summary shows this error

Error during Provisioning Cloning of VM testpool2-pc1 has failed: Fault type is AD_FAULT_FATAL - com.vmware.daas.cloneprep.ldap.LdapException: createComputerAccount: Fail to create computer account testpool2-pc1, entryDn: CN=testpool2-pc1,OU=Virtual desktops,OU=Computers,OU=SOR,OU=B,DC=B,DC=local, description: Account created for VMware Instant Clone.. - constraint violation: unable to create entry, resultCode=19 (constraint violation), errorMessage=0000207C: AtrErr: DSID-03153410, #1: 0: 0000207C: DSID-03153410, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90001 (name)

The testpool2-pc1 is there, it is powered on and the computer account exists. But I am not able to log back into it.

I have absolutely no idea about what is going on?

fabio1975 · ‎04-15-2021

Ciao

Probably the domain account you have configured for managing computer objects in the active directory does not have all the necessary permissions.

Check if:

In Active Directory, create a user account in the same domain as the Connection Server or in a trusted domain.
Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to the account on the container for the instant-clone computer accounts.

The following list shows the required permissions for the user account, including permissions that are assigned by default:
- List Contents
- Read All Properties
- Write All Properties
- Read Permissions
- Reset Password
- Create Computer Objects
- Delete Computer Objects
Make sure that the permissions apply to the correct container and to all child objects of the container.

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

Oleth · ‎04-15-2021

Thanks Fabio.

Permissions were also my first idea, so for my second pool attempt i gave the AD account domain admin membership. Unfortunately this did not seem to solve anything.

fabio1975 · ‎04-15-2021

You've seen this before, He had a similar problem to yours ..

https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/Instant-Clone-Provisioning-Issue-Horizon...

(constraint violation) denotes the instant clone domain administrator (added in horizon view admin UI) does not have the privilege to create and delete computer accounts in Active Directory. Please verify the account permission again.

Create a new OU, add permission, add new OU to instant clone configuration and retry

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

Oleth · ‎04-15-2021

Thanks Fabio.

I was not able to find the reset password permission under Security, Advanced?

Ah, I must use the delegate function....

Oleth · ‎04-15-2021

Great Fabio, it worked! Thanks.

But I still don't get why domain admin membership did not give the permissions....

AliEsmail · ‎06-14-2022

Please check if you changed the view connection server administrator password from AD if you did this , update the administrator password on the /Connection server web interface>> Domains >>Instant clone engine domain accounts>> Thin update the new Password and it will be solved

All

Horizon View 8 (2103) computer account trouble