VMware Horizon Community
mobinqasim786
Enthusiast
Enthusiast
‎01-20-2015 12:39 PM
Jump to solution

Multiple AD Domains in VMware Horizon View

Hi Guys, I want to test creating Pools using 2 Active Directory domains. I've setup my environment as follow:


Domain A


1- Connection Server

2- Composer Server

3- Security server

4- vCenter Server


Domain B

1- Connection Server

2- Created a separate View Composer account

At the moment Horizon View 5.3.2 is fully functional on Domain A. But I need your help deploying pool using Domain B. After setting up Connection Server(joined to Domain B) I tried to add Domain B using View Composer account by logging to View Admin(Domain A) > Edit vCenter Server > Edit View Composer Settings > Verify Server Informations(under Domain) but I'm getting "Bad domain name"


Could you guys please help or send me a link to setup one-way trust which is needed for VMware View so that I can deploy Pool using Domain B.


Without creating any trust, I've added Domain B conditional forwarder on Domain A which let me add the Domain B without "Bad domain name" pop up. But I don't know what to do next. Can someone please guide me.


Regards

1 Solution

Accepted Solutions
vineshreddy07
Enthusiast
Enthusiast
‎01-23-2015 12:21 AM
Jump to solution

Hi,

I have made below configuration to create 2 different pools where VM's are joined to 2 different domains.

I have Domain-A & Domain-B which have 2 way trust configured by AD team.

I have deployed 3 Win 2k8 servers and added them to Domain-A. On one server i have installed vCenter & composer and on one server i have installed connection server & the second one i have made the replia server of existing connection server.

In connection server, i have added vCenter & composer. i have 2 different users who has domain joining rights in Domain-A & Domain-B.

Domain-A\abcUser

Domain-B\xyzUser

I have added above 2 users in the view composer settings under Domain. PFA.

While creating a pool, in Guest Customization tab for Domain-A users i have chossen Domain-A\abcUser ID to add machine to Domain-A and the AD container which is present in Domina-A to place the machines.

for Domain-B users created another pool and in Guest Customization tab i have chossen Domain-B\xyzuser and the AD container which belongs to Domain-B to place the machines.

If you want to add a machines to different domain, you need not to deploy a connection/replica server in each domain. Just add domain user ID in the view composer domain tab and choose the right ID while creating the pool.

View solution in original post

Preview file
52 KB
10 Replies
kgsivan
VMware Employee
VMware Employee
‎01-20-2015 11:43 PM
Jump to solution

Is the connection server on Domain B is installed as a replica server ?

If answer is Yes:

Ensure Two way transitive trust is is configured. Domain Names are resolvable across the member machines (also from View Composer)

If answer is No:

Use user principal names for VC and View composer,

Try to add VC alone, then check if the error is only for composer

(Try to add using IP address and verify)

Note: Composer account should have administrative privilege on the local machine where the composer is running.

0 Kudos
mobinqasim786
Enthusiast
Enthusiast
‎01-20-2015 11:58 PM
Jump to solution

Hi, thanks for the reply. Domain B Connection Server is a Standalone "Standard Server" . Domain A and Domain B are both at different locations connected through VPN.

Just to be clear I want to create VDI Pool so users from Domain B can have their own VDI using Domain A vCenter and View Composer.

I've the following link basically this is what I'm trying to achieve.

http://community.spiceworks.com/topic/336411-vmware-view-multiple-domains-without-a-two-way-trust

Please help.

Cheers

0 Kudos
mobinqasim786
Enthusiast
Enthusiast
‎01-21-2015 02:45 PM
Jump to solution

Guys, I ended up with 2-way trust. Now how can I create Pools using Domain B Connection Server? If I login to Domain B Connection Server https://DomainBconnectionserver/admin  and try to add Pool it says "No vCenter Server has been configured". Do I need to configure same vCenter and Composer Server in Domain B or is there any way I can assign Domain B Connection Server when creating pool from Domain A?

Please help

Regards

0 Kudos
vineshreddy07
Enthusiast
Enthusiast
‎01-23-2015 12:21 AM
Jump to solution

Hi,

I have made below configuration to create 2 different pools where VM's are joined to 2 different domains.

I have Domain-A & Domain-B which have 2 way trust configured by AD team.

I have deployed 3 Win 2k8 servers and added them to Domain-A. On one server i have installed vCenter & composer and on one server i have installed connection server & the second one i have made the replia server of existing connection server.

In connection server, i have added vCenter & composer. i have 2 different users who has domain joining rights in Domain-A & Domain-B.

Domain-A\abcUser

Domain-B\xyzUser

I have added above 2 users in the view composer settings under Domain. PFA.

While creating a pool, in Guest Customization tab for Domain-A users i have chossen Domain-A\abcUser ID to add machine to Domain-A and the AD container which is present in Domina-A to place the machines.

for Domain-B users created another pool and in Guest Customization tab i have chossen Domain-B\xyzuser and the AD container which belongs to Domain-B to place the machines.

If you want to add a machines to different domain, you need not to deploy a connection/replica server in each domain. Just add domain user ID in the view composer domain tab and choose the right ID while creating the pool.

Preview file
52 KB
mobinqasim786
Enthusiast
Enthusiast
‎01-23-2015 02:55 PM
Jump to solution

Hi,

Thanks for the detailed workaround. I was trying to make it work with one-way trust but that didn't look promising.

If you don't have any issues setting up Two-way trust between both domains then everything should work fine as per your perfect guideline. Also VMware recommends to use two-way trust.

I was managed to deploy 2 different pools on both domains and entitled users were logged in as well from both domains.

I haven't tested logging through security server yet. Have you deployed security security server on your end?

Also when you login through View Client or through Blast, it shows 2 domains in drop down list. Can we customize it so only DomainA shows to DomainA users? I don't think that's possible but please guide.

Thanks again for the help.

Regards,

MQ

0 Kudos
vineshreddy07
Enthusiast
Enthusiast
‎01-28-2015 05:32 AM
Jump to solution

Hi,

I have not tested it through security server and we are not using security server.

I think the setting which your are looking for default domain for two different domain users is also not possible.

0 Kudos
kgsivan
VMware Employee
VMware Employee
‎02-11-2015 09:08 AM
Jump to solution

There a detailed article related to this discussion at http://incloudnet.com/?p=2

mobinqasim786
Enthusiast
Enthusiast
‎02-11-2015 09:21 AM
Jump to solution

It worked great even with Security Server. I couldn't find anything for default domain for two different domain users.

Cheers

0 Kudos
mobinqasim786
Enthusiast
Enthusiast
‎02-11-2015 09:23 AM
Jump to solution

Thanks this article should help others who are looking multiple AD domains on VMware Horizon View.

0 Kudos
Lyghtnin
Enthusiast
Enthusiast
‎09-20-2016 05:13 PM
Jump to solution

So I have a questions on this setup, although View 7 supports the one way trust I'm curious about the Connection Server in Domain B.

If I have the following and Domain B Trusts Domain A - can these connection servers be Primary and Replica? as below?? or would they both need to be standard?

Domain A

- Connection Server - Replica (due to the Domain B trusting Domain A)

- Composer Server

- vCenter Server


Domain B - (Deploy desktops here)

- Created a separate View Composer account

- Connection server - Primary?

0 Kudos