I am trying to spin up a new pool for a specific use case, and am running into some issues. I am hoping someone can offer suggestions. The pool is on a secure VLAN with very little access to the outside world. The security engineer created a full ACL to allow all traffic between the vCenter server and this VLAN for Composer activities. When attempting to spin up the pool, I see the template cloned and the machines successfully created. The machines are joined to the domain (I can actually see the objects in A.D), but that is the point where they hang. If I log into one manually as the local admin, I am immediately presented with a Windows prompt to reboot to complete changes. However, even doing this does not allow the machine to move beyond the customizing phase.
We are using KMS for Windows activation through the QuickPrep, but I have confirmed from within one of the created VMs that I can telnet to the KMS server on that port, so I don't believe it is that. Just in case, I set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmware-viewcomposer-ga\SkipLicenseActivation registry key to 1. However this does not seem to have helped any. If I move the pool back to our normal VLAN it spins up just fine, but our security engineer swears he is not seeing any traffic failing between vCenter and the secure VLAN. Just curious if anyone has some suggestions on what to try next, or has seen something similar.
This is a nice list of things you can step through to check why this might be happening -
Can the virtual desktop machines themselves reach the AD server?
Thanks for the response, I will look at that KB.
The machines can reach the AD server, as well as the KMS server. Through the pool configuration, they are actually successfully joining the domain and rebooting; it is just after this point they hang. Also, in just moving a VM to that VLAN I am able to manually join the domain.
Have you passed your initial KMS activation count
I think its 5 for windows and 25 for Office or visa versa....
Have you checked the logs of the vms sitting in customising if you manually power it on ?
Thanks for all the replies. I wish I could say it was something spectacularly difficult, but it turns out the security engineer fat-fingered one of the ACLs on the firewall.
The pool now composes just fine. However, when attempting to log in the connection starts to go through and then I get the error below. I am going through the logs, but if anyone has seen this before I will take any suggestions.
Edit: to clarify, this is what I am seeing in the View Manager console:
"No co-management availability for protocol PCoIP"
hmm to ensure that issue is firewall related - why dont you briefly - open all ports to and from. - then test connectivity again.
I have seen this. A customer of mine has this issue on 6.2.0, but unfortunately we don't yet have a solution. In their case, maybe this will help you, when it's on the IT VLAN, they get the "No co-management" error but only when connecting from the outside/going through the security server. Connecting from inside, going directly to a connection server, works fine. They have switched it back to the other VLAN temporarily. I'm certain the security server is involved somehow, we just don't know how yet.
Go to the console of the virtual machine that is stuck customizing and see if anything is there. I've had problems with activations or sysprep that would show up on the console
We also are seeing this scenario. The only difference is that it works fine when machines are spun up, but after several hours (not sure on exact timing), they can't connect externally through the security servers. We also are at 6.2.0 I'd be interested if you found a fix. This happened when we expanded our subnets for VDI from what I can tell.