ramachandrankes
Enthusiast
Enthusiast

Removal of domain user group and add other security group

Hi Team,

Normally when we add users in AD, a default domain users group will be added. We are planning to provide VDI access to external vendor where I don't need to have this user under domain users group. I created a new security group and added this vendor user. But I am not able to access VDI desktop and getting closed after seeing loading windows screen.

If I have this user in Domain users group, then external vendor can access through VDI desktop pool.

Please help.

Thanks,
Ram

0 Kudos
12 Replies
sjesse
Leadership
Leadership

What versions of the UAG and Horizon  are you running?

0 Kudos
ramachandrankes
Enthusiast
Enthusiast

VMware Horizon 7 Administrator
7.9.0 build - 13956742

UAG - VMware Photon OS (64-bit)

0 Kudos
sjesse
Leadership
Leadership

Thats not the actual UAG version , if you logon to the 9443 port oin the appliance and login it says at the top

 

sjesse_0-1620393597827.png

 

 

I'm assuming its a 3.x version based on your horizon version, they changed it to a date based versions system after 7.9 came out. Also  check 7.9 is no longer supported , that ended in march.  I'd upgrade to 7.13 and the uag 2009 to get in a supported state that will be good till 2023

 

https://lifecycle.vmware.com/#/

 

sjesse_1-1620393688674.png

 

0 Kudos
nburton935
Hot Shot
Hot Shot

When you say "Domain Users" - is this just a placeholder for another group name, or are you talking about the built-in AD group? 

Is DEM on the image? Any chance the other group does not have access to the DEM config / profile share? Is this happening internally as well (taking UAGs out of scope)?

-Nick

0 Kudos
ramachandrankes
Enthusiast
Enthusiast

Hi Nick,

You are right. DEM on the VM image. Where should I confirm about groups permissions to DEM config / profile share?

I haven't tried internally but I am sure that this will happen internally as well.

Thanks,

Ram

0 Kudos
ramachandrankes
Enthusiast
Enthusiast

Hi Nick,

Should I give access to these shares?

ramachandrankes_0-1620403137608.png

Thanks,
Ram

0 Kudos
ramachandrankes
Enthusiast
Enthusiast

Hi Nick,

I have added one user not in Domain Users group to the mentioned screen shot below. I still see error and VDI desktop automatically closed after seeing preparing windows screen.

Thanks,

Ram

0 Kudos
sjesse
Leadership
Leadership

You should if the users need access, do you have domain users just entitled here? If so I'd make another group and user that instead.

0 Kudos
ramachandrankes
Enthusiast
Enthusiast

Hi sjesse,

I created a new group and removed Domain Users. I have added the user to newly created group and provided respective permission. Still I see VDI desktop disappeared after preparing windows screen.

Thanks,
Ram

0 Kudos
nburton935
Hot Shot
Hot Shot

Uninstall the DEM agent and push to a test pool, if you are able, and login to the test pool with the test account. This will confirm if its a permissions issue on the DEM side or not. You can also skip import via your DEM policy. 

https://docs.vmware.com/en/VMware-Dynamic-Environment-Manager/2009/com.vmware.dynamic.environment.ma...

 

-Nick

0 Kudos
ramachandrankes
Enthusiast
Enthusiast

Hi Nick,

I test GPO option and still desktop closed automatically when I remove user from Domain Users. I am not sure where I am missing to add this newly created group.

Thanks,

Ram

0 Kudos
sjesse
Leadership
Leadership

Create a test pool and pull out the DEM agent and other things till you get to just the horizon agent and see if it goes away , then add things one a time to confirm at least what product is causing the issue

0 Kudos