When users logs on using RDP protocol without bieng prompted to re-enter user name and password (i.e. SSO works). If protocol changed to PCoIP .. user is prompted to enter username and password on windows again.
Any ideas?
View/View Agent 5.0 on Vcenter 5.0
Floating linked clone mode with windows 7 guest OS.
OS of view client is windows 7 as well.
Do you have a logon banner? I've seen that break SSO with PCoIP in the past with 4.x, but not sure if that still applies to 5.x.
Nope. I made sure no logon banners, and checked GPO policy applied to insure it is not configured. Also checked the policy for Require Ctrl + Alt Delte to make sure it is not configured as well.
When logged on with PCoIP the equivalant of ctrl+alt+del looks like it has been pressed , but the administrator user is shown (i.e the last user that logged on on the parent image) and the desktop waits for a password for it.
Also to add ... I have the AllowSingleSignOn policy enabld in the GPO
Please notice the view clients are installed on machines that are not part of the domain.
Do you mean this one below? If not, I'd give it a try; or ultimately try to put the desktop into an OU with inheritence blocked and no GPOs applied.
If you see the "Press Ctrl+Alt+Delete to log on" screen
This means that a Windows policy is not set correctly. This problem can only happen in PCoIP connections and Local Mode desktops. When the desktop is launched, the View Agent signals a Ctrl+Alt+Del to start the login process but Windows must be configured to allow this to happen. The View Agent installer configures Windows to do this, but often times administrators will override this with a GPO and not realize that they did this. The registry value we set is: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration and it is best to check that registry value in the problematic remote desktop to see what it is set to. The GPO that controls this registry value is named "Disable or enable software Secure Attention Sequence". Our installer sets the registry value to 1 (corresponding to the Services option). This value is required to either be 1 (Services) or 3 (Services and Ease of Access Applications). (Source: http://blogs.vmware.com/view/2010/12/troubleshooting-single-sign-on.html)
I read that post and checked the Reg. Key before and I confirmed it is set to 1 ... I edited my previous post to add a picture of the logon screen (looks like the service did press the ctrl+alt+del but didn't switch the user or continue the logon)
Any ideas .. I am stuck !!
As long as the Agent is joined to the same domain as the credentials that are being used to log into the View Connection Server, this should work fine. Can you file a SR about this? They will want you to provide a DCT with the log files, which you probably wouldn't want to post to this forum.
I will file an SR once I am 100% confident it is a bug before I escalate this any further ( don't want to look incompetent until I have to.especialy if turned out to be something stupid as I will have to escalate to a higher admin)
Sounds like a bug to me. You are welcome to go through http://blogs.vmware.com/view/2010/12/troubleshooting-single-sign-on.html to make sure, but it seems like it is.
If a VMware Employee suggests an SR, im sure you won't look bad.
I didn't notice sorry , Thank you
However something new just happened. My pool was set to refresh on logoff imidiately, while troubleshooting this problem, I disabled that feature from the pool settings so I can speed things up temporarily. The first time I logged on same thing happened SSO failed.
However on my second login SSO Worked!!
It has to be on the same machine however, so the machine I was testing this on got busy, and I was logged on to different machine, and voila! SSO didn't work again until I logged off and on again.
I am working with roaming profiles, and redirected folders (both AD). Persona management is on but no redirected folders yet.
Would that help troubleshooting the problem?