Hi,
I have a View based infrastructure set-up with windows based View client SW running on thick clients. The interactive user logged onto my thick clients has entitlements within my View Connection Server, but if i tick the 'use windows session credentials' box upon connection the credentials are rejected. If I manually re-enter the same credentials I am successfully authenticated. My domain set-up is non-standard here, my thick clients and my View server are all part of one domain (Lets call it 'Client Domain'). The user account being used to log onto the thick clients, and in the View Connection Server is from the domain to which my View host belongs ('Host Domain'). There is a two way trust between the Client and Host domain, which seems to be working since manual entry of the credentials is successful.
Any ideas?
I am currently using View 5.0, vSphere 5.0.
Thanks
W
Hi,
Can you attach the view client log please.
The location of View Client log files:
C:\Documents and Settings\%username%\Local Settings\Application Data\VMware\VDM\Logs\
C:\Users\%username%\AppData\Local\VMware\VDM\Logs\
Regards,
Julien
Hi Julien,
Sorry for the delay in getting back...
The pertinent data from the log file and my investigations into the above problem are as follows:
When I log on as HostDomain/bob.builder from a View Client joined to CientDomain with the 'use windows session credentials' box ticked, then the following output can be found in the VMWare View Client log file:
[Ws_winauth][GSSApiProcessClientContext] Target Principal : DISP-VCS$@ClientDomain Identifyonly false
[Ws_winauth][GSSApiProcessClientContext] Failed to Initialize SSPI Client Context, Error : 0x80090311
(no authority could be contacted for authentication).
Where:
I have confirmed that cached credentials are not being used by checking that there were no 5719 events in the System log of the VMWare View Client machine.
Time is also synchronized between the View Client machine, the View Connection Server and the ClientDomain and HostDomain DCs.
I added DISP-VCS$@ClientDomain to the “Servers Trusted For Delegation” Group Policy applied to the View Client computer. This did not make a difference.
Regards,
B
Hi,
Can you check if maybe the answer is located in the documentation :VMware View 5.0 Documentation Center
Regards,
Julien.
Hi Julien,
The page you linked to in the VMware View 5.0 Document Center are the instructions that I followed in my investigation described above.
I think that I must be missing some subtlety with the login being across domains.
Regards,
B