VMware Horizon Community
TheWizard1512
Contributor
Contributor
‎07-24-2013 06:38 AM

Unable to sign on using windows session credentials in View

Hi,

I have a View based infrastructure set-up with windows based View client SW running on thick clients. The interactive user logged onto my thick clients has entitlements within my View Connection Server, but if i tick the 'use windows session credentials' box upon connection the credentials are rejected. If I manually re-enter the same credentials I am successfully authenticated. My domain set-up is non-standard here, my thick clients and my View server are all part of one domain (Lets call it 'Client Domain'). The user account being used to log onto the thick clients, and in the View Connection Server is from the domain to which my View host belongs ('Host Domain'). There is a two way trust between the Client and Host domain, which seems to be working since manual entry of the credentials is successful.

Any ideas?

I am currently using View 5.0, vSphere 5.0.

Thanks

W

0 Kudos
4 Replies
julienvarela
Commander
Commander
‎07-24-2013 06:43 AM

Hi,

Can you attach the view client log please.

The location of View Client log files:

  • Windows XP:

    C:\Documents and Settings\%username%\Local Settings\Application Data\VMware\VDM\Logs\

  • Windows 7 and Windows Vista:

    C:\Users\%username%\AppData\Local\VMware\VDM\Logs\

Regards,

Julien

Regards, J.Varela http://vthink.fr
0 Kudos
ButtonB
Contributor
Contributor
‎07-25-2013 11:55 PM

Hi Julien,

Sorry for the delay in getting back...

The pertinent data from the log file and my investigations into the above problem are as follows:

When I log on as HostDomain/bob.builder from a View Client joined to CientDomain  with the 'use windows session credentials' box ticked, then the following output can be found in the VMWare View Client log file:

[Ws_winauth][GSSApiProcessClientContext] Target Principal : DISP-VCS$@ClientDomain Identifyonly false

[Ws_winauth][GSSApiProcessClientContext] Failed to Initialize SSPI Client Context, Error : 0x80090311
(no authority could be contacted for authentication).

Where:

  • DISP-VCS is the View Connection Server, which is joined to the ClientDomain.
  • Bob.builder is an account in HostDomain for which a two way trust has been created and verified using the View Manager Console.

I have confirmed that cached credentials are not being used by checking that there were no 5719 events in the System log of the VMWare View Client machine.


Time is also synchronized between the View Client machine, the View Connection Server and the ClientDomain and HostDomain DCs.

I added DISP-VCS$@ClientDomain to the “Servers Trusted For Delegation” Group Policy applied to the View Client computer. This did not make a difference.

Regards,

B

0 Kudos
julienvarela
Commander
Commander
‎07-26-2013 12:17 AM

Hi,

Can you check if maybe the answer is located in the documentation :VMware View 5.0 Documentation Center

Regards,

Julien.

Regards, J.Varela http://vthink.fr
0 Kudos
ButtonB
Contributor
Contributor
‎07-26-2013 12:25 AM

Hi Julien,

The page you linked to in the VMware View 5.0 Document Center are the instructions that I followed in my investigation described above.

I think that I must be missing some subtlety with the login being across domains.

Regards,

B

0 Kudos