VMware Horizon Community
BStone77
Contributor
Contributor

VDI reverting to local user login after recompose

I'm running into a strange issue with automated linked clone pool (using composer) 

Horizon 7.6

VDI Gold Image: Windows 10 LTSC

Persistent Disks

Roaming Profiles with redirected folders

When I build the pool from scratch, it works very well.  New users log in, the VDI picks up their account, and logs them in.  Log off and log in works as it should, bringing the user right back to their desktop. 

I went and updated the gold image, and recomposed the pool with the new snapshot.  When any user tries to log in after the recompose finishes, they are met with a login prompt displaying the name of the local account used in image creation. 

It feels to me that the VDI doesn't pick up the credentials passed to it from the Horizon client,  but I am at a loss as to where to look to resolve this.  I've tried it with both domain user and domain admin credentials and it's the same issue.  If a user logs in manually to the VDI from that prompt, they get their desktop but any changes that were made prior to the recompose are lost.

Any ideas would be very much appreciated. I do have a case open with VMWare Support, but it's at the 2nd round of digging through logs and I'm starting to feel the pressure from the higher ups to get this working.  

Thanks!

20 Replies
sjesse
Leadership
Leadership

In one that doesn't work check and see if the netlogon service is running.

Reply
0 Kudos
BStone77
Contributor
Contributor

Hi sjesse,

Okay I checked a few of them, and the netlogon service is running on them.  Set to Automatic. 

Reply
0 Kudos
techguy129
Expert
Expert

Check out this article. Verify that the authentication provider is present in the userinit string in the register:

VMware Knowledge Base

If that all looks good, I would suggest reinstall the agents on the gold image.

Reply
0 Kudos
sjesse
Leadership
Leadership

If the userinit fix referenced doesn't help I'd remove all the virtual desktop agents and reinstall them in the correct order.

VMware Knowledge Base

agalliasistju
Enthusiast
Enthusiast

I would agree with sjesse​ on this one.  Did you remove and install the Horizon Agent after the OS update was performed?

Reply
0 Kudos
BStone77
Contributor
Contributor

I apologize for the delay.  I'm checking on the userinit now.  If that's present I'll reinstall the agents again to be sure they're done in the proper order.

Reply
0 Kudos
BStone77
Contributor
Contributor

Okay checked the userinit and it was there.  I DID do a uninstall/reinstall of the agents as well, and unfortunately I still get that login prompt.  I am in the process of spinning up another VDI to test as the gold image, this one is an earlier version of LTSB. 

Reply
0 Kudos
sjesse
Leadership
Leadership

If your starting a new image follow this, and then adjust if need be

Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop | VMware

I've had good luck so far.

Reply
0 Kudos
agalliasistju
Enthusiast
Enthusiast

Found this kb VMware Knowledge Base which then led me to this one VMware Knowledge Base

Old, but maybe it will give you an idea.  I'm wondering about your Win 10 policies regarding Interactive logon: Do not require CTRL+ALT+DEL GPO policy is enabled.

Reply
0 Kudos
BStone77
Contributor
Contributor

I apologize for the delay, I was out for the rest of the day.

So I went back and redid my gold image.  Did the agents in the proper order, and re-installed my apps. I went and recomposed with the new image and snapshot and it worked!  So I went back in to make a new snapshot to test again.

I noticed that I had forgotten to leave the domain I was joined to.  So I went and added an app, and also unjoin the domain. This time, the issue came back!

I haven't been keeping the gold image on the domain, as I understood there were problems with that. Is there something I need to be doing instead to put these on the domain properly?  When I recompose it DOES look like these machines are domain joined, but that local account login prompt is there. 

Reply
0 Kudos
cjgardne
Contributor
Contributor

I enabled this policy on my gold image and it resolved the issue.

Security Settings > Local Policies > Security Options>Interactive Logon: Do not display last username

Reply
0 Kudos
BStone77
Contributor
Contributor

I think this is a step in the right direction!  I modified that policy to enabled, and snapshot the gold image.  After a recompose, I am presented with a login prompt, same as before, but this time it's asking for domain credentials.

Reply
0 Kudos
BStone77
Contributor
Contributor

I checked that setting just now and it was set to enabled.  I followed the KB and set it to Disabled, so I'm whipping up another snapshot now and trying it again.

Reply
0 Kudos
BStone77
Contributor
Contributor

Okay i found something strange.

I redid my gold image the other day, and just did another recompose a moment ago. I got the same login prompt, but then I decided to test something. 

I disconnected from my Horizon client on my laptop, and reconnected.  I was then able to pass through my credentials and log into the VDI without issue.

So right now things work if I:

1. Recompose pool

2. Disconnect from Horizon Client

3. Connect back into the Horizon Client.  

I made sure I was on the newest version of the client as well.  4.9.0

Reply
0 Kudos
sjesse
Leadership
Leadership

I beleive there is an SSO timeout of  few a hours no matter what, I've see this before, and I think its expected. I'm not sure if you can disable it in newer versions but it looked like it was possible in older ones

VMware View 5.2 Documentation Library

Reply
0 Kudos
cjgardne
Contributor
Contributor

So you implemented the policy I suggested: Security Settings > Local Policies > Security Options>Interactive Logon: Do not display last username and you're still seeing the Admin account or most recent user when logging into one of the clones?

Reply
0 Kudos
BStone77
Contributor
Contributor

I have, and we're still running into this issue, but for now we've decided to workaround it.  When we do a recompose, we make sure that everyone logs out of the Horizon client.  Most of our users are on terminals, so it's not an issue for them.  Once the recompose is done, the users log in successfully.  

I wish I had a more solid solution, but for now it seems to work fine.

Reply
0 Kudos
milindng
Enthusiast
Enthusiast

I am also facing the same problem from last many days.

I have one master image with multiple snapshots. Pools created from pervious snapshots work properly without SSO login errors while if I wish to create new pool from latest snapshot of my existing master image , it prompt me for SSO login screen.

I don't know what kind of policy is getting updated with this newly created snapshot on same image.

Even I prepared another fresh Windows 10 LTSC 1809 golden image which is giving same SSO login errors but rest is working as usual with manual user logion on SSO screen.

Reply
0 Kudos
milindng
Enthusiast
Enthusiast

I am also facing the same problem from last many days.

I have one master image with multiple snapshots. Pools created from pervious snapshots work properly without SSO login errors while if I wish to create new pool from latest snapshot of my existing master image , it prompt me for SSO login screen.

I don't know what kind of policy is getting updated with this newly created snapshot on same image.

Even I prepared another fresh Windows 10 LTSC 1809 golden image which is giving same SSO login errors but rest is working as usual with manual user logion on SSO screen.

Reply
0 Kudos