Solved: VM without access to HOST AD

DBagini · ‎03-18-2014

Hi, I'm hoping somebody can help me with an issue I have setting up a trial of the Horizon view product.

I have TWO windows domains that are independent and not connected in any way (except for a couple of cables going into the Vmware Host box). Lets call it domain A

My users's PCs are on the same domain as the VMware host and all of the WMware infrastructure.

The current desktop VMs (full machines with vsphere clients) are machines connected to the OTHER domain (domain B). People run VSphere on their domain A physical desktops, connect to Vcentre (on domain A), then log onto the virtual machine using domain B usernames and passwords.

I installed and configured Horizon View on Domain A, connecting it and setting up a pool with an existing desktop VM that I installed View agent on, but when I connect to it using the View client, I get the error message "The assigned desktop source for this desktop is not currently available."

If I connect the VM to domain A as well as domain B by assigning a second network card attached to domain A, the view client connects and opens a black screen (different issue), so the problem appears to be that the VM needs to connect to domain A active directory. Leaving the VM with a connection to both domains is not an option (for security reasons).

Is there a way around this apparent requirement?

markbenson · ‎03-24-2014

DBagini wrote:

The issue seems to be that the domain B guest OS (the VM) needs to be able to talk to the View Connection Server.

That's correct. You can see this in the diagram on page 75 in http://pubs.vmware.com/view-52/topic/com.vmware.ICbase/PDF/horizon-view-52-architecture-planning.pdf

Connectivity between the virtual desktop (the domain B guest in your case) and the Connection Server is shown by the JMS connection line.

Mark

View solution in original post

mpryor · ‎03-19-2014

If you don't need SSO, there's no reason the desktop VMs have to be in the same domain. What is more likely is that the desktops cannot resolve the FQHN of your connection server as you don't have DNS set up correctly to forward lookups between the two. Try running the support tool on the desktop VM to see what it finds.

VMware KB: Collecting diagnostic information for VMware View

DBagini · ‎03-19-2014

I think you are quite right in that it is the DNS and not AD that is the problem.

Since they are two separate 'private' domains, there is no way I can have one resolve to inside the other. The VM cannot 'see' the connection server or Vmware hosts or any other computer because the VM is on network B while the connection server is on network A and there is no connection between the two ( computers inside domain A cannot talk to computers inside domain B).

.

So I am looking for a way for the agent on the VM on domain B to NOT need to talk to domain A at all. Is this possible?

mpryor · ‎03-20-2014

You don't need to talk to the domain in general, but you do always need to resolve and talk to the CS. Network connectivity is required between the CS and desktop and you'll need to add a DNS entry for the server FQHN to be resolved.

Linjo · ‎03-20-2014

Another possibility it to use the Direct Connect Agent and connect directly (not using the broker) the the virtual desktop.

This might not fit your usecase but is a very useful functionality in some cases.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".

DBagini · ‎03-20-2014

> Network connectivity is required between the CS and desktop

So effectively, the connection server has to be in domain B?

> Another possibility it to use the Direct Connect Agent and connect directly (not using the broker)

Will this still use PCoIP?

Linjo · ‎03-21-2014

Yes, DirectConnect is using PCoIP.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".

mpryor · ‎03-21-2014

>So effectively, the connection server has to be in domain B?

I was interpreting "domain" as a Windows domain. It's quite normal to have multiple domains within a shared network - in lab environments we commonly have several domain test environments all running in the same subnet even. Network connectivity is essential for the product but having the same domain for desktops and servers is not. Please see the administration guide for more details on environment requirements.

DBagini · ‎03-23-2014

>I was interpreting "domain" as a Windows domain.

Yes, windows domain, but different network. There is no network connectivity between the two aside from the VMWare host itself.

markbenson · ‎03-23-2014

Yes, as has been said, View Connection Server requires Windows domain network connectivity.

If you want to use View Connection Server, first ensure that there is network connectivity between View Connection Server and the domain controller. The View Connection Server OS needs to be joined to an AD domain.

Mark

DBagini · ‎03-24-2014

The View Connection Server is in Domain A and talking to Domain A's domain controller. The issue seems to be that the domain B guest OS (the VM) needs to be able to talk to the View Connection Server.

I was thinking (hoping) the View connection Server did not need to talk to the VM's operating system directly, but that does not appear to be the case as I have only been able to get this to work by adding a second virtual network card to the guest VM connected to Domain A's network.

Thanks for all your replies.

markbenson · ‎03-24-2014

DBagini wrote:

The issue seems to be that the domain B guest OS (the VM) needs to be able to talk to the View Connection Server.

That's correct. You can see this in the diagram on page 75 in http://pubs.vmware.com/view-52/topic/com.vmware.ICbase/PDF/horizon-view-52-architecture-planning.pdf

Connectivity between the virtual desktop (the domain B guest in your case) and the Connection Server is shown by the JMS connection line.

Mark

All

VM without access to HOST AD