Ah, I hadn't thought of the AD side of the equation, I was focused on the VMware side. Yea, that could cause a problem...

Thanks for the quick replies!

That has been my confusion - all the different permissions at the various levels: AD, Local on vCenter, View Admin, SQL, etc...

When you say "the composer account doesn't have the correct permissions to add the clone to the domain", can you be more specific?

I added the composer AD account, and the vcenter AD account with create/delete perms on the OU into which the linked clones should be deployed and I'm getting the same thing.  Does the parent VM computer account in AD need that permission too?  I didn't see anything about that in the View doc.

It would be nice for something to indicate *why* it's deleting the blasted replica!!

On page 14 of the Admin guide, http://pubs.vmware.com/view-50/topic/com.vmware.ICbase/PDF/view-50-administration.pdf, it shows what Active Directory permissions are needed for the account used in composer. 

Yes - but it's not real clear as to where those permissions are needed, as far as I can tell.

I have added the composer AD account to the /Computers OU (the default OU).

Oh...wait...dammit....

I had deleted and recreated the pool, and left that setting in the Customization tab, so it was not dumping the LC's in the OU that I *thought* it was - instead it was doing what I *actually* told it to.

Now, the LC's are "hung" in View Admin on "Customization" in the status.  I thought that was DNS-related within the LC's, but they can resolve the DC.

Seems like I am getting closer, but victory still eludes me....

Do they eventually time out with some error? Is there anything helpful in the logs on the client?

So the "deleting" issue was due to AD permissions - specifically that they were being created in an OU I was not expecting.  I can get them to deploy, but I have no DHCP server, so I am pretty sure that's why they are stuck on "customizing".

I had found a web page yesterday that had information about creating a DHCP pool specifically for LC's, but now I can't for the life of me find that one again - even going through my browser history....sigh...

Any thoughts on how to deploy LC's with no DHCP server?  At the moment, I am testing that thoery with a DHCP server and lease reservations for the MAC's given to the LC's.

That's an interesting problem. We have DHCP here, so I have no idea. Is it possible for you to take one of your AD DC's and set it up as a DHCP server just for these desktops? I don't see how this will work out well without them being able to get an automatic IP address. I have certain desktops that I would like to get static IPs and I've had to do a kind of kludgy workaround.

I agree with the other poster in that it's not currently possible to use linked clones without a DHCP server.   There are a lot of threads about this in the forum if you want to search for them.

I don't doubt that - but is there a way to configure DHCP such that *only* the LC's get addresses?

I tried setting up leases but every time a LC with name "pcname1" is provisioned, it gets a different MAC address.

For example, I have a pool of 5 for testing, and I checked the MAC on the first 2 that came online - they were sequential, so I created leases for 5 sequential MAC's in DHCP.  However, when I deleted one of the LC's and it reprovisioned with the same computer name, it's MAC was different still.

As I mentioned, I had stumbled across a blog talking about creating a pool that only the LC's use, but I cannot for the life of me find that blog again (I've even re-opened every URL from browser history in both IE and FF, but IE is acting wonky - long story...)

It may be a little more complicated than you want, but my thought is to set up the View desktops on a special VM network on the host to a subnet that only the View desktops will be on (i.e. x.x.220.x). Set up the DHCP server, and set the firewall (either the server firewall or a network firewall) so that the DHCP port is only accessible to that subnet. That way only those machines will see the DHCP server. You can't guarantee what MAC address the clones will get, other than they will start with "00:50:56", so I don't think the MAC will help you much.

Actually, this article for DHCP on Server 2008 was a huge help - filtered DHCP!

http://technet.microsoft.com/en-us/library/dd759190.aspx

I created a filter in DHCP for the first 4 bytes of the MAC address AA-BB-CC-*-*, and now I'm getting DHCP addresses as I need them.

Now, my problem is that the desktops never get past "Customizing".

They get an IP from DHCP, and show up in the OU in Active Directory, but if I log into the desktop, it still shows it is a member of WORKGROUP.

I have a Windows Customization - the default "Win7-Desktop-Customization" is applied.

This is proving to be a difficult task getting one desktop provisioned an accessible from a View Client.

Sounds like you are making some progress, that is good. I do not use customizations so someone else would have to help with that. I set up the gold image the way I want it, and then use GPOs for the rest of it.

So it sounds like you are using Sysprep to handle the customization aspect of the clone deployment.    What happens if you create a new pool and utilize quickprep instead of Sysprep?    If you are using Sysprep you can look at the sysprep log files and also here is a link to the View log files, http://kb.vmware.com/kb/1027744.    You might be able to get something from the composer logs on the View machine.

mclark - I am interested in how you are using GPO to implement your gold image.  Is there some doc out there on that process?

Regarding my issue, it was a small oversight on my part.  I had to re-create the base VM from ground up - I broke the one I had ready to lock in right before I was going to take that snapshot.  In my haste to recreate the base VM, I forgot to install the Composer Agent.  DUH!

I now have successfully deployed the pool and have users logging in with View Clients and LC's .  FINALLY!  All this, only to find out the "View 4.5" client in the Wyse terminals just use the View broker and end up running RDP anyways (which was not enabled in the base, of course).

I think I stumbled on every "don't" in the process.

Key points:

- Do not change the domain membership of the vCenter and View Manager servers (e.g., from test environment to production domain).  If you set it up in a test environment, document everything you do, then start over in production.

- DHCP is required for linked clones.  If you don't use DHCP, add the service on a Windows 2008 server and use the MAC Filter capability to limit DHCP to the VM's.  They get different MAC's every time a new clone is provisioned, so Lease Reservations won't work.  Set the lease time low so decommissioned clones release their DHCP addresses quickly.

- Install the View Agent in your VM before taking the base snapshot.

- Verify the pool settings customization to make sure the linked clones drop into the OU you created in AD

- When in doubt, add the vCenter users and AD users as Administrators to verify View is working, then back off the permissions.  I found it easier to get it working first, then back off permissions until it broke.  If it's not working to begin with, there are so many variables (AD, vCenter, View, Composer, Windows), it makes troubleshooting much more difficult.

I have put some links below to sites that talk about GPOs. I don't know that they are "docs" per se, but they will give you some ideas. I use GPOs to set View Client and Agent settings, and then to set various Windows settings to what I want.

http://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf

http://www.vmware.com/files/pdf/resources/vmware-view-xp-deployment-guide.pdf

http://paulslager.com/?p=913