VMware Horizon Community
SACCORPO
Contributor
Contributor
‎08-12-2010 12:05 PM

View Portal - Desactivate Single Sign On

Hi,

I use VMWare View Portal to access VM. I would like to desactivate Single Sign On. How?

I create a GPO for VMWare View Agent and configured "AllowSingleSignon" to false. It work fine for VMWare View Client but not for the View Portal. Why?

vSphere 4.0.1

View Manager 4

ESX 4 U1 server

Thanks

0 Kudos
8 Replies
grossag
VMware Employee
VMware Employee
‎08-13-2010 08:20 PM

The "AllowSingleSignOn" is an Agent GPO and will apply regardless of the type of View Client.

0 Kudos
mittim12
Immortal
Immortal
‎08-13-2010 08:26 PM

You could always remove the SSO component of the agent which will disable it.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

0 Kudos
grossag
VMware Employee
VMware Employee
‎08-14-2010 10:32 AM

I think I know what is going on here if you are using PCoIP. In 4.0.x we always do SSO when reconnecting to a remote desktop and don't honor the "AllowSingleSignOn" GPO. We honor it on the initial login, but not the reconnection. This will be fixed in 4.5. In the meantime, I would recommend leaving the SSO components installed. I know in 4.5 we have a strict dependency upon them being installed so we no longer allow them to be deselected during the install. But I can't remember if that dependency exists in 4.0.x.

0 Kudos
SACCORPO
Contributor
Contributor
‎08-16-2010 05:02 AM

Hi,

First, thanks for your help!

We are using RDP protocol when we connect thru Portal. The SSO component is installed with the agent. The "AllowSingleSignOn" GPO is ignored on the initial connection and same thing for the reconnection.

I understand well that the "AllowSingleSignOn" GPO is configured on the Agent side, whatever client we are using, but I don't understand why I'm connecting to the VM "X" with the VMWare View Client the "AllowSingleSignOn" GPO's work well, but don't work when I'm connecting to the same VM "X" with the View Portal.

I have tried to configure the VM "X" Pool to use the PCoIP protocol, but it result in I'm not able to connect to my VM "X" when using View Portal.

Do you have other ideas?

Thanks

0 Kudos
JDoek
Contributor
Contributor
‎10-07-2010 05:22 AM

Did you check the event viewer for any messages on the virtual machine?

I once caught a failed to apply GPO cause of time issues (out of sync with DC's) on a view desktop.

0 Kudos
JDoek
Contributor
Contributor
‎10-08-2010 02:00 AM

I had another case where the GPO didn't get applied.

In my case it was cause of the firewall running on the virtual desktop.

login the virtual desktop.

Go to a server where you define the group policies.

Run the Group Policy Result Wizard and target the virtual desktop.

If you get the "RPC service unavailable" message you have to disable the firewall on the virtual desktop and try again.

Then Target the user you have logged in.

Check the summary / Group Policy Objects / Denied GPOs

Look for the policy name and check for the reason denied to further help you troubleshoot.

In my case it said "False WMI filter".

setting the firewall service on the virtual machine to manual resolved my problems

0 Kudos
SACCORPO
Contributor
Contributor
‎10-12-2010 05:28 AM

Hi,

Thanks for your help.

The GPO is applied. Here's the proof:

http://HKEY_LOCAL_MACHINE\SOFTWARE\Policies\VMware, Inc.\VMware VDM\Agent\Configuration

"AllowSingleSignon"="false"

Also, I have no error in event log and the firewall is desactivated.

0 Kudos
grossag
VMware Employee
VMware Employee
‎10-12-2010 09:21 AM

As I said earlier, in View 4.0, this GPO isn't respected in the reconnect case. This is fixed in View 4.5.

0 Kudos