I have deployed a pool of Win 7 64 desktops. The ActivClient 6.2 is installed and works on the gold master image. When connecting to one of the linked clones and attempting to us a smart card for log in, i receive the following error.
the kerberos protocol encountered an error while validating the KDC certificate during smartcard logon.
any ideas?
What is the protocol that you are using to connect to the remote desktop? Does this issue happen when connecting over both PCoIP and RDP? In general, I'm assuming this is a configuration error with your Agent machine; you should be able to look at the Windows event log on the Agent machine to get more info on the failure.
Didn't matter which protocol. It appears to be a bug with the connection server. If you reset the base image, take a new snapshot, and then recompose the issue is resolved.
Glad to hear that you got it working, but I'm still skeptical that it had anything to do with the View Connection Server. If you are doing a smart card login into the remote desktop, it doesn't involve the View Connection Server at all. Another way to test it is to directly RDP in and see whether you can log in.
I was advised by a VMware pre-sales engineer that it is a bug with the connection server. Whether or not he is correct...I don't know for sure. Logging in via RDP produced the same result.
Yeah I don't think that it's a connection server issue but if it went away, that sounds fine.
Very interesting. We are encountering the same exact issue. We are in a PKI enabled environment using smart cards and using View 4.5 Connection Broker with 4.6 Agent on the parent image (Win7 x86). When I create a new pool of 30 VMs, about 10-13 exhibit the error message discussed here. I will attempt to use the work around mentioned here.
Pretty much... my understanding is that smartcard can only be used for logging on with a domain account, not a local one, so interactive logon in this case is out.
Smartcard on your local machine doesn't really give you any more inherent protection btw.... physical access to a machine circumvents all other access...... that's why it has more value in the domain logon scenario, with two-factor authentication to your domain resources.