VMware Horizon Community
MrCheesecake
Enthusiast
Enthusiast
‎09-01-2023 10:21 AM

Zero clients and Windows Logon/Message Banner

Good afternoon!

We're using the latest/greatest Horizon build and have zero clients connecting to Windows 10 VMs using their domain logon creds.  On the Windows 10 machines (via group policy), we set the usual logon banners about monitoring, etc.  We also have a policy that enables a locking screensaver after 20 minutes.

We have just discovered the following "feature":

1. User enters credentials into the Horizon client from the zero client, selects their desktop pool, and is connected to a VM.

2.  User gets the logon banner/message but does NOT click OK (Goes to get coffee)

3.  User comes back 25 minutes later (they drink a LOT of coffee!)

4.  The screen appears to be locked and user hits CTRL-ALT-DEL.  This takes them back to the logon banner from Step 2 (Without re-entering a password).  User clicks OK and is then logged into Windows without any additional actions like re-entering their password

In the past (Probably 2-3 years ago), this behavior resulted in the session getting stuck as we had a colleague that would sometimes forget to hit OK and we'd need to clear or log-off his session from the Horizon console.

As a workaround, we'll probably just use the logon message within Horizon instead of a Windows GPO but wanted to see if others have seen and dealt with this situation via other methods.

0 Kudos
1 Reply
MrCheesecake
Enthusiast
Enthusiast
‎09-06-2023 02:10 PM

I have a quick and interesting update on this.

Forgot to mention in the original post that we're using SSO so that the creds entered in the zero client are passed through to the Windows VM.  I tried adjusting the setting (Global Settings\General Settings) to discard SSO creds after XX minutes to something much lower than the screensaver but with no luck.

I was stumped but just observed something interesting...  I'm looking at the events in the connection broker and see where I logged in, selected my VM pool and was even assigned WorkstationXX.  The machine is currently waiting for me to click OK to the logon banner/message-  However, the connection broker does not show me and/or the workstation assigned in a session!  But you just told me that I was assigned a workstation!?!

This leads me to think that there's a new feature/hiccup in how Horizon detects sessions.

Strangely, I do get an event in the connection broker later on showing that my SSO credentials are locked (still no session).  And when I return to my client, the screen IS locked, but after hitting CTRL-ALT-DEL, I get back to my banner and hitting OK takes me right into Windows.

 

0 Kudos