Hello community,
since a couple of days (maybe since the update from 6.1.1 to 6.2?) i cannot login user a user account from Domain B. If i log in with a user from Domain A everything is fine.
Logging in itself works via Horizon Client - I can see all available Desktops, but as soon as I connect to a Desktop, the message "Error: Your user account is disabled" appears.
The Domain is green on the Dashboard on the connection server. Where could this error come from?
Pull up the user account showing "disabled" in the Active Directory Users and Computers snap-in. Is the account, for sure, not set to disabled?
May be you forgot to have access been allowed from user B. Check the security or if enabled then AD policies
The account is not disabled in Active Directory Users and Computers. I also tested creating a new account.
Any ideas? This problem is driving me crazy. The domain account itself is good. I was even able the entitle the user as an administrator on a horizon connection server. I guess that is the proof that the user account is not disabled and communication with the domain is not a problem.
Could you post a screenshot of the error? I'm just curious exactly where its coming from. Also, have you checked the windows event logs to see if anything from the user logon process is reporting?
Edit...Is the Connection Server and desktops are in Domain A? Do you have a one-way trust, where Domain A trusts Domain B, or does a two-way trust exist?
The connection servers are in domain A, the desktops and users are in domain B. The domains have a two-way trust.
Are specific logon hours set for this user account, or does the account have an expiration date?
Edit: Is the user account able to log into the desktop directly, without using View?
Also, what version of Windows and functional level of AD are these two domains?
Did you find a resolution for this? We just upgraded from 6.0.1 to 6.2 last night now we have the same issue.
Hi,
did anyone find a solution for this? As per logs it looks like the server is not able to verify if the account is enabled or not so by default assumes it is. I came across the same problem when i upgraded from version 6.1 to 6.2
There are more details in this thread: View 6.2 bug? however i do not have the domain in the domain exclude list so the solution does not apply for me
Restart the ESX Appliance
i have encountered somehow similar issue and we found that issue is related to ADAM replication and and AD restriction
the solution was giving the connection servers computer object in AD proper permissions to read our user accounts.this we found it in one of the blogs and it worked
I have the same error but the domain is internal?
I've completely rebuild and updated from 7.2 to 7.4 and same issue?
Can anybody else recommend anything to try?
I granted the Connection servers permissions in AD but no change?
I don't think it helps, but what I do is create ad security groups in both domains, and in the domain the connection servers are in I nest the security groups from the other domain in them. You need to set the security type to domain local though in the connection servers domain though. I'd check AD logs and see if you can find any logon attempts and see if there is anything that might be related.
what desktop pool is this , full clone or linked clone
and is it quick prep or sysprep?
have a look in the below KB
Thanks for the replies
Its a linked Clone. I will try with instant clones.
We only have 1 domain which is what I'm finding difficult to fathom.
In the KB link
Am I granting the user groups authenticate access to the Connection servers?
If its the Connection servers - i added the group to each connection server and ticked "allow to authenticate" but same outcome.
I can login to the first part on Horizon, its only when I click on the desktop to connect.
The logs state:
ser/group sid S-1-5-21-4022429963-2730301100-1384851047-1466 not found in Active Directory
([SESSION:dd96_***_5917]) Could not determine if user account (test) is valid for logon from AD, assuming disabled.
I'm confused I thought you said you had two domains?
Apologies, i hijacked this thread. Original post has 2 domains but I'm having the exact same issue with just a single domain?
I'm guessing the fix must be the same though?