VMware Horizon Community
PetrosG
Contributor
Contributor

VMs provisioned with Instant clone - OS Windows 10 LTSB - are NOTreceive the Computer Based Group Policy

VMs provisioned with Instant clone - OS Windows 10 LTSB - are NOT receiving the Computer Based Group Policy ... I reviewed and did exactly what the VMware Knowledge base suggested as a work around but no luck on my end.

https://kb.vmware.com/kb/2150495

Any suggestions? if any one is using Windows 10 with instant clones, if you can share some tips and advice please?

Reply
0 Kudos
9 Replies
Suman1209
Enthusiast
Enthusiast

Hi

What is the build of the LTSB ?

Regards Sumanth VCP7-DTM7 , DCV , NV, VCAP7-DTM Design If you found my answers useful please consider marking them as Correct OR Helpful
Reply
0 Kudos
Wimp777
Enthusiast
Enthusiast

I recently went through this with Windows 7. MY environment is on 7.3.2 and we have multiple domain controllers. Have you checked all your domain controllers event viewer for failures to authenticate? My environment would start the day working perfectly, and as users logged in and out through the day. Issues related to GPO not applying and UEM settings not being applied started happening. Without much help from VMware, we found the errors in the image on our domain controllers. Along with a Windows patch related to vmxnet3 NIC's, we followed the KB below and pointed the clones to one specific DC. Restarted the connection server and things have been smooth since.

VMware Knowledge Base

Windows hotfix: Windows6.1-KB2550978-x86

pastedImage_0.png

Reply
0 Kudos
PetrosG
Contributor
Contributor

Sorry For the late reply, the version is LTSB 2016

Thank you

Reply
0 Kudos
PetrosG
Contributor
Contributor

I have 2 Domain Controllers in my environment - in the same datacenter /location and same Network.

Let me make a note of the specific error message on my DCs and I will take a note and hopefully there is a KB fix for windows 10 as well.

I will get back to you this week on Tuesday or Thursday .... My Link clones are working fine on my windows 10 and I deleted all my Instant clone pools and deleted all the parent VMs so I can start clean and make a note of each issue.  I also upgraded my environment to 7.3.2 a week ago and hoping to see a better result.

Thank you for taking the time to reply and I will update you in 2-3 days.

Thank you

Reply
0 Kudos
PetrosG
Contributor
Contributor

Wimp777,

I took my time today, I deleted all my old pools and recreated the pools. Removed all those Parent CP machines ...

I have an instant clone windows 10 Pool

first, as soon as my VMs provisioned could see the computer and user policy that were in effect. everything I tested worked great.

I made a shortcuts to the Master (Public desktop) and pushed the new snapshot - as usual no errors during provisioning at all.

Then when I login with my account and two test accounts, the Computer policies that should have taken place did not happen.

These are Non persistent systems so if I logoff and log back on, it will be the same story.

Checked in my Both DCs for a similar event  5722 that you mentioned and I have non of those.

If I run gpupdate/force on my VDI, I get some of the policies and some require a reboot to take effect. but since this is non persistent it does not make any difference

My feeling is that the CP parent machine needs to reboot - but I do not know how to reboot it or when it reboots it self.

My linked clone pool with the same policies that reside in the same OU works perfectly.

Any more suggestions?

I also have a ticket open with VMware

Reply
0 Kudos
sjesse
Leadership
Leadership

check your pool settings make sure the ad location is correct. The instant clone parent shows up as it134134 or something similar. Make sure that is showing up in the OU where the GPO is located.. If not I'd recreate the snapshot the pool is based off of and push a new image. The new snapshot will make sure parent and the replicas are all recreated.

Reply
0 Kudos
PetrosG
Contributor
Contributor

sjesse,

the location is correct, I see the Parent VM on the same OU as well.one semi workaround I found is that I am running a bat script to force GPUPDATE on the Master VM local group policy.

The first time I create a pool or delete all the snapshots and current VMs, the Policies run as they should and my instant clones are good. when I update the master image with a new snapshot and push the new image, 90 % of the time the group policy does NOT Take effect. My Linked clones have no issues b/c the VMs reboot multiple times during provisioning. The instant clones do not reboot since they fork from the parent machine.

Reply
0 Kudos
Wimp777
Enthusiast
Enthusiast

To follow up on my original answer. The final addition I put into my image was to disable the machine password change. So each time my instant clones were recreated using the same DNS name. They would only point to one of my dc's and not change their machine pw with AD to allow them to continually auth and receive the GPOs. After making that change to the registry. My pools have been running in production without any errors to authenticate. Need to confirm on my image that this document is modifying the correct key.

https://support.microsoft.com/en-us/help/154501/how-to-disable-automatic-machine-account-password-ch...

Reply
0 Kudos
dennisfynn
Contributor
Contributor

Did you ever resolve this?  I have the same issue and no error 5722 on my DCs.

Reply
0 Kudos