7 Replies Latest reply on Sep 9, 2020 2:23 AM by Aginaco

    Horizon Cloud on Azure - Unable to register Active Directory

    mf_SVA Lurker

      Hello everybody,

       

      i'm currently trying to set up a Horizon Cloud Environment with Azure resources. I basically followed the instructions from these sources:

       

      From Zero to Hero:  A Step by Step Guide How To Deploy Horizon Cloud Service on Azure - YouTube

      Quick-Start Tutorial for VMware Horizon Cloud Service on Microsoft Azure | VMware

       

      So what i did is, i set up all the network requirements on Azure, set up my local DNS Server in the VNET Settings, created a service principal on Azure, the IPSEC Tunnel from Azure to my on premises environment is up and running and also the POD Deployment from Horizon Cloud to Azure was successful. The next step would be to connect my local Active Directory and here i stuck at the moment.

       

      The error message says "Unable to register Active Directory" as shown in the following picture:

       

      Image 749.png

       

      For troubleshooting purposes it created a small Windows 10 VM on Azure and configured it with Network Settings from i.e. the MGMT Subnet which i created earlier for my Horizon on Azure Deployment. From that VM i can access different resources on my local Environment via the IPSEC Tunnel without any problems. So there shouldn't be an network issue.

       

      Does someone have had the same issues or any idea what to check or where the problem could be? i'd really appreciate any help!

       

      Thank you in advance.

      Best Regards,

      MF

        • 1. Re: Horizon Cloud on Azure - Unable to register Active Directory
          mf_SVA Lurker

          Hey,

           

          here's a little update on this:

          • Connection to the local Domain Controller from Horizon Cloud still doesn't work, but i can join a Azure Test VM into my local Domain without any problems
          • I deployed a Server 2016 VM on Azure and configured it to be an additional Domain Controller for my local AD. After i did this i could register my local AD on Horizon Cloud with my local domain bind / domain join Accounts. From there i could finally set up the Cloud Pod and everything worked perfectly

           

          So that's a workaround for now and definitely not the final solution. I'm still trying to figure out what the problem with the AD join via the IPSEC Tunnel ist and why it's not working as expected.

          The different Active Directory deployment options are listet here:

           

          The VMware recommended one is Option 6. So i'll try to set this up as well but event if that workes, i'll want to get option 1 running as well.

           

          I still appreciate any help from your side.

          Thanks.

           

          Regards,

          MF

          • 2. Re: Horizon Cloud on Azure - Unable to register Active Directory
            Aginaco Novice

            Hi,

             

            I´m expecting a similar issue. Could you finally solve the the problem of registering on-prem AD via IPSEC Tunnel?

             

            thank you and regards

            • 3. Re: Horizon Cloud on Azure - Unable to register Active Directory
              alsmk2 Hot Shot

              Also having the exact same issue.

               

              Have validated the settings against another Horizon Cloud deployment I'd done previously and, other than domain names and underlying IP's, they're 100% identical (both within Azure and HC).

              • 4. Re: Horizon Cloud on Azure - Unable to register Active Directory
                Aginaco Novice

                Hi,

                 

                thanks for you comment, may be you can answer me a question

                 

                in my case I´m also doubting if  my network architecture is correct. When I first deployed the PoD I used Azure AD DS and create some users for testing. So a VNet was created for AD DS and another one with the management, service and DMZ subnets. Peering both VNets I can authenticate wih AD DS. Now I want to register an additional on-prem Domain to use real users. I´ve create the gateway subnet in the same VNet where the management, service and DMZ subnets are but I´m not sure if this is correct and I should create the whole VPN stuff in a separate VNet  and then  a new peering to my management, service and DMZ VNet like I see in the examples in the documentation.

                 

                Do you know if it is mandatoy to create a different Vnet for site-to-site connections (VPNs) ? I can´t find a word in favor or against it

                 

                thank you and regards

                • 5. Re: Horizon Cloud on Azure - Unable to register Active Directory
                  alsmk2 Hot Shot

                  I may be misunderstanding your question, but I see absolutely no reason to put the GatewaySubnet in it's own VNET. It should work absolutely fine if you do do that and have vnet peering configured correctly, but you may also find it works out more costly for traffic (egress traffic over vnet-peering has a cost in the same region, ingres/egress would have a cost if the peered vnets are in a different region).

                  • 6. Re: Horizon Cloud on Azure - Unable to register Active Directory
                    Aginaco Novice

                    Ok,

                     

                    thanks for your help!

                     

                    regards

                    • 7. Re: Horizon Cloud on Azure - Unable to register Active Directory
                      Aginaco Novice

                      Hi,

                       

                      I wonder if you finnaly found the reason for that...

                       

                      After my holiday season I created yesterday a Win10 Pro VM in the same subnet as the pod´s management VM (the one which name ends with "node-1"). I configured manually this Win10 VM to use the on-prem DNS servers and I could join this VM machine to the on-prem domain via the VPN.

                       

                      Next step was to setup this DNS servers in my Azure-VNet  substituting the DNS Servers created during the initial pod deployment made by my customer and restart the pod´s management VM.

                      But the registration of my local domain in Horizon Cloud keeps failing.

                       

                      These DNS servers crated during the deployment where not on-prem servers but hosted in Azure. The idea was to do some testing using initially resources in Azure (also the test users reside in an Azure AD managed through Azure AD DS) and after that register the local domain to test with users in on-prem production environment, define on-prem users as Horizon admins and finallly get rid of Azure users , DNS, and so on. I wonder if it is even possible to do what we are trying  to do or if we should configure everything from scratch again...

                       

                      Any suggestion?

                       

                      thank you and regards