About Me

My photo
This blog has been created to share technical information, interesting innovations that I notice on daily basis and Architectural/Consulting overview of various technologies. My areas of interest, on which I would be blogging, are VMware, Microsoft and Citrix Technologies. I hope you will enjoy this blog and share your experience with me.

Horizon View 6.2 Secondary Credentials for One-way trust

Horizon View 6.2 introduced a new feature for the Active Directory One-way trust. If you have installed and configured Connection Server (CS) and at the time of performing entitlements under ‘Users & Groups’ or browsing the ‘AD Container’ under the (Guest Customization) during the pool creation you will encounter the following error message in View Administrator console:

Query Error

Follow these steps in order to fix the issue by adding the Secondary Credentials on the CS using vdmadmin command.

  1. Go to the CS server and open the Command prompt using the Admin privileges
  2. Change the directory path to C:\Program Files\VMware\VMware View\Server\tools\bin>
  3. Command to Add the Secondary Credentials:
    vdmadmin -T -domainauth -add -owner domain\viewadminUIuser -user domain\trustdomainuser -password trustdomainpassword
  4. Command to Remove the Secondary Credentials:
    vdmadmin -T -domainauth –remove-owner domain\viewadminUIuser -user domain\trustdomainuser
  5. Command to View all the Secondary Credentials for specified accounts
    vdmadmin -T -domainauth –list -owner domain\viewadminUIuser
  6. Repeat Step 3 multiple times, if you have more than One View Administrator that needs the capability to entitle Users & Groups or Creation of Desktop pools

Usage Notes:
Next to the -owner switch you need to add the user account use to logging into View Administrator Console
Next to the –user switch enter the credentials or service account of the trust domain where the User, Groups, OU Structure etc. reside

After you have added the secondary credentials, you will be able to perform ‘User & Group’ entitlements along with the ability to browse the ‘AD Container’ during the desktop pool creation in View Administrator console.

More details about the Secondary Credentials can also be found in the View Administrator Guide (Page No. 237)

Thanks,
Aresh

1 comment:

IJH said...

Hi,

Thanks for this info, in case anyone else comes across this - you cant pass the password in the usual * format:

vdmadmin -T -domainauth -add -owner domain\view_admin -user other_domain\domain_admin -password *

It prompts for the password but you always get an incorrect password error - you have to actually pass the password in the command line like this:

vdmadmin -T -domainauth -add -owner domain\view_admin -user other_domain\domain_user -password the_password

Hope that helps someone!

My Blog List