I was recently asked by a client who’s environment consists of 3 forest trusts to other domains and would like to filter them out from their VMware Horizon View infrastructure. The following screenshot is basically what they see when they log into the VMware Horizon View Administrator console:
Clicking on one of the domains configured with a forest trust shows the following:
Trust Relationship: The trust relationship could not be determined.
Status: Domain status error detected. View
The reason for the error above is because the View Connection server has problems verifying the domain and in the case of the client I was at, it was because the DNS servers configured for the View Connection servers not having forward lookup zones to these domains. With that clarified, the client wanted the domains removed so in order to do so, we can accomplish this with the vdmadmin command:
Trust Relationships and Domain Filtering
http://pubs.vmware.com/view-50/index.jsp?topic=/com.vmware.view.installation.doc/GUID-48644652-C5C9-4BDC-AE93-75DA2D176995.html
The available switches for this command can be found here:
Configuring Domain Filters Using the ‑N Option
http://pubs.vmware.com/view-50/index.jsp#com.vmware.view.administration.doc/GUID-3E9924EC-1554-43E5-A812-84F9711909A5.html
The vdmadmin.exe executable can be found in the following directory of the View Connection server:
C:\Program Files\VMware\VMware View\Server\tools\bin
Begin by launching the command prompt and navigating to the directory:
Execute the following command to list all of the domains VMware Horizon View can see:
vdmadmin -N -domains -list -active
Use the following command to list the current include and exclude domains:
vdmadmin -N -domains –list
To exclude the domain named MSAD, execute the following:
vdmadmin -N -domains -exclude -domain MSAD -add
**Note that you can only use NetBIOS names for the domain and not the FQDN.
Once the exclusion has been added, you should be able to use the vdmadmin -N -domains -list command to display the list showing that the domain is excluded:
With the domain MSAD added to the exclude list for the cluster, restart the VMware View Connection Server service and you should now see the domain no longer listed:
Executing the following command should no longer show MSAD as a active domain:
vdmadmin -N -domains -list -active
If you want to remove the MSAD domain from the exclude list, you can execute the following:
vdmadmin -N -domains -exclude -remove -domain MSAD
Also note that as soon as a domain is filtered out, the logon page for VMware Horizon View Administrator will no longer display it in the Domain: drop down menu:
1 comment:
I end up in this BlOG once in a long while when trying to tshoot something obscure - but this post is one that saved my mission! More specifically, the tip about using the NetBIOS names instead of the FQDN. None of the other articles mention this very important fact. Additionally, this fixed another issue for my site. (my main issue) After entering in PIN from my smartcard, the client would sit for about 2 minutes saying "Authenticating".... This not only removed several red/unreachable domains within View Administrator, but it stopped the lengthy Authentication timeout! Thank you for posting this! --Wolfegang76
Post a Comment