Horizon Universal Console to update the secret key for a pod's Azure subscription settings, the pod manager VMs must be restarted for the new credentials to take effect (2979394, 3007687)ĭue to this known issue, after you edit and save theĪpplication Key setting in the console's Manage Subscription window, the newly entered secret key does not take effect on the pod manager VMs until the management service is restarted in the VMs' operating systems. Microsoft Azure Subscription Related Known Issues After using the If you continue to experience a domain join permissions error in the Register Active Directory workflow after following the Microsoft documentation, please contact VMware support and reference problem report number 2218180.
Before setting the permissions on the domain join service account, it is important that you follow the Microsoft documentation about enabling password hash synchronization to Azure AD Domain Services for the domain join service accounts. See the Microsoft documentation topicĬreate an Organizational Unit (OU) on an Azure AD Domain Services managed domain that describes the built-in container AADDC Computers and see also the Important note at the beginning of that topic about enabling password hash synchronization to Azure AD Domain Services. The Horizon Cloud team has verified that adding the required domain join account permissions works the same when using Azure Active Directory (AD) Domain Services with your pod as for other Active Directory domain deployments.
When using Azure AD Domain Services, the Active Directory registration workflow fails at the domain join step with an error that the Reset Password permission is lacking.
(1969172)ĭue to a new feature for domain controllers in Microsoft Windows Server 2012 R2 and higher, a duplicate SPN check on the domain controller causes domain join failures. Workaround: None.įor farms in a pod in Microsoft Azure, reusing the same farm name with a different domain in the same Active Directory forest can lead to domain join failures due to duplicate service provider names (SPNs). Conversely, after the administrator clears the locked-out condition of the account, it might take up to 15 minutes for the system to stop notifying about the now-cleared account. As a result, it might take 15 minutes from the time point when the primary bind account goes to locked state and the system raises the notification to the administrator. The system's connection object to Active Directory is cached for 15 minutes. It takes up to 15 minutes for the Web-based administrative console to reflect a lockout or unlocked state of the primary bind domain account. The underlying services only detect a locked-out service account when they make a request to talk to Active Directory for either authenticating or searching (user or group). (2010669)ĭue to this issue, an administrator logged into the Web-based administrative console will not see a primary bind account lockout notification until an action involving Active Directory is performed in the user interface, such as when searching Active Directory to add users to assignments. Workaround: Reset your My VMware account password to a new one and ensure the new one does not contain a backslash (\).Īctive Directory Related Known Issues Primary bind account lockout is not detected until you perform an action involving Active Directory in the administrative console. That page will display the supported special characters. To see the list of supported special characters, log in to my. and navigate to your profile's Change Password section. Horizon Cloud, passwords which contain a backslash are not supported. When you use My VMware credentials to login to Horizon Cloud using those credentials fails (2595757) Login Related Known Issues Even though you successfully created a password for your My VMware account that contains a backslash (\), logging in to Note: The numbers in parentheses stated in each known issue refer to VMware internal issues tracking systems.