Jump to content

Change original domain account used by Horizon

BillClark

By BillClark
in General Horizon

 Share

Recommended Posts

BillClark Rookie

BillClark

Posted
Posted

When we started our Horizon environment I chose an existing service account as the "domain account" (Settings\Domains\Domain Accounts).  The issue I'm running into is that something happened and Connection servers are locking out this account, which in turns creates problems for all the other applications this account is used for.  I've created a new domain account to be used just for VDI purposes and have added it to the Horizon Console.  I've gone in and modified the existing Desktop Pools to use this new account and then re-published each Pool and everything went well.  I then deleted the original domain account from the Horizon Console, but I keep getting the following errors in the Events screen of the Console.

Source:  Server1.domain     Message:  User <domain>\<OriginalAccount> has failed to login to Horizon Server REST API

Somewhere Horizon is still clinging onto this old account even after multiple reboots and continues to lockout the original account.  How do I reset the account that the API is using?  Thanks.

 

Link to comment
Share on other sites
  • Replies 7
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

OmnissaJon
OmnissaJon

Good to hear Bill.  I have seen an internal ticket that might be related, whereby certain characters in the password are possibly not being handled correctly by the Edge Gateway. £ or / may be the cul

BillClark Rookie

BillClark

Posted
  • Author
Posted

To my knowledge, no, we are not.  At least for any 3rd party software or monitoring outside of the basic Horizon Console, (x2) Connection servers and the Standard Edition of DEM.  We have a very basic setup with the few items listed.
 

Link to comment
Share on other sites
BillClark Rookie

BillClark

Posted
  • Author
Posted

We do have the Horizon Edge Gateway deployed and I looked at it this morning, but I'm not sure where that possible credential could be.  I'm almost 100% sure that if it was asking for creds of some sort, we wouldn't have used that account.

On a side note of interest, working with Tom at Omnissa, he found the "old" account was still listed as a Security Principal for 3 out of the 4 Desktop Pools.  As a test, I deleted, then re-added two that were unused and after that, the "old" account isn't getting locked out anymore.  This was several hours ago and it is still unlocked.  I still see that account being used in the Event log on the Horizon Console, but it's all been Audit Success status since then.  I'm going to do the delete/re-create to the other 2 Desktop Pools in hopes that it eliminates ALL references to that "old" account.

Link to comment
Share on other sites
BillClark Rookie

BillClark

Posted
  • Author
Posted
On 8/23/2024 at 9:59 AM, OmnissaJon said:

Bill, do you have Horizon Edge Gateway deployed?  And if so, is it using the "old" service account to connect to the Connection Server?

Jon, upon closer inspection this "old" account IS being used in the Edge Gateway.  I've initially tried to update that with a different account, but I've been thwarted by the IT Gods again.  It keeps saying the credentials are incorrect, which I know they are not, but it might be something else going on.  I've opened a case with Omnissa regarding this and hopefully we can get it worked out soon.

Link to comment
Share on other sites
BillClark Rookie

BillClark

Posted
  • Author
Posted

So to wrap this all up.  At some point, with the "old" domain account, a desktop pool became corrupted behind the scenes and was causing the lockout issues.  Once I added a new domain account, then rebuilt the desktop pools with this new account, the locking issue went away.  The reason I'm still seeing the "old" account in the logs is because that account is used in the Edge Gateway appliance.  I wasn't able to change that account on my own, and have opened a case with Omnissa to investigate it.  At this point, the "old" account is gone from the Horizon Console, and all the Desktop Pools have been rebuilt and are functioning normally.  Thanks all!

Link to comment
Share on other sites
  • Employee
OmnissaJon Newbie

OmnissaJon

Posted
  • Employee
Posted
Just now, BillClark said:

So to wrap this all up.  At some point, with the "old" domain account, a desktop pool became corrupted behind the scenes and was causing the lockout issues.  Once I added a new domain account, then rebuilt the desktop pools with this new account, the locking issue went away.  The reason I'm still seeing the "old" account in the logs is because that account is used in the Edge Gateway appliance.  I wasn't able to change that account on my own, and have opened a case with Omnissa to investigate it.  At this point, the "old" account is gone from the Horizon Console, and all the Desktop Pools have been rebuilt and are functioning normally.  Thanks all!

Good to hear Bill.  I have seen an internal ticket that might be related, whereby certain characters in the password are possibly not being handled correctly by the Edge Gateway. £ or / may be the culprits, although I don't see a full root cause.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...