Jump to content

Recommended Posts

Posted

We upgraded AD from windows server 2022 to windows server 2025 (Windows Server 2025 - Version 24H2 - OS Build 26100.1742) yesterday. When upgrading the domain controllers: We have run 'adprep /forestprep' and 'adprep /domainprep' but have not raised the domain functional level above 'Windows Server 2016' Now we have problems with not being able to create new VDI machines. We are using non persistant desktops with vCenter instant clones. vCenter version: 8.0.3 24322831 We have horizon agent version: Horizon Agent 8.13.0-10002333884 The creation of new VDI machines workes on windows 10, but not in windows 11

Error messages:

internal template vm-256188 [cp-template-xxxxxx] customization failed. Error description not set by agent.

Error: Instant Clone agent initialization error (26): Failed to verify domain trust

Has anyone else seen this?

Posted

I've seen this once. It was in a more complex AD configuration with multiple DC's in different sites. The reg key from the following article helped us out:

Instant Clone provisioning fails intermittently with: Agent Initialization state error(26):Failed to verify domain trust(waited 45 seconds) (93066)

I'm not sure if this may help you though, as I do not understand why the behavior in your environment is different between Windows 10 and Windows 11.

Looking at the supported DC OS/Domain/Forest levels, I think there's no reason to suspect incompatibility with Windows Server 2025 for your DC's. Unless Omnissa says otherwise...

image.png.357f0a35fd25cdfe583d9c337be8fb5e.png

Ivan de Mes

EUC Architect @ Orange Business (The Netherlands netherlands-flag-png-xl.thumb.jpg.a1943fcb7e938a63e1191aae2aa31568.jpg)
EUC Expert | vExpert | Blogger | Public Speaker | Part of the Dutch vEUC TechCon leadership team

Blog: https://ivandemes.com | X: @ivandemes | Bluesky: @ivandemes.com | LinkedIn: ivandemes

Posted

not sure what order y'all did things in, but if you were doing in place upgrades of domain controllers roles were likely moving around, or sites changing if you were adding/retiring, etc..  

few things i'd look at:

- are these newly deployed pools or existing ones where a parent is already running? (if the latter, i'd redeploy new and see if you're still running into the problem)

  • are you reusing computer accounts?
  • validate AD role ownership, make sure replication isn't throwing errors anywhere
  • check sites & services to see if there's anything that needs to change/be added/updated

without digging into logs/events across the board, it sounds like you might be dealing with replication problems or expired computer domain credentials and/or a combination of the two

Posted

Thanks for the tip! Unfortunately, the change to the reg key did not work. We still get the errors from tying to push a new snapshot of golden image. internal template vm-256188 [cp-template-xxxxxx] customization failed. Error description not set by agent.

And the snapshot that is current om the golden image gives us VDI's with this error: Error: Instant Clone agent initialization error (26): Failed to verify domain trust

We also tried both newly deployed pools and old ones. 
We are reusing computer accounts, this works om our win 10 but not windows 11.
Sites & services lookes altså good.
 

  • Employee
Posted (edited)

Hello, Was it an inplace upgrade or new servers? 

I would check the list of the domain controllers available for Horizon. It is located in the krb5.conf file of each CS. 

Check> https://kb.omnissa.com/s/article/2147129

There are 4 methods, check all of them to make sure IC attempt to connect the right DCs. If the old/decommissioned dcs are listed, delete them. 

The customization process happens in the cp-template internal vm. Agent logs from it are helpful. I would check debug/netlogon/netsetup  log files to know more why the customization failed. 

You need to enable ClonePrep debug mode or the cp-template vm will be deleted upon failure. 

Troubleshooting Instant Clones in the Internal VM Debug Mode

Edited by Victor León
  • Insightful 1
Posted

It was a inplace upgrade. And all the servers are listed in the krb5.conf file. So this looks good.

I have read this files today, but i did not get lucky to find the error unfortunately

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...