VirtualValkyrie Posted November 19 Posted November 19 We upgraded AD from windows server 2022 to windows server 2025 (Windows Server 2025 - Version 24H2 - OS Build 26100.1742) yesterday. When upgrading the domain controllers: We have run 'adprep /forestprep' and 'adprep /domainprep' but have not raised the domain functional level above 'Windows Server 2016' Now we have problems with not being able to create new VDI machines. We are using non persistant desktops with vCenter instant clones. vCenter version: 8.0.3 24322831 We have horizon agent version: Horizon Agent 8.13.0-10002333884 The creation of new VDI machines workes on windows 10, but not in windows 11 Error messages: internal template vm-256188 [cp-template-xxxxxx] customization failed. Error description not set by agent. Error: Instant Clone agent initialization error (26): Failed to verify domain trust Has anyone else seen this?
Ivan de Mes Posted November 20 Posted November 20 I've seen this once. It was in a more complex AD configuration with multiple DC's in different sites. The reg key from the following article helped us out: Instant Clone provisioning fails intermittently with: Agent Initialization state error(26):Failed to verify domain trust(waited 45 seconds) (93066) I'm not sure if this may help you though, as I do not understand why the behavior in your environment is different between Windows 10 and Windows 11. Looking at the supported DC OS/Domain/Forest levels, I think there's no reason to suspect incompatibility with Windows Server 2025 for your DC's. Unless Omnissa says otherwise... Ivan de Mes EUC Architect @ Orange Business (The Netherlands ) EUC Expert | vExpert | Blogger | Public Speaker | Part of the Dutch vEUC TechCon leadership team Blog: https://ivandemes.com | X: @ivandemes | Bluesky: @ivandemes.com | LinkedIn: ivandemes
robryan Posted November 20 Posted November 20 not sure what order y'all did things in, but if you were doing in place upgrades of domain controllers roles were likely moving around, or sites changing if you were adding/retiring, etc.. few things i'd look at: - are these newly deployed pools or existing ones where a parent is already running? (if the latter, i'd redeploy new and see if you're still running into the problem) are you reusing computer accounts? validate AD role ownership, make sure replication isn't throwing errors anywhere check sites & services to see if there's anything that needs to change/be added/updated without digging into logs/events across the board, it sounds like you might be dealing with replication problems or expired computer domain credentials and/or a combination of the two
VirtualValkyrie Posted November 20 Author Posted November 20 Thanks for the tip! Unfortunately, the change to the reg key did not work. We still get the errors from tying to push a new snapshot of golden image. internal template vm-256188 [cp-template-xxxxxx] customization failed. Error description not set by agent. And the snapshot that is current om the golden image gives us VDI's with this error: Error: Instant Clone agent initialization error (26): Failed to verify domain trust We also tried both newly deployed pools and old ones. We are reusing computer accounts, this works om our win 10 but not windows 11. Sites & services lookes altså good.
Employee Victor León Posted November 20 Employee Posted November 20 (edited) Hello, Was it an inplace upgrade or new servers? I would check the list of the domain controllers available for Horizon. It is located in the krb5.conf file of each CS. Check> https://kb.omnissa.com/s/article/2147129 There are 4 methods, check all of them to make sure IC attempt to connect the right DCs. If the old/decommissioned dcs are listed, delete them. The customization process happens in the cp-template internal vm. Agent logs from it are helpful. I would check debug/netlogon/netsetup log files to know more why the customization failed. You need to enable ClonePrep debug mode or the cp-template vm will be deleted upon failure. Troubleshooting Instant Clones in the Internal VM Debug Mode Edited November 20 by Victor León 1
VirtualValkyrie Posted November 20 Author Posted November 20 It was a inplace upgrade. And all the servers are listed in the krb5.conf file. So this looks good. I have read this files today, but i did not get lucky to find the error unfortunately
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now