none
VDI Setup - trusted domain user not able to login RRS feed

  • Question

  • Two fold question:

    Setup is as follows:

    1 RDS server - Windows Server 2012 R2 STD - hosts all services except virtualization
    1 Hyper-V server - Windows Server 2012 R2 STD - hosts all VMs

    Domain A - Windows Server 2012 STD
    Domain B - Windows Server 2012 STD

    Domain A has Group A setup with users allowed to login to VDI infrastructure. Works without a problem.
    Domain A has Group B setup which has users from Domain B. Group B has been added to the RDS server (CAP and RAP) and also to the virtual desktop collection.

    User from Domain B logs into the RDWeb to connect to machine.User is able to login and see the pool. When User from Domain B tries to connect to a machine in the pool, the user gets the error specifying that he may not have permissions to connect to the RD server. I have verified all setting and permissions.

    When I attempt to assign User from Domain B a Private VD, i receive the following error:

    " The security identifier could not be resolved. Ensure that a two-way trust exists for the domain of the selected users. Exception: The network path was not found "

    I have confirmed trust is established and working properly. I also upgraded both the RDS and Hyper-V server to R2, since this error was also caused by adding the domain local group to the collection prior to R2. This error does not appear anymore when adding the domain local group to collection, but only when attempting to assign user a VD.

    Please help, and I am not able to find anything remotely close to this issue using the common search engines.

    Thank you in advance.

    Thursday, March 6, 2014 4:37 PM

Answers

  • SOLUTION:

    THE RD CAP on the RD Gateway server had the same Global Domain group assigned as the Desktop Collection pool.

    I changed the RD CAP authorized groups to Domain B\NEW GROUP that had User from domain B and everything worked.

    • Marked as answer by Johan_Br Saturday, March 8, 2014 7:53 PM
    Saturday, March 8, 2014 7:53 PM

All replies

  • I have been able to get this working.

    - I created a brand new virtual desktop collection and assigned the domain local group with members from Domain B to the collection

    - I created two seperate Global security groups on Domain A (where the RDS and VDI server reside). Each group was assigned its respective Virtual Desktops (one for VDs for Domain A and one for VDs for Domain B)

    - I created 2 seperate RAPs. One for each Gloabl security group that has the VDs.

    Not sure what the trick was, but it is working now.

    • Marked as answer by Johan_Br Friday, March 7, 2014 2:24 PM
    • Unmarked as answer by Johan_Br Friday, March 7, 2014 11:43 PM
    Friday, March 7, 2014 2:24 PM
  • I need to add to this...

    It seems it works...but doesnt...

    When I connect internally to Domain A, I am able to connect to the Private Virtual Desktop of the user from Domain B

    When I am EXTERNAL (on the internet) I am NOT able to connect...

    This has to be obvious...I just think Im over-thinking it...

    PLEASE HELP!

    Friday, March 7, 2014 11:43 PM
  • SOLUTION:

    THE RD CAP on the RD Gateway server had the same Global Domain group assigned as the Desktop Collection pool.

    I changed the RD CAP authorized groups to Domain B\NEW GROUP that had User from domain B and everything worked.

    • Marked as answer by Johan_Br Saturday, March 8, 2014 7:53 PM
    Saturday, March 8, 2014 7:53 PM