I am installing a VMware View (6.0.1) solution, I deploy servers of the company I work (on Windows 2008 R2): #Vmware horizon client access denied installSetup to view 6 has a small difference with 5.x, you can try by following steps below:ģ get web client package: VMware-Horizon-View-HTML-Access-x.y.z-000000.zipĤ install the IIS and configure the Web Client as steps d through KBįirst of all, I am french, sorry for my bad English I followed this guide: VMware KB: allowing HTML access with the plugin VMware Horizon view Agent Direct Connect 5.3 5.3 horizon that does not work.Ĭan someone guide me through the steps necessary to access html in horizon 6 with direct access plugin? Now, I try to get the most out of this area and by this test to complete the html access. I just set up a display environment 6 horizon with a direct plugin successfully. Source=.filters.Horizon plugin 6 direct connection HTML access You can install or repair the component on the local computer. Either the component that raises this event is not installed on your local computer or the installation is corrupted. The description for Event ID 104 from source VMware View cannot be found. Please find the event logs from the connection server: I couldn’t understand the fix that you mentioned. The case will now be closed, fixed by my self ?ģ thoughts on “ VMware Identity Manager and Horizon 7.* SAML expects credentials from another server” Reconfiguring vIDM to add the PODS with the domain-joined DNS name ( ) and SAML works! So the lesson learned here is that one of the SAML artifacts used is the Connection server domain joined machine name…Īll the logs and data is sent to GSS for a support call but VMware did not come to this conclusion yet but always create a case with GSS if you run into an issue even if you fix it your self. So adding a POD via to vIDM seems legit… Everything syncs and looks to work fine except the SAML. However, all my machines are pointed to another record in DNS…. This was making me think… vIDM/Horizon is using the node name (connection server domain joined name) as a SAML artifact. The specified resource type cannot be found in the image file SAML access denied because of invalid assertion/artifact The following information was included with the event:īROKER_USER_AUTHFAILED_SAML_ACCESS_DENIED If the event originated on another computer, the display information had to be saved with the event. T13:08:46.696 02:00 ERROR (13B8-1BE4) (SESSION:0748_***_bce6) Error performing authentication: Enabled SAML Authenticator's Issuer/entityId not matched with SAML ArtifactĬom.FatalAuthException: Enabled SAML Authenticator's Issuer/entityId not matched with SAML ArtifactĪnd in the event viewer of windows: The description for Event ID 104 from source VMware View cannot be found. In the debug.log of one of the connection servers I saw: T13:08:46.695 02:00 DEBUG (13B8-1BE4) (SESSION:0748_***_bce6) Error_Event: "SAML access denied because of invalid assertion/artifact": Node=, Severity=AUDIT_FAIL, Time=Mon Jun 24 13:08:46 CEST 2019, Module=Broker, Source=.filters.SamlAuthFilter, Acknowledged=true name = E01CS01,ĪuxillaryExternalPCoIPIPv4Address = null, Note that when using UAG’s the external URLs are not used. In the Connector.log you will see if the sync with the connector servers is correct. Time sync is off between the vIDM connector and Connection Servers.Ĭ:\VMware\VMwareIdentityManager\Connector\opt\vmware\horizon\workspace\logs.All desktop entitlements were there but just logging into a desktop would not work… The whole Horizon environment works just fine with the sub DNS records. Have a multi-pod environment and have done this a million times before but for the love of… I could not get it working in this environment… Connection servers added as expected, could sync my desktops into vIDM. This Horizon Server Expects to get your logon credentials from another application or server. The problem was that no matter how I configured the vIDM tenant I kept on getting a SAML error. Upgraded from Horizon 7.7 and downgraded vIDM Connector to 3.3 to test if that was an issue but that did not matter at all… The problem: VMware Identity Manager Connector 1903 in HA on Windows (AD sync and Horizon sync to SAAS).Horizon 7.8 (2 PODS, each pod has 2 connection servers).The environment I am working on is based on: Finally got it fixed with some good old log digging. So… I just had a nice week troubleshooting a Horizon 7 SAML issue with VMware Identity Manager SAAS / 1903 with GSS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |