Symptoms
Connecting to desktops in VMware Horizon View fails.When logging in to a linked clone, you see the error:
The trust relationship between this workstation and the primary domain failed
Purpose
To provide information in regards to this Microsoft Active Directory Policy that can impact horizon.
Cause
This issue occurs when a computer reverts to the old password when it is refreshed or recomposed.When two computers attempt to authenticate with each other and a change to the current password is not yet received, Windows then relies on the previous password. If the current password version changes exceeds two changes, the computers involved may be unable to communicate.
By default, Active Directory computer accounts are configured to change their machine password every 30 days. If the pool is not recomposed within 30 days and the security policy is set to default, the computers change their password.The secure channel between windows and the domain controller breaks, it will not be able to update on the domain controller. This will cause a myriad of issues such as DNS failures on the VDI or invalid credentials on app volumes as the machine will not longer have domain trust.Note, this can also be indicative of an on-site issue with AD configuration or health if the above does not apply to your circumstances. It is a matter outside of the control of the horizon software suite.Note : Typical Solutions /Troubleshooting Steps are designed around the concept of the machine being persistent and may not lend well to a scenario with a large number of machines.
Resolution
To resolve the issue, recompose the computers frequently rather than every 30 days.Horizon Linked Clone Options:
A machine refresh operation restores the OS disks to their original state and size, reducing storage costs.A machine recompose operation changes the image to a fresh snapshot
Microsoft also provides group policies on how to change these settings to be longer if needed. For more information, see the Microsoft TechNet article Domain member: Maximum machine account password age .
Note: The preceding link was correct as of Jan 3, 2021. If you find the link is broken, provide a feedback and a VMware employee will update the link.
Related Information
VMware Horizon View でリンククローンデスクトップへの接続がエラー:The trust relationship between this workstation and the primary domain failed となり失敗するDetails on Refresh OperationDetails on the concept of Secure Channel in AD
