OPERATIONAL DEFECT DATABASE
...
...
Launching a published desktop fails when TrueSSO is enabled with an error "The request is Not Supported." and a status of "Reported authentication failure. Status=0xC00000BB". The below error may be seen recorded in the Kerberos event logs on the agent desktop when attempting to launch: 0x10 - KDC_ERR_PADATA_TYPE_NOSUPP: KDC has no support for padata type In the Horizon View Agent logs, you see log lines similar to the ones below:Please reference Location of Horizon (VDM) log files (1027744) for details on log file location. 2018-05-30T15:38:10.505+12:00 INFO (1350-12A4) <4772> [LogonUI] vmlm - wscredf Sending SSO_END 2018-05-30T15:38:10.505+12:00 WARN (1350-12A4) <4772> [LogonUI] cred::ReportResult(): Reported authentication failure. Status=0xC00000BB (WinErr=50) and subStatus=0x00000000 (WinErr=0). Status : The request is not supported. subStatus : The operation completed successfully. 2018-05-30T15:38:10.505+12:00 DEBUG (1350-12A4) <4772> [LogonUI] `anonymous-namespace'::SignalUnityEvent: Successfully opened event vmwarewsnm\NotReadyForUnity1. Signaling it now. 2018-05-30T15:38:10.509+12:00 DEBUG (1350-12A4) <4772> [LogonUI] cred::ReportResult(): Returned error 'The request is not supported.'
This KB is to highlight a specific issue with TrueSSO where The authenticating domain controller is not configured for smartcard logons.Smart card logon is being attempted and the proper certificate cannot be located. This can happen because the wrong certification authority (CA) is being queried or the proper CA cannot be contacted. For more detail please reference: Common configuration issues and guidelines with TrueSSO (90037)
The authenticating domain controller is not configured for smartcard logons.
You need to have the Domain Controller Authentication certificate on all the domain controllers.Steps to Enroll a Domain Controller Authentication certificate: On the domain controller, open mmc.Click File and then Add/Remove Snap-in.Select Certificates, click Add, then select Computer account.Expand Certificates (Local Computer), right-click Personal, click All Tasks, and then click Request New Certificate.Press Next.Select Domain Controller Authentication and press Enroll. Note: If you do not see the Domain Controller Authentication on the Auto Enrollment in the Domain Controller certificate MMC, you will need to go to the Certificate Authority server and add the domain controller in the security of the Domain Controller Authentication Template and give appropriate AutoEnroll permissions.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
