OPERATIONAL DEFECT DATABASE
...
...
Secondary credential is getting locked frequently.Domain Bind account registered in Horizon Universal Console is frequently getting locked out.Log lines similar to below are seen in the Horizon Connection Server logs: 2022-11-30T16:00:48.514+05:30 WARN (20CC-1848) <Thread-77> [LdapContextPoolFactory] Unable to connect to domain XXXX using service account yyy@XXXX.COM: javax.naming.NamingException: getGssapiDirContextInstance, kerberos authentication failed for user: yyy@XXXX.COM, reason: Clients credentials have been revoked (18) [Root exception is javax.security.auth.login.LoginException: Clients credentials have been revoked (18)]2022-11-30T16:00:48.515+05:30 INFO (20CC-1848) <Thread-77> [ActiveDirectoryLocationOptimizer] updateServiceAccountStatus, updating service account status for domain XXXX.com: AdDomainAccountStatus [netbiosName=XXXX, loginName=yyy, isPrimary=true, isActive=false]<notifyNewDomain-updateDomainMaps> [ActiveDirectoryTopologyManager] getDomainMap, failed to get domain map for XXXX due to error: javax.naming.NamingException: getGssapiDirContextInstance, kerberos authentication failed for user: yyy@XXXX.com, reason: Pre-authentication information was invalid (24) [Root exception is javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)] com.desktone.directory.service.ActiveDirectoryTopologyManager.getDomainMap(ActiveDirectoryTopologyManager.java:253)com.desktone.directory.exception.InvalidADDomainConfigException: javax.naming.NamingException: getGssapiDirContextInstance, kerberos authentication failed for user: yyy@XXXX.com, reason: Pre-authentication information was invalid (24) [Root exception is javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)]
This issue is caused by using wrong encryption while storing Secondary Credentials.
Upgrade the Horizon Connection Server to 8.8
Disable no trust domain feature by making below changes in ADLDS. Connect to LDAP instance of the Connection Server.In CN=Common,OU=Global,OU=Properties,DC=vdi,DC=vmware,DC=int, for the attribute: pae-NameValuePair, Add the below value: cs-noTrustDomainFeatureEnabled=0 or cs-noTrustDomainFeatureEnabled=false Restart the connection server services in all the connection servers.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
