BugZero | VMware BugID 92336 - Thin Client Autologon Local Account generates 4625...

VMware - Defect ID: 92336

Thin Client Autologon Local Account generates 4625 and 4776 events on Horizon Client Login

VMware - Defect ID: 92336

Thin Client Autologon Local Account generates 4625 and 4776 events on Horizon Client Login

Last updated on 5/12/2023

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptoms

Autologin is enabled on your Thin Client to login with a local accountEnd users then authenticate to Horizon with individual credentials.Authentication Attempts to the domain are seen from the local Thin Client AccountRadius is enabled and these events cease when Radius is turned off.Windows security logs on the domain controller shows two events that occur. Event ID 4625 and 4776, showing failed logon type 3. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 5/12/2023 1:09:56 PM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: test.computer.com Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: ThinClientLocalAccount Account Domain: thinclient You see the following error in the Connection Server Trace level logs: Location of Horizon View log files (1027744)Changing the log file behavior in the VMware Horizon components (1025887) 2023-05-17T14:21:19.792-04:00 TRACE (0300-21B0) <ajp-nio-127.0.0.1-8009-exec-19> [ProperoAuthFilter] (SESSION:0f48_***_6f3c) Authentication type(s) used for initial authentication ([RADIUS, windows-password]) do not match this authentication type (gssapi) and SSO families AD_PASSWORD and NONE also do not match

Purpose

To highlight a potential issue with a certain type of environmental configuration.

Cause

The Horizon Client Software gathers information about the Client System which is delivered to the Virtual Desktop. Please refer to the documentation for a complete list of values: Client System Information Sent to Remote DesktopsThe client called several Windows APIs (e.g. DsRoleGetPrimaryDomainInformation, GetUserNameEx and GetComputerObjectName, etc.) to retrieves the state data for the client user and computer.This data is sent to Connection Server or used to support client features.

Resolution

These values are sent for a feature that restricts entitlement to RDSH app and desktops using computer account names. Implementing Client Restrictions for Desktop Pools, Published Desktops, and Application Pools You can skip sending these values with the following key after an appropriate backup. Registry Path HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Client Registry Name ClientInfoSkipMachineDN Registry Type REG_DWORD Registry Value 00000001

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

VMware - Defect ID: 92336

Thin Client Autologon Local Account generates 4625 and 4776 events on Horizon Client Login

VMware - Defect ID: 92336

Thin Client Autologon Local Account generates 4625 and 4776 events on Horizon Client Login

Last updated on 5/12/2023

Vendor details

Vendor details

Description

Symptoms

Purpose

Cause

Resolution

Links

Top VMware defects by risk score

Ready to prevent the next vendor outage?