If you have Active Directory trusts within the domain that your VMware Horizon View Connection Server is joined to, you may have noticed these additional trusted domain within View Administrator.

You may also have seen them in the domain drop down box in the View Client and HTML Access login dialogs.

 

In many cases these domains are not required to logon to Horizon View virtual desktops and ideally to make this cleaner and simpler for users these domains should be excluded.

 

If you see the domain with a "Red" status indicator within View Administrator, this means that while the domain is trusted, the View connection server cannot reach any domain controllers in that domain to authenticate users.

 

 

 

In my below example I have 3 domains, 2 of which are trusted unreachable domain. I am going to exclude these 2 domain from all View connection servers.

The domain names below have been edited to fictitious names as I took the screenshots from a customer environment.

 

I have 3 domains:

abc.com

company-abc.local

company-zyx.com

 

abc.com is the actual domain used to authenticate users to desktops. The other 2 domains company-abc.local and company-xyz.com are trusted domains which are not used for View and should not be available to the end user.

 

 

Logon to View Administrator

https://VIEWCS1/admin

You will see the 3 domains under system health, we will be remove the 2 domains from here. 

 

 

 

Within View Client you can also currently see the 3 domains.

 

The 3 domains can also be seen within HTML Access

 

 

We will now exclude the 2 domains from all View Connection servers. Note you can either do this on a per connection server basis, or for the cluster of connection servers (including when you add new ones).

 

 

1. Open an administrator command prompt the following location:

 

C:\Program Files\VMware\VMware View\Server\tools\bin

 

 

2. List the current domain list with VDMADMIN

 

vdmadmin.exe -N -domains -list
Domain Configuration (VIEWCS1)
================================
Cluster Settings
   Include:
   Exclude:
   Search :

Broker Settings: VIEWCS1
   Include:
   Exclude:
   Search :

 

 

3. Now exclude both of the domains from all View connection servers in the cluster:


vdmadmin.exe -N -domains -exclude -domain COMPANY-ABC.LOCAL -add
The domain COMPANY-ABC.LOCAL has been added to the exclude list for the cluster.

 

vdmadmin.exe -N -domains -exclude -domain COMPANY-XYZ.COM -add
The domain COMPANY-XYZ.COM has been added to the exclude list for the cluster.

 

 

5. Re-run the VDMADMIN domain list command and check the domains have been excluded:

 

vdmadmin.exe -N -domains -list
Domain Configuration (VIEWCS1)
================================
Cluster Settings
   Include:
(*)Exclude:
     COMPANY-ABC.LOCAL
     COMPANY-XYZ.LOCAL
   Search :

Broker Settings: VIEWCS1
   Include:
   Exclude:
   Search :

 

 

 

6. Finally confirm that the domains have been excluded from View Administrator, View Client and HTML Access.

All that should remain is our required abc.com domain which all users will use to authenticate to virtual desktops.

 

 

 

 

 

 

 

 

 

 

 

 

 

Share this blog post on social media:

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2016 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes