“Your user account is disabled” error is thrown after upgrading VMware Horizon View to 6.2.0 or 6.2.1

Problem

I recently ran into an issue while upgrading VMware Horizon View to 6.2.0 and 6.2.1 when I noticed that user accounts from other Active Directory domains within the same forest of the domain you have VMware Horizon View installed on are no longer able to log into their virtual desktops with the following error message thrown:

Your user account is disabled

image

Logging into VMware Horizon View continued to work as expected with accounts that belonged to the same domain the server was installed in.

Solution

Searching through the internet revealed that there did not appear to be any official VMware KB article describing this issue and the only two posts related to this error did not contain any resolution:

https://communities.vmware.com/thread/532241?start=0&tstart=0

https://communities.vmware.com/thread/520384?start=0&tstart=0

Having exhausted all options, I decided to rollback the environment to 6.0.1 then opened up a ticket with VMware (case #: 16955248704). What was strange was that when I finally spoke to an engineer, the first thing they asked was whether we had domain issues and when I told him no, he told me there was no such known issue for 6.2.0 and 6.2.1. After sending the engineer the forum posts included above and waiting for a week, the engineer finally emailed me and said this was indeed a known issue and that the only way around it was to upgrade to version 7. I’m not exactly sure if there is a workaround for the earlier versions but the engineer did not provide me with one so I’m going to assume he’s correct.

Hope this post helps anyone who might run into this issue during an upgrade.

3 Responses

  1. We encountered this as well. The solution that worked for us was giving the connection servers computer object in AD proper permissions to read our user accounts.

  2. Hi,
    Wondered if you had any details in on how you gave the computer accounts access to the AD accounts?
    Was it thought delegate access in AD?