Horizon VIEW One Way Trust Step by Step

Horizon One-Way Trust Setup Procedure

As of the original state, there are two separate domains named CX.lab and VMware.lab correspondingly which there are no trust in-between. While a Horizon Environment is setup on the CX.lab domain, the domain user can connect remote hosted application. And the objective of the work is to enable the VMware.lab domain user to use the Horizon environment from the CX.lab.

word-image

As from the original state, I set up a Horizon 6.2 environment which is the first version we support the One-Way-Trust among domains. And originally, only CX.lab user can be found and entitled from the Horizon View Connection Server.

word-image-1

And Of course, only User from CX domain can login the Horizon View Client

word-image-1

And use the application available and entitled from the Horizon View

word-image-2

In order to let the VMware.lab user to use the CX.lab Horizon Provisioned Virtual Desktop or Hosted Application, we have to setup the One Way Trust from CX.lab to VMware.lab.

../../Personal/blog/one%20way%20trust%20(ad).jpg

Do this DNS Configuration from the CX.lab Domain Controller

Firstly, you have to configure the DNS for the Zone Transfers to let CX.lab resolving Domain.lab environment and actually we need to do this in opposite bit later. I added the DC from the VMware.lab domain under the Zone Transfers to allow the Zone Transfer. No worry that you see a Red Cross as it is expected when no permission is granted yet.

word-image-4

Create a New Zone from the CX.lab

word-image-5

Click Next to proceed the Setup of the New Zone

word-image-6

Choose a Secondary Zone for the VMware.lab

word-image-7

Of couse, input the VMware.lab

word-image-8

Input the DC of the VMware.lab

word-image-9

Confirm the setup

word-image-10

Do this DNS Configuration from the VMware.lab Domain Controller

Create a New Zone from the VMware.lab to connect to the CX.lab DNS Server in opposite

word-image-11

Click Next to proceed the Wizard

word-image-12

Choose a Secondary Zone for connecting to the CX.lab Domain

word-image-13

Type the CX.lab Domain to connect to

word-image-14

And provide a domain controller IP from CX.lab domain to connect to

word-image-15

Press Finished to confirm the setup

word-image-16

If the Setup is correctly done, you can double check the Zone Transfer status and it should be green now.

word-image-17

Do this AD Configuration from the CX.lab Domain Controller

Then we need to configure the AD Trust to establish the one way trust from the CX.lab to VMware.lab

word-image-18

You have to open the “Active Directory Domains and Trusts” and edit the domain trust from the property of the domain object which is the CX.lab.

word-image-19

Click the “Trusts” tab

word-image-20

Click The “New Trust” to establish new trust

word-image-21

Press Next to proceed the Setup

word-image-22

Input VMware.lab as you need CX.lab trust VMware.lab

word-image-23

You can either choose “Forest Trust” or “External Trust”, this depends on the security level you can accept. But I use “External Trust” to making the security control more straighten.

word-image-24

Choose “One-way: Outgoing”

word-image-25

Choose “Both this domain and the specified domain”

word-image-26

Provide the domain admin user credential to establish the trust from CX.lab to VMware.lab

word-image-27

Select “Domain-wide Authentication”

word-image-28

Press Next to confirm the setup

word-image-29

STOP Right HERE

Do this AD Configuration from the VMware.lab Domain Controller

Go back to the Active Directory Domains and Trusts and you can see a new “incoming trust” from the “Trust” tab. Click the item and select the “Properties”.

word-image-30

Click the “Validate” button to confirm the One-way-trust request

word-image-31

Input the domain admin username and password to validate

word-image-32

You can see the following message when the validation is successful

word-image-33

Go back to CX.lab Domain Controller to proceed the setup

Confirming the trust

word-image-34

Press Finished to complete the setup

word-image-35

Press OK to confirm the message

word-image-36

As an end result, you can see the VMware.lab Domain from the CX.lab Domain

word-image-37

So we can now start entitling the VMware.lab user into the CX.lab Domain

Entitling VMware.lab user into Horizon View

So after the one way trust setup, you need to configure the Horizon View Connection Server futher thru’ View PowerCLI

word-image-38

You need to use the following command to enabling the one-way-trust credential in the Connection Server.

“vdmadmin –T domainauth –add –owner <View Admin> -user <Remote-Domain-Admin> -password <Remote-Domain-Admin Password>”

word-image-39

Restart the Connection Server Services

word-image-40

On logging into the view admin page again, you can see the second domain already.

word-image-41

And you can entitle application to the User is the VMware.lab Domain now.

word-image-42

You can login the Horizon View with the VMware.lab domain

word-image-43

But you will find warning as the Hosted Application Does not allow the VMware.lab domain to login yet

word-image-44

This is why you have to add the VMware.lab domain users into the RDS Hosts

word-image-45

Afterwards, you would able to launch your app successfully

word-image-46

Awaiting too long for this!!! vCenter HA – Part 4
Pay Attention! vRealize Automation 7.2 Deployment Highlight

Leave a Reply

Your email address will not be published / Required fields are marked *