VDI Refresh Failures: Rare Issue with Machines Using the Same Computer Name

SysAdmin |

Citrix VMware What I Learned Today

One of the key features of a VDI solution is it’s ability to refresh a machine back to a golden image standard. Often times this is used as a nightly or weekly reboot to maintain a clean logon experience for users and prevent against configuration drift. VDI refresh failures can wreak havoc on a successful VDI implementation and even cause logon failures if the refresh fails completely.

What causes VDI Refresh Failures?

Many things can cause a VDI Refresh failure. The most likely culprits include;

  • Network connectivity to an AD server
    • Potentially from DHCP failures
    • Potentially from DNS failures
    • Potentially from network drivers not loading (note only VMXNET3 is supported on recompose/instant clones)
    • Potentially from Firewall issues (Windows or Hardware)
    • Potentially from conflicts with Anti-Virus, EDR, MDR, or XDR software
  • Insufficient permissions for the AD account

The latter is what we’ll be addressing today. The obvious portion of adding the correct permissions is well documented as the account used to domain join accounts will need the ability to create/delete machine accounts in the Organizational Unit (OU), where the VDIs will reside. This is well documented via Carl Stalhood’s documentation at Active Directory Delegation.

The curveball, is as of October 11th 2022, Windows patched (Windows KB5020276)a vulnerability that effectively limits the accounts that can join a computer to the domain with a computer name that exists in Active Directory.

How to fix VDI Refresh Failures: Domain Rejoin

If you’re Domain Controllers have this patch applied, you’ll need to perform the following actions.

  • Create an Active Directory Security Group that’s members will be allowed to re-use computer accounts in the domain join process
  • Create a GPO that assigns the Security Group the rights to perform this function.
    • Computer Configuration > Windows Settings > Local Policies > Security Options
      • Domain controller: Allow domain account re-use during domain joining 
VDI Refresh Failures: Rare Issue with Machines Using the Same Computer Name 1
VDI Refresh Failures: Rare Issue with Machines Using the Same Computer Name 3

Omnissa’s article on this is a bit difficult to find, so here’s to hoping the search engine gods help you find this article via IT Benchmarq. https://kb.omnissa.com/s/article/92214

Virtual Desktop Services | Citrix

Related Posts