多域场景下,虚拟机未注册报1017错误

发布时间:  2014-10-29 浏览次数:  151 下载次数:  0
问题描述
北京某桌面云客户,使用多域场景下发虚拟机,发放的虚拟机中,32位模板发放的虚拟机可以正常登录,64位模板发放的虚拟机处于未注册状态。
告警信息
处理过程
1. 32位模板发放的虚拟机可以正常登录,64位模板发放的虚拟机处于未注册状态,说明域之间的互信配置没有问题。
2. 查看Windows应用程序日志,有Event ID为1017的Warning日志打印,虚拟机无法自动向DDC上完成注册。
3. 进一步分析VDA日志,虚拟机可以正常读取DDC列表,但在向DDC注册时,无法获取有效的DDC进行注册。
[  17] 16/10/14 14:27:36.6849 : Workstation Agent:Creating controller info for 2 controllers
[  17] 16/10/14 14:27:36.7005 : Workstation Agent:Attempting to validate controller XXXX-FA-DB02 by looking up (&(objectCategory=computer)(cn=XXXX-FA-DB02)) filter in AD
[  17] 16/10/14 14:27:36.7005 : Workstation Agent:Attempting to validate controller XXXX-FA-DB02 by looking up (&(objectCategory=computer)(dNSHostName=XXXX-FA-DB02*)) filter in AD
[  17] 16/10/14 14:27:36.8568 : Workstation Agent:Failed to find controller XXXX-FA-DB02.huawei.com.cn in AD, skipping...
[  17] 16/10/14 14:27:36.8568 : Workstation Agent:Attempting to validate controller XXXX-FA-DB01 by looking up (&(objectCategory=computer)(cn=XXXX-FA-DB01)) filter in AD
[  17] 16/10/14 14:27:36.8568 : Workstation Agent:Attempting to validate controller XXXX-FA-DB01 by looking up (&(objectCategory=computer)(dNSHostName=XXXX-FA-DB01*)) filter in AD
[  17] 16/10/14 14:27:37.0287 : Workstation Agent:Failed to find controller XXXX-FA-DB01.huawei.com.cn in AD, skipping...
[  17] 16/10/14 14:27:37.0287 : Workstation Agent:VDARegistryBasedFarm - FindControllers - entry
[  17] 16/10/14 14:27:37.0287 : Workstation Agent:FindControllers – exit
4. 网上查询相关案例,关于多域配置,Citrix官方文档上要求,在VDA上应该增加如下配置:
On the Virtual Desktop Agent
1) Use the following registry value on the VDA to enable support for DDCs located in a separate forest.
For a 32-bit VDA
HKEY_LOCAL_MACHINE\Software\Citrix\VirtualDesktopAgent\SupportMultipleForest (REG_DWORD)
For a 64-bit VDA
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\VirtualDesktopAgent\SupportMultipleForest (REG_DWORD)
To enable support for DDCs located in a separate forest; this value must be present and set to 1.
2) You must also edit the <ProgramFiles>\Citrix\Virtual Desktop Agent\WorkstationAgent.exe.config file as explained in the following procedure:
Note: The brokeragent.exe.config file is used for XenDesktop 7.x and later.
1. Make a backup of this file.
2. Open the file in a text editor, such as Notepad.
3. Search for the line containing the text allowNtlm=”false”.
4. Change allowNtlm=”false” to allowNtlm=”true”.
5. Save the file.
3) After changing the SupportMultipleForest value and editing the configuration file, you must restart the Citrix Desktop Service for the change to have an effect.
Note: You can also set the SupportMultipleForest registry entry on the DDCs and on the VDAs using a group policy.
5. 在出问题的64位的虚拟机上增加注册表项值,重启Citrix Desktop Service,问题解决。
6. 进一步分析SupportMultipleForest丢失的原因,应该是在制作模板时,没有勾选“支持多域”,需要重做模板。(32位模板即使没有该键值也可以正常注册,应该是Citrix没有做严格限制)
解决方案
  • 临时解决措施:在虚拟机上增加注册表项值:HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\VirtualDesktopAgent\SupportMultipleForest (REG_DWORD:值为1),重启Citrix Desktop Service服务。
  • 最终解决措施:重新制作模板,在模板制作工具中勾选“支持多域”。

END