No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

Failed to Log In to the Client Because the Password of the Member Account of the Desktop Cloud R005C10SPC200 Domain Expires

Publication Date:  2018-10-22  |   Views:  301  |   Downloads:  0  |   Document ID:  EKB1001937001

Contents

Issue Description

A user delivers 50 VMs in linked clone mode. When a problem occurs, the user cannot log in to the VM from the TC. After the username and password are entered, the login page cannot be displayed, and no error is reported.

Alarm Information

The AD component is abnormal on the home page of the FA management console.

Handling Process

Step 1 If an AD error is reported on the FusionAccess management console, log in to the AD infrastructure VM using the domain administrator account and enter the username and password to log in to the VM. A message is displayed indicating that the password has expired. Change the password. After the modification, log in to the system and check whether the domain services are normal.

Step 2 A message is displayed indicating that the password has expired when users log in to the system using the domain administrator account. However, the VM can be logged in to in previous days, the configuration is the same as that when the problem occurs. The verification shows that the domain account passwords of services, such as ITA and Tomcat have expired.

Step 3 Log in to the AD infrastructure VM using the domain administrator account. Find the domain accounts in the OU and set their passwords to never expire.
(Change the password of the TC login account created for the user as well.)

Step 4 Go to the FusionAccess management console, choose System > Domain/OU, and change settings in the Operation column of the corresponding domain. Enter the new domain administrator account password in the Password text box, and click OK. If the domain account passwords of services, such as Tomcat, are changed, choose System > Tomcat and enter the new password. Click OK.

Step 5 After a while, check alarm information on the FusionAccess management console. The error information is cleared after the modification. However, the user still cannot log in to the TC. The problem persists after restart of the corresponding domain services, Tomcat listening service, and AD infrastructure VM.

Step 6 R&D experts remotely check the onsite configuration. After confirming that no exception occurs in the system, choose System > Desktop Components > WI Information and change settings on FusionAccess. Click OK. Then, the user can log in to the TC.

Root Cause

The member account created in the domain OU is not set to never expire. As a result, the account password becomes invalid after the default 42-day validate period.

Solution

1. Change passwords of the domain OU member accounts to Password never expires.

2. If the passwords of the Tomcat service domain account (ITAServiceUser) and domain administrator account (vdsadmin) have been changed, change passwords in the system management bar on the FusionAccess management console accordingly.

3. Save the WI information of the desktop components.

Suggestions

In the FusionCloud Product Documentation, when a member is created in the domain OU, no message is displayed indicating that you must select Password never expires for password security. If the customer does not require high security, select Password never expires. Otherwise, a FusionAccess alarm is generated and the client cannot be logged in. In this case, additional maintenance is required, and desktop cloud product experience deteriorates.