Symptoms
This can occur with multiple Active Directory sites environment where the virtual machine account creation and customization happen on different sites when the virtual machines are not yet fully replicated.The agent attempts communication with a DC that is not in the current site.This is sporadic and happens to a handful of machines that are provisioned. The majority succeed.You have implemented the following solution : AD_FAULT_FATAL - unable to create connection pool Instant Clone Creation Error (2147129)
In the instant clone agent logs, you see entries similar to:
2023-05-12T08:38:26.356-04:00 DEBUG (0C98-0CEC) <3308> [vmware-svi-ga] svmga::core::windows::DomainJoin::VerifyTrustEx(): Attempting trust verification with server preferred DC dc.domain.com
2023-05-12T08:38:26.356-04:00 ERROR (0C98-0CEC) <3308> [vmware-svi-ga] svmga::core::windows::DomainJoin::VerifyTrustWithPreferredDc(): DC dc.domain.com not found in current site.Skipping trust verify with preferred dc.
2023-05-12T08:38:26.356-04:00 DEBUG (0C98-0CEC) <3308> [vmware-svi-ga] svmga::core::windows::DomainJoin::VerifyTrustEx(): Attempting trust verification with agent preferred DC dc.domain.com
2023-05-12T08:38:26.356-04:00 ERROR (0C98-0CEC) <3308> [vmware-svi-ga] svmga::core::windows::DomainJoin::VerifyTrustWithPreferredDc(): DC host.domain.com not found in current site.Skipping trust verify with preferred dc.
2023-05-12T08:38:26.356-04:00 WARN (0C98-0CEC) <3308> [vmware-svi-ga] svmga::common::windows::registry::ExistingRegKey::ReadDwordValue(): CloneMachinePasswordChanged Does Not Exist
Cause
Horizon relies on API calls to the active directory to process jobs in a timely manner.Environmental Matters and Customization Issues can have varied causes, This matter may be due to a misconfigured dc, a recently removed DC or Network Latency / other similar resource bottlenecks for intermittent errors of this kind.
Resolution
Identify and rectify the source of the latency.
Workaround
Domain verification Retry MechanismThese are values to apply to your golden image if you encounter the symptom and error outlined in this article.Note: Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine
Registry Path\HKLM\SYSTEM\CurrentControlSet\services vmware-viewcomposer-gaValue Type REG_DWORDTrustVerifyRetries5TrustVerifyDelay5000
This will configure an agent side retry with a delay of 5000ms.
