Came across an interesting issue where we were unable to remove user entitlements from the VMware View connection server. Was able to resolve the issue by manually removing the user from the adam database. The probable cause of the issue is due to replication failures between the connection servers.
To manually remove user entitlements and the user account from the connection broker follow the below instructions:
NOTE: Editing the Adam database is quite risky and can lead to rebuilding the entire VDI environment. Ensure you have a working backup of the adam database before making any changes.
- Login to connection server and launch ADSI Edit. Usually under Control Panel\System and Security\Administrative Tools
- Select Action->Connect to
- Use the below information to connect to the View adam database(Refer screenshot)
Name: [Name of the connection server]
Connection Point: Choose “Select or type a Distinguished Name or Naming Context:”, type “dc=vdi,dc=vmware,dc=int”
Computer: Choose “Select or type a domain or server:….”, type “localhost:389”
- Navigate to OU=Applications under “DC=vdi,dc=vmware,dc=int”
- Double click the pool from which the user entitlement needs to be removed. The pool name will be listed as, “CN=[pool name]”
- Double click the “member” attribute.
- Select the user from the list and click “Remove”.
8. Click Apply and then OK. 9. Right click the connection and select New->Query.
- Use the below information to search for the User prinicipal that needs to be removed:
Name: UserSearch
Root of Search: Click browse and select ForeignSecurityPrincipals
(CN=ForeignSecurityPrincipals,DC=vdi,DC=vmware,DC=int)
Query String: Type “description=*User=[username]*” . Replace [username] with the username that you are trying to delete.
Query Scope: Subtree search
12. Double click “UserSearch”. This will list any user principal containers matching the user that you typed in earlier. 13. Compare the SID to the user SID in active directory. If they match, right click the container and select “Delete”. 14. Refresh the View Administrator page. The user should now be removed.