1

I've been trying to make this work for like 2 days and still no luck from google and searching...

i have a windows 7 VM in hyperV ready and generalized to use as my collection template. when im following the wizard for creating virtual desktop collection at some point i get to chose my organizational unit (OU) since im going with defaults i have none so it shows "-" and i chose it then follow the wizard till the end but the installation progress fails everytime with following error:

Failed: RD Connection Broker could not create the computer account object in Active Directory Domain Services (AD DS). Ensure that the RD Connection Broker computer account has permissions to create computer accounts in the organizational unit (OU), the RD Connection Broker server can contact AD DS, and a duplicate computer account object does not exist in a different OU.

i couldnt find a way to give these permissions to RDCB... any advice?

user3001414
  • 43
  • 2
  • 7

1 Answers1

1

Check that the connection broker can actually contact the DC. It needs the same ports for AD as everything else and access to a non-RODC.

The permission your server account needs is simple. In the delegation dialogue for your domain, create a custom delegation. The permission you need for it is create computer objects; look under computer objects and select the grant checkbox for create. You can delegate it for your whole domain, or just the OU containing your RDP pool.

Although you don't currently have any OUs, you really ought to create a new one for tasks like this. That way, if you want to apply a GPO to your RDP boxes (to force RDP authentication, rename local admin, etc.), they are all in one place and isolated from other computers (like your servers and workstations).

Make sure your naming convention is appropriate and not creating duplicates, like the error says, as well. Duplicates can be created when you attempt to reuse old names as well, if the computer accounts have not been deleted, though I don't ever recall this being a real practical problem.

Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
  • i tried to do the delegation for whole domain but still i get the same error. i also tried to remove active directory before and start with a new forest name and start all over again but still getting same error... – user3001414 Dec 10 '13 at 14:04
  • somehow there was a problem with my DNS settings that RDCB couldn't contact active directory. it is fixed now... thanks for the tips – user3001414 Dec 10 '13 at 17:07