Building a VMware Horizon Workspace Lab – Part 3 Web Config

In my previous posts, I setup a new lab environment to run VMware Horizon and configured the vApp through the console so I could access the web interface of Horizon.  I left off at the ‘Begin Setup Wizard’ web interface, so that is where I will pick up.

Step 1:

  • Enter the license key from you received when you signed up for the eval.
  • Enter the admin user password you will use
  • Click Next

Step 2:

  • Click the continue with the Setup Wizard button
  • Select Internal Database for lab/testing purposes.  Selecting External will prompt you for  your DB connection string but is beyond the scope of the reviewers guide.



  • Enter your Active Directory information and click the Test Setting and Sync button.  The account you use for the Bind DN must have the email field filled in in your AD.  Also your base DN cannot be the entire domain (e.g. dc=domain,dc=tld) so set this to an existing OU.  I nested a group and users OU under a generic OU so I could search both from on base DN. *****MAKE NOTE OF YOUR BIND USER INFO*****
  • Click Next
  • On the map user attributes page, click next (this is where, if necessary, you could change the mappings between Horizon and AD)
  • On the select users page, click next
  • Add the groups you wish to have access and click Next.


  • Select how often you wish to synchronize AD and Horizon.  This (to me) means that your new AD users will not have immediate access to Horizon, but it appears as though you can manually sync later (TBD).
  • Review the users/groups being added and click Save and Continue.
  • Click the next link.
  • Click Next on the SSL cert page.
  • Click enable for Data and Web Applications (I am also selecting ThinApp as I will be interested in testing that later).
  • Click Next.
  • Click Go to Horizon Workspace.
  • Log into the Horizon web app



So I got a little hung up here, log in as…who?  I tried the admin user I created on the configurator  – no luck.  An account that is part of the AD group I added, nope that didn’t work either.  It was the service account I used in the Bind setup!  Also, I received an error about time drift being off, of course I forgot to enable NTP on my servers, so I went back and enabled NTP with the same servers:

Also, now that I am logged in and can review some settings, I see that one of my user accounts that is in my Horizon_users AD group has not been given permission.  I logged into the Connector web interface and found that the user account in question did not have a last name or email set in the AD attributes:

Missing required attributes {0} for {1}:Missing required attributes [lastName, email] for CN=username,OU=LAB_USERS,OU=LAB_ACCTS,DC=lwlab,DC=local

I had to go to Directory Sync, Sync Rules to run back through the wizard once I updated the AD account.  Another problem I had, my connector-va time was off, even though NTP was running and the correct time zone was set.  I had set each of my 3 hosts to sync to an external time source but was clearly having problems.  I set my Domain Controller as an authoritative time source and pointed each of the hosts to it, this seemed to correct the problem as a restart of all of the VMs brought them within 2-5 seconds of the configurator and persisted over 60 hours.

After resolving those two problems, I am able to log in as a regular user to my (albeit empty) Horizon gateway.


The next section of the guide, and probably the most fun/interesting part revolves around View integration, I am not running View so I will not be doing this (now).  Instead I will configure the ‘Data’ section, formerly known as Octopus (and still referenced as such in various config/setting places).