Description of problem: see title Version-Release number of selected component (if applicable): ovirt-guest-tools-iso-4.1-3.fc24.noarch How reproducible: 100% Steps to Reproduce: 1. setup windows 2008 r2 with active directory setup.(including dns settings of LAN) 2. add AD to ovirt engine using ovirt-engine-extension-aaa-ldap-setup tool. 3. create windows 7 vm. 4. install ovirt-guest-tools-iso-4.1-3.fc24.noarch in windows 7 vm. 5. add AD domain to windows7 vm. 6. add an AD user to engine with UserRole. 7. Login to userportal using the AD user and spice client opens automatically. Actual results: spice client shows login screen, user is not logged into desktop. Expected results: user is logged into desktop. Additional info: the guest agent log(C:\Windows\SysWOW64\ovirt-guest-agent.log) shows the following when vdsm sends the 'login' command to vm via virtio port: //begin log Dummy-2::INFO::2017-05-07 21:31:13,756::OVirtAgentLogic::321::root::Received an external command: login... Dummy-2::ERROR::2017-05-07 21:31:14,756::GuestAgentWin32::311::root::Error writing credentials to pipe [1/3] (error = 2) Dummy-2::ERROR::2017-05-07 21:31:15,756::GuestAgentWin32::311::root::Error writing credentials to pipe [2/3] (error = 2) Dummy-2::ERROR::2017-05-07 21:31:16,755::GuestAgentWin32::311::root::Error writing credentials to pipe [3/3] (error = 2) //end log According to https://github.com/oVirt/ovirt-guest-agent/blob/ovirt-4.1/ovirt-guest-agent/GuestAgentWin32.py#L315 , The reason of failed writing credentials is that the pip "\\\\.\\pipe\\VDSMDPipe" is not created in the first place, which is the responsibility of credential provider dll(windows7 environment in my case). But the dll is not included in ovirt-guest-tools-iso-4.1-3.fc24.noarch, Nor can I find anywhere in the system after guest tools is installed. I fond that the package ovirt-guest-agent-windows contains the dll file(oVirtCredentialsProvider32/64.dll), but i test it with no luck, or maybe I just don't know how to properly install it. anyway, it is not included in the guest-tools-iso package. BTW: After I tested the dll from https://github.com/Seitanas/kvm-vdi/blob/master/guest_agent/README.md, the windows 7 sso worked perfectly.
Moving to ovirt-guest-agent, since according to the report: I fond that the package ovirt-guest-agent-windows contains the dll file(oVirtCredentialsProvider32/64.dll) So the credential provider should be already there but not working.
Hi Sandro Bonazzola: Just to be clear that I tested the credential provider under windows 7 sp1 x64, so should the summary be renamed to windows7 instead of windows 2008 ?
First of all - Windows Servers aren't really targets for SSO features - Even if it might work it's not recommended to use. Anyway the problem is not that they are not working the problem is that they aren't installed, and from what I saw that they aren't even included in the ISO even though they are built in ovirt-guest-agent-windows This is about to be addressed by tgolembi
1: since the engine SSO has been implemented, the VM SSO only works in certain cases (e.g. if you are not logged in using some other service) 2: windows server is not a primary target for SSO Due to this two facts, pushing out of 4.2 and moving to 4.3 to re-evaluate.
The guest agent is going away in 4.3 in favor of the qemu guest agent, so this will not be resolved