VMware Horizon Cloud with Hosted Infrastructure supports two types of cloning mechanisms for non-persistent desktop types; Traditional Clones and Instant Clones.
When choosing the Traditional Clone type, all the VM’s in the desktop pool are fully cloned from the Master Image. When a user logs off, the VM be reset to default. This means the VM will be deleted and recreated with a full clone from the Master Image.
VMware Instant Clone Technology gives admins the ability to rapidly clone and deploy virtual desktops, as much as 10x faster than using Traditional Clones. Instant Clone Technology uses rapid in-memory cloning of running virtual machines and copy-on-write to quickly deploy clones of the parent Master Image.
When using the Instant Clone type, The VM’s are “forked” from a quiesced Master Image VM which still is in a running state, and never go through a power-on operation.
Because of the nature of Instant Clones, the cloned VM’s are not powered on, like Traditional Clones.
The result is the user and machine GPO processing has not taken place yet when the VM is ready for use. Of course, this can be a real problem when the end-user logs on to the virtual desktop.
During the creation of the Instant Clone Master Image, an “it” AD object (it%randomnumber%) is created in the “Default OU” of Active Directory.
The Default OU is found in the HorizonAdmin portal under Settings -> Active Directory field. When you do not configure anything, the AD object will be created in the default Computers OU.
When having multiple Instant Clone images, there are also multiple AD objects. To see which AD object belongs to the corresponding image, you can right-click the AD object and select the Attribute Editor tab. You can look at the Attribute “whenCreated” to see the date the object is created.
To automatically have the GPO’s applied on the cloned VM’s, VMware recommends placing the “it” AD object(s) in the same OU as the cloned VM’s. In other words, the same OU where the GPO’s are applied on. This should be sufficient for most environments.
If this is still not working, there is an easy workaround which you can also use.
When editing the desktop pool, click Advanced Properties, you have the field “Run Once Script”
It’s here you can fill in the command line: C:\Windows\System32\gpupdate /force
Note: For Horizon DaaS 9.x and newer, you can get the message “SVI Customization in progress or has failed” on all VDI desktops inside your desktop pool.
Solution: Create a CMD script with a GPUPDATE /Force inside.
Start the script via the Run Once Script option with the command: cmd /c \\<ScriptShare>\<Scriptname> (can also be a local folder and file on the image)
This command line will force the user and machine GPO settings immediately after the VM clone process is completed.