I have recently set up a ovirt 4.1 environment to test vm sso.

spec:

* host: centos 7.3.1611

* ovirt-engine: commit af393b7d3a494917dbda33a06813e8e8a8c6698a from branch ovirt-engine-4.1 , self compiled.

* vdsm: vdsm-4.19.10.1-1.el7.centos.x86_64

* windows 2008 r2 with active directory setup(domain name is "ply.local", test user is "ply@ply.local")

* windows 7 vm with guest tools setup using ovirt-guest-tools-iso-4.1-3.fc24.noarch

I can add AD to ovirt engine successfully using ovirt-engine-extension-aaa-ldap-setup tool.[1]

After adding AD domain to windows7 vm, I can login manually using AD user with no problem.

I can see the logs[2] when I login in to userportal with AD user, and spice client pop up automatically.

But the spice client just stops at the windows7 login screen. asking for password.

In the vm, vdagent and vdservice are all running fine. I can provide guest agent logs if needed.

So, anyone can point me to the right direction?

cheers

[1]: see attachment: ovirt-engine-extension-aaa-ldap-setup-20170507034924-w5fwc9.log

[2]: see attachment: vdsm-log,ovirt-engine-log