Solved by the additional configuration in https://github.com/Seitanas/kvm-vdi/blob/master/guest_agent/README.md

It seems that ovirt-guest-tools-iso-4.1-3.fc24.noarch doesn't provide any credential providers dll, is there any reason why it's not included in the upstream ?

thanks

2017-05-07 21:47 GMT+08:00 plysan <plysab@gmail.com>:
OK, seems the problem is in guest agent:

after login in vm manually, I see the following logs in C:\Windows\SysWOW64\ovirt-guest-agent.log

//begin log
Dummy-1::INFO::2017-05-07 21:29:55,956::OVirtGuestService::84::root::Starting OVirt Guest Agent service
Dummy-2::INFO::2017-05-07 21:30:06,545::OVirtAgentLogic::321::root::Received an external command: api-version...
Dummy-2::INFO::2017-05-07 21:30:06,545::OVirtAgentLogic::117::root::API Version updated from 0 to 3
Dummy-2::INFO::2017-05-07 21:30:59,503::OVirtAgentLogic::321::root::Received an external command: lock-screen...
Dummy-2::INFO::2017-05-07 21:31:13,756::OVirtAgentLogic::321::root::Received an external command: login...
Dummy-2::ERROR::2017-05-07 21:31:14,756::GuestAgentWin32::311::root::Error writing credentials to pipe [1/3] (error = 2)
Dummy-2::ERROR::2017-05-07 21:31:15,756::GuestAgentWin32::311::root::Error writing credentials to pipe [2/3] (error = 2)
Dummy-2::ERROR::2017-05-07 21:31:16,755::GuestAgentWin32::311::root::Error writing credentials to pipe [3/3] (error = 2)
//end log

Digging into agent code to find the answer...



2017-05-07 16:28 GMT+08:00 plysan <plysab@gmail.com>:
Hi,

I have recently set up a ovirt 4.1 environment to test vm sso.

spec:
* host: centos 7.3.1611
* ovirt-engine: commit af393b7d3a494917dbda33a06813e8e8a8c6698a from branch ovirt-engine-4.1 , self compiled.
* vdsm: vdsm-4.19.10.1-1.el7.centos.x86_64
* windows 2008 r2 with active directory setup(domain name is "ply.local", test user is "ply@ply.local")
* windows 7 vm with guest tools setup using ovirt-guest-tools-iso-4.1-3.fc24.noarch

I can add AD to ovirt engine successfully using ovirt-engine-extension-aaa-ldap-setup tool.[1]
After adding AD domain to windows7 vm, I can login manually using AD user with no problem.

I can see the logs[2] when I login in to userportal with AD user, and spice client pop up automatically.
But the spice client just stops at the windows7 login screen. asking for password.
In the vm, vdagent and vdservice are all running fine. I can provide guest agent logs if needed.

So, anyone can point me to the right direction?

cheers


[1]: see attachment: ovirt-engine-extension-aaa-ldap-setup-20170507034924-w5fwc9.log
[2]: see attachment: vdsm-log,ovirt-engine-log