I came across this error in the field when using TrueSSO for Horizon desktops.
Symptom – error message “The request is not supported” is displayed during login to virtual desktop. True SSO fails and user has to enter credentials to authenticate.
Checked the TrueSSO logs in the following locations:
Connection Server ‒%PROGRAMDATA%\VMware\VDM\logs\debug-xxxxxx.txt
Enrolment Server ‒%PROGRAMDATA%\VMware\VDM\logs\debug-xxxxxx.txt
View Agent ‒%PROGRAMDATA%\VMware\VDM\logs\debug-xxxxxx.txt
No errors found and the flow looks o.k.
However after checking the domain controller log, found an error:
05/08/2018 11:48:31 AM
TaskCategory=The operation completed successfully.
OpCode=The operation completed successfully.
Message=This event indicates an attempt was made to use smartcard logon, but the KDC is unable to use the PKINIT protocol because it is missing a suitable certificate.
Resolution – You need to have the Domain Controller Authentication certificate on all the domain controllers. To enroll for a new certificate follow the below steps.
- On the domain controller, open mmc.
- Click File, Click Add/Remove Snap-in.
- Select Certificates, click Add, then select Computer account.
- Expand Certificates (Local Computer), right-click Personal, click All Tasks, and then click Request New Certificate.
- Press Next.
- Select Domain Controller Authentication and press Enroll.
Note: If you do not see the Domain Controller Authentication on the Auto Enrollment in the Domain Controller certificate mmc, you need to go to Certificate Authority server and add the domain controller in the security of the Domain Controller Authentication Template and give AutoEnroll permissions.