Workspace consists of several virtual machines, time synchronization between them is crucial. At the moment, when time is diffrent between machines, according to what is written in the KB , there is a situation in which the SAML authentication request is rejected. The result is the following error:
In contrast to earlier versions of Horizon Workspace, which required that each machine was running ntpd service, version 1.8 was abandoned in favor of the time synchronization of ESXi hosts. With one exception, the default service-va is not sync time with ESXi, they has the ntpd service is running and configured with external time servers. Well, yes, but as a kind of internal network is there to sync? You can of course set a proxy server, but it is easier to change the configuration on the local server and restart the service.
When the time is now correctly synchronized between machines, everything starts to operate normally, we do not need to perform the steps described in that KB . The correctness of the synchronization time (and other parameters), we can control on the Horizon Configurator (https://configurator-va/cfg/system ) -> System Information:
When the “Relative Drift” will be greater than 30 seconds, we have a problem.
Was this information is helpful? Tell me, please leave a comment!