Issue Description

VM with restored mode that has joined AD domain is unable to login to Windows with domain account.

Error/Warning Information

When a domain user tries to log in with their domain account, Windows displays the message: "Login on this endpoint device is not allowed.".

Handling Process

1. Ensure that the related resources are already joined to the domain.
2. Perform testing by creating a VM with dedicated mode and restored mode. Try login with dedicated mode VM with domain credential, it is able to login successfully. But login with VM with restored mode, it is unable to login.
3. Check the AD server configuration and verify that the privileges are granted for all PCs.
4. Try to login into the VDI client using the AD domain credentials. It is able to login to the restored mode VM successfully.

Root Cause

For VMs in restored mode, users must log in to the VDI client using domain credentials because the VM is restored to its default state and will rely on the domain credentials used to log in to the VDI client. Once the domain user successfully logs into the VDI client, the VM is already joined to the domain, and there is no need to authenticate the user again, as the authentication has already occurred through the VDI client.

Solution

Login VDI client with domain account.