To resolve the issue, grant the logon right, Access this computer from the network to the Delivery Controller machine account(s).
This can be modified directly on the VDA (recommended for testing):
- To edit the policy directly on the VDA, use Local Computer Policy editor (MMC, then add the Snap-In Local Computer Policy.)
- The policy is located in Computer Configuration –>Windows Settings –>Security Settings –>Local Policies –>User Rights Assignment
- Locate “Access this computer from the network”
- Click ‘Add User or Group’. Change the Object Types to include “Computers”.
- Type the names of the Delivery Controller(s). Click ‘Check Names’. Click OK to save the change. There will be several warnings.
Once this is determined to resolve the OU-based registration issue, policy can be applied to all the VDA’s by completing one of the following tasks:
- Apply a group policy from the domain controller either to the domain as a whole or to an Organizational Unit containing the Virtual Desktops for the XenDesktop farm.

Related: