You can configure biometric authentication by editing the pae-ClientConfig attribute in the LDAP database.


See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows server.


  1. Start the ADSI Edit utility on the Connection Server host.
  2. In the Connection Settings dialog box, select or connect to DC=vdi,DC=vmware,DC=int.
  3. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the Connection Server host followed by port 389.
    For example: localhost:389 or
  4. On the object CN=Common, OU=Global, OU=Properties, edit the pae-ClientConfig attribute and add the value BioMetricsTimeout=<integer>.
    The following BioMetricsTimeout values are valid:
    BioMetricsTimeout Value Description
    0 Biometric authentication is not supported. This is the default.
    -1 Biometric authentication is supported without any time limit.
    Any positive integer Biometric authentication is supported and can be used for the specified number of minutes.


The new setting takes effect immediately. You do not need to restart the Connection Server service or the client device.