Quantcast
Channel: VMware Communities : Discussion List - VMware View
Viewing all 10683 articles
Browse latest View live

Locked down, hardware access control (KIOSK Mode?)

April 12, 2017, 7:34 am
$
0
0

Hello everyone,


I finally decided to sign up to here to see if someone has had a similar scenario or managed to resolve this dilemma I am facing.

 

After many months of trial and error I have finally set up a Pod architecture environment with;

 

1 vCenter
3 Locations all with 1 connection and 1 security server.

 

Happy days, created a couple of images and everything works great, even the smartcard authentication.

Now here is the issue I am trying to resolve.

 

I am trying to create a desktop pool which will be running a fresh image that refreshes daily (non-persistant/floating)

The challenge I am facing is that I only would like the Wyse (P25) boxes that we have to be able to access this specific pool. Not that someone tries to grab another machine fires up the horizon client and logs in that way. This environment is locked down, secure and only has access to 2 web pages.

 

After many hours of googling I came to the conclusion that I may end up having to set up a second connection server and configure that to use Kiosk mode.

 

Has anyone attempted to do something similar? As I am guessing there is probably multiple ways of doing this.

 

Thank you for taking the time to read this post

Search

Re-authenticating from a Windows client after lock

May 15, 2017, 12:35 pm
$
0
0

Hello:

 

We are currently deploying our own "Thin client" solution here which is basically on Windows 10 for the thin OS, and using the Windows version of the Horizon Client.  The users must log in with their credentials to the physical thin client itself for some required applications to run and identify the user properly, as well as GPOs, etc.

 

For users on this solution, what we are faced with is the VM and the laptop will lock their screens after 15 minutes.  This is a company policy for all machines to lock after 15 minutes for security reasons.  When unlocking, they must authenticate to the physical thin client first, then authenticate in the VM both get back to their VM.  This only happens when the user is already logged in to their VM and walks away long enough for it to automatically lock.  We have our GPOs set to pass through Windows authentication, so when they first logon initially it does pass through the credentials so the user only has to authenticate once there.  The issue is when they are already logged in and their machines lock, and they have to authenticate, it doesn't seem to pass that authentication through.

 

Unfortunately, we are kind of stuck but I was curious if there are any solutions to get around this, that are more baked in or integrated with the Horizon Client or thin clients.  If possible we don't want to purchase a 3rd party product unless necessary.  I have looked and so far do not see a built in way to handle this.  I have not yet looked at 3rd party solutions either, as this is more of a question if it's possible with what we have, basically Windows and the Horizon Client.

 

I appreciate any and all feedback if any solutions that may take care of the re-authentication.  Thanks!!

Nvidia Quadro 6000 on ESXi 6.0

March 4, 2016, 11:22 am
$
0
0

I have a client that is going to be updating to ESXi 6.0 and I need to nail down the universal nVidia driver for ESXi 6.0 that works with the Quadro 6000. They are using vSGA for graphics workloads.

They are currently using driver 319.65 on ESXi 5.5. Any help would be appreciated...

 

 

 

Thanks!

Windows 10 Search box stops working after a recompose

May 10, 2017, 1:23 pm
$
0
0

Linked clone desktops with persistent disks on Win 10 build 1607

 

In the same pool - After a recompose, the search menu does not work on some machines and on others it works. 

 

If the master image is the same for all the machines, why would the results be different?

 

On one machine, a second recompose fixed the issue, but on others, nothing works.

 

We are on Horizon 7.0.2 - 4356666

Instant Clone Desktop stuck in DELETING Status

January 25, 2017, 9:07 am
$
0
0

Hi all,

 

I have an instant clone pool that has a desktop that is stuck in deleting status in the admin console.  The destop in the VI Client is still there and i can console in.  I can shut down and restart with no affect at all.  Admin console still says deleting.  Tried to remove and recover and no luck.  Still the same.  I also tried to restart teh management services on the host that it resides on with no luck also.  It appears that all other desktops are working just fine in that same pool.  Any idea how to get this vm back to working status??  Any comments are welcome.  Thanks

 

Horizon view 7.0.1 using the 7.0.2 client (per VMware tech)

SSL error when running uagdeploy.ps1 script

February 13, 2018, 6:49 am
$
0
0

I am running with the script to deploy UAG, it error out with the following exception, any idea how to resolve this?

 

 

Enter an optional admin password for the REST API management access for uag_bat:
Deployment will use a self-signed SSL/TLS server certificate
Opening OVA source: C:\euc-unified-access-gateway-3.2.0.0-7395815_OVF10.ova
The manifest validates
Source is signed and the certificate validates
Accept SSL fingerprint (D2:50:B1:B0:FD:E6:B0:69:4E:B8:5D:5C:24:10:68:74:2E:56:2B:42) for host vcenter-qa-04.dt.company.com as target type.
Fingerprint will be added to the known host file
Write 'yes' or 'no'
yes
Error:
Error processing attribute "type" with value "OverheadMemoryManager"

while parsing MoRef for ManagedObject of type vim.OverheadMemoryManager
at line 7, column 3236

while parsing property "overheadMemoryManager" of static type OverheadMemoryManager

while parsing serialized DataObject of type vim.ServiceInstanceContent
error parsing Any with xsiType ServiceContent
at line 7, column 33

while parsing return value of type vim.ServiceInstanceContent, version vim.version.version10
at line 7, column 0

while parsing SOAP body
at line 6, column 0

while parsing SOAP envelope
at line 2, column 0

while parsing HTTP response for method GetContent
on object of type vim.ServiceInstance
at line 1, column 0
Completed with errors

Migrating to LTSB 1607

February 13, 2018, 6:53 pm
$
0
0

Was wondering if anyone migrated from Windows 10 ENT 1607 CBB to Windows 10 LTSB 1607? We are thinking about moving everyone to LTSB and was wondering if you had to do anything special to make sure that everything worked. We are currently running Horizon 7.1, App Volumes 2.12.1 and UEM 9.1. We do have some users with a writable appstack. Thanks!

Windows Defender in Windows 10

February 14, 2018, 9:01 am
$
0
0

I've noticed that the VMware Optimization Tool templates don't actually turn off the Windows Defender service as part of the templates.  If we are running a different Antivirus solution does anyone know of a reason for this?  Is there some other dependency that requires the service?

Search

Balancing VDI storage during provisioning

February 16, 2018, 2:58 pm
$
0
0

Storage rebalance helps to balance the Linked Clones across Datastores post provisioning. However I'm trying to control the Linked clone distribution on a specific Datastore during new vdi provisioning. I know its not availalbe out of the box., so here's what I'm thinking:

 

1. To the pool, add new DS1 count of vdis say #4. Enable provisioning.

2. Post completion, remove DS1 from vcenter setttings and add DS2, increase count to 8. Enable provisioning

 

This way it would ensure that 4 VDIs are created per datastore ie 1 replica mapped evenly to 4 VDIs.

 

Any reason why this should not work?

Compute mode vs graphics

February 16, 2018, 4:52 pm
$
0
0

Hi,

 

I need some help to understand computemode.

Today we have a test system with Nvidia M60 card, and we have been running it in graphics mode, and added several different profiles to ESXi VM`s and that has been working well.

 

Now we have a customer wanting to test this system in Compute mode instead, so we have changed it with the switch mode command and that`s seems ok. But what I now don`t understand is, should we add profiles to the VM`s or should they use regular VMware VGA card ? They are going to test some applications on CentOS, not quite sure what applications, but it uses Compute mode they said.

The reason I am wondering about the profiles, is because I tried to boot one of the VM`s after we changed ESXi host to compute mode, and they fail to boot with the error "Could not initialize plugin '/usr/lib64/vmware/plugin/libnvidia-vgx.so' for vGPU"

 

Please explain what I am missing here, and the concept around compute mode.

 

Thanks for reply.

 

Regards

Andreas

Certificate question

February 18, 2018, 11:48 am
$
0
0

Hi,

 

We a configuring a Horizon View in a closed network, no access to internet.

I was wondering about the certificate that is created under installation, as I understand this certificate should be replaced since this system will be production.

Do we need to create a own CA system within our domain for this ? Or is it possible to create a CSR and request some kind of certificate from a certificate vendor like godaddy.com ? or will this fails since we don`t have access to internet and it will then not be able to verify the chain ?

 

I don`t have much knowledge when it comes to certificates

 

Thanks for reply

Datastore Clean-up Question

February 19, 2018, 9:32 am
$
0
0

We are running Horizon View 7.0.1.

 

I was looking in a datastore that is exclusive to linked clones.  I noticed all these folders with log files for linked clones that no longer exist.  I checked the ADAM database and found no information on the machines.  Should I run an SviConfig cleanup or could I just delete the folders?  I should say that the machines do not show up in View Administrator.

 

Thanks for the help.

viewdbchk on Horizon 7.3.2

February 20, 2018, 4:36 am
$
0
0

We use viewdbchk every now and again to cleanup pools in Horizon, when the View Admin console is having issues doing such. Just like everyone else. However, since the move to 7.3.2, we can't seem to run it.

 

According to the release notes there was a change:

 

  • In Horizon 7 version 7.2 or later, the viewDBChk tool will not have access to vCenter or View Composer credentials and will prompt for this information when needed.

 

This is fine, we know what credentials to use. When we run the command though ("viewdbchk --removeMachine --machineName Xyz --noErrorCheck"), and are prompted for our service account password for vCenter (https://vcenter.fqdn:443/dsk) and for Composer (https://composer.fqdn:18443), when we enter, no characters show not even masked (this might be by design), and when we hit enter to confirm anyway, we are greeted with "ERROR: Cannot get password for user "service_account".

 

We know the password, we even tested it separately. Anything we can provide within the command differently perhaps?

 

Thanks in advance.

os permissions for View 6.2 PowerCLI scripts

February 20, 2018, 3:45 am
$
0
0

Hi,

 

I cannot find information about Windows os permissions nedded for running Horizon View 6.2 PowerCLI scripts.

 

When a user have Local Administrators permission it works well.

 

But when a user don't have Local Administrators permission it ends with following error:

 

View Server connect FAILED

    + CategoryInfo          : NotInstalled: (vmware.view.powershell.cmdlets.GetUser:GetUser) [Get-User], Exception

    + FullyQualifiedErrorId : Node Manager not running,vmware.view.powershell.cmdlets.GetUser

    + PSComputerName        : xxxxxxx

 

Does anybody know what minimum os permissions is needed for running Horizon View 6.2 PowerCLI scripts?

 

Thanks for any help.

Pavel

Replicating appstack between DCs

February 20, 2018, 5:31 am
$
0
0

I was reading documentation about appstacks and non-attachable storage, but I still don't really know how to move appstack between DCs. If I have FC storage then I can not present a lun to both datacentres that are on different continents with only IP connectivity.
So I guess that you need some storage which support array level replication over IP so you basically have non-attachable storage LUN that is in each DC presented from local array.

Other two options that comes to mind are:

- use some SW like veeam and replicate appstack VMDKs. Can you even replicate VMDKs that are not part of a VM ?

- use some VM where you do NFS export which is then mounted on vsphere in both DCs. This is questionable how would NFS datastore work over something like 200ms latency.

 

Any better ideas ?

Search

Location based Printing based on AD group instead of IP

February 21, 2018, 2:46 pm
$
0
0

Is it possible to manage what printers users see automatically in their view desktops where the following is true:

 

* floating desktops, all on same DHCP scope. cannot be organized into pools based on location on campus.

* 400+ printers are all over the place, multiple buildings, floors, wings.

* printer IPs are not organized by location

* printers would be have an AD object that is a mapped to a security group

* users who are a member of said security group would see that one, along with any others in their printer list upon logging into a random floating desktop. the idea is that users are typically in certain areas

* will printer default settings a user sets up be retained somehow? in persona profile share?

 

latest version of view.

 

thanks! trying to understand the location based printing document.

"The External URL must not be load balanced." - What does it mean ?

February 21, 2018, 3:03 pm
$
0
0

Based on all documentation you clearly CAN load balance view connection servers or security servers.

So why is there warning like:

 

and same for Blast or PCoIP protocols.

 

What is the true meaning or intention of this warning ?

UAG external load balancing

February 21, 2018, 3:22 pm
$
0
0

I'm reading this document: Load Balancing across VMware Unified Access Gateway Appliances and wondering what is practical difference between:

a) Method 3 - Multiple VIPs (from document)

 

b) Having two UAGs on different IPs with different FQDNs (A records), without any LB. Users are accessing it via CNAME so they still have single URL and a simple load balancing via round robin is performed.

 

 

Drawbacks for method B can be further eliminated by using e.g. f5 gtm or similar solution. Am I missing something here, but I really don't see use for LB (ltm like) in front of UAG.

Using Windows Folder Redirection with View Persona

February 21, 2018, 2:40 pm
$
0
0

Customer has an interesting design goal:

 

* keep view desktop profiles on one share, to manage things like outlook, user experience, etc.

* have their major folders point to the same location they use when the log into a normal desktop/laptop via the Home Drive feature in AD. Apparently they use both.

**** for example: Documents, Desktop, Favorites

 

Since the View Persona folder redirection GPO only works by using a UNC path they cannot use this without a TON of GPOs because there are probably 50 different home drive paths in place at the large customer. the View persona setting doesn't have a table to map users to different paths. however in windows AD folder redirection you can point it to the home drive letter is my understanding.

 

The idea is they log into any floating desktop (non-persistent) and they get the same desktop experience on all View Desktops and when they open Documents for example they see all the files they normally see from their laptop. These of course are just pointed to a network path, of which there are over 50 across all users.

 

Most people get the same drive letter (H:) but they all point to many places.

 

Can you exclude those folders from redirection in view persona GPO and then turn on folder redirection in windows setting instead? hopefully this makes sense.

 

what settings specifically would I enable for this?

 

this is latest version of horizon view

2-way forest trust - domain status error detected

February 22, 2018, 5:25 am
$
0
0

I have established 2-way forest trust between existing forest containing view servers and everything and a second forest which hold some of the users.

However it seems to not be working.

 

 

In the logs I see the following error:

<WSWinAuthDomainTimerThread> [ws_winauth] OpenObject could not bind to LDAP://<my domain>/rootDSE (0x000000008007203B (A local error has occurred.))

 

 

The trust itself seems to work fine since I can login into Windows servers in either forest using credentials from another forest.

Viewing all 10683 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>