Windows Server: Stop Programs Auto Starting / Auto Running

KB ID 0001600

Problem

I like to learn the keyboard shortcuts for these sort of things, (because developers will change the way things are done in the GUI). So in the good old days I simply ran msconfig, and located the offending software on the startup list and disabled it. Then that got removed and put in ‘Task Manager’, then that got removed. So I’m pulling a frowny face at Microsoft Developers for their lack of continuity 🙁 (It’s not just them Cisco and VMware are just as bad!) 

I’ve got an administration server I use, (Server 2016,) and it’s got a load of software on there that usually would not be on a server, Skype Client, Citrix Client etc. So how do I stop them autoloading?

Solution

Well I could start digging around in the registry manually, but a much simpler option is to download and run AutoRuns;

Either untick the offender or right click and go to the source and manually disable it yourself.

Related Articles, References, Credits, or External Links

Massive thanks to Syinternals and Mark Russinovich, who has been bailing me out of the mire for many years!

Management Framework 5.1 Update Not Applicable

KB ID 0001599

Problem

Seen while attempting to install Microsoft Management Framework 5.1 on Server 2012 R2, (to upgrade PowerShell).


Windows Update Standalone Installer
The update is not applicable to your computer

Solution

Well in the the end it turns out I was being a doofus! I was installing W2K12-KB3191565-x64.msu which is for Server 2012 (Not Server 2012 R2!) Look a bit lower, you need Win8.1AndW2K12R2-KB3191564-x64.msu.

The solution was in front of me the whole time!

Related Articles, References, Credits, or External Links

NA

Adding Rights to Public Folders (Recursively)

KB ID 0001598

Problem

After a recent Exchange migration (2007 > 2013 > 2016), I had problems with users not being able to see public folders, one user could see them all, (so I know they were present and correct, content wise,) but other users could not even see them.

Normally in this situation I’d test them in Outlook Web App first, if they work there then look at Outlook, but Public folders just didn’t work in Outlook Web App 2016 at all.

My first task was to check/set the permissions of the public folders, the one user who could see them was set as ‘Owner‘ on the root of the public folders, so my first step was working out how to grant myself these rights, and apply all those rights to all the child public folders below?

Note: Granting a user ‘Owner‘ rights at the root has obvious security implications, in your scenario you might want to choose ‘Reviewer’, or some other level of access.

View Existing Public Folder ‘Root’ Permissions

Simply use the following PowerShell in the Exchange Management Shell;

[box]

Get-PublicFolderClientPermission "\"

[/box]

If you just wanted to check for one user, then do this instead;

[box]

Get-PublicFolder -Identity "\" -Recurse | Get-PublicFolderClientPermission | Where-Object { $PSItem.User -like "SURNAME*" }

[/box]

Note: If you are working on a particular ‘child’ Public Folder the the syntax is “\FOLDER NAME“.

Granting Public Folder Rights Recursively

Use the following PowerShell in the Exchange Management Shell

[box]

Get-PublicFolder -Identity "\" -Recurse | Add-PublicFolderClientPermission -User pete.long -AccessRights Owner

[/box]

It complains and says this user already has rights? If this happens then Recursively Remove all rights then re-execute the command above.

Removing Public Folder Rights Recursively

Use the following PowerShell in the Exchange Management Shell

[box]

Get-PublicFolder -Identity "\" -Recurse | Remove-PublicFolderClientPermission -User pete.long

[/box]

Related Articles, References, Credits, or External Links

NA

Adding a Windows Server 2019/2016 Domain Controller

KB ID 0001262

Problem

Once upon a time, adding a domain controller that was running a newer version of the Windows Server family involved opening command line and schema prepping, and GP prepping etc. Now all this happens in the background when adding a 2019 domain controller and the wizard is doing the heavy lifting for you.

Solution

2008 to 2019 Domain Controller

2008 to 2016 Domain Controller

Obviously the server needs to be a domain member first!

  • For Server 2019 Forest and Domain Functional levels need to be at ‘Windows Server 2008‘. (The documentation says 2008 R2, but Server 2008 also works flawlessly).
  • For Server 2016 Forest and Domain Functional levels need to be at ‘Windows Server 2003‘.

Before You Start!

Remember if your ‘retiring’ domain controller is also a DNS/DHCP server you will also need to address that, and make sure you don’t have a service or device that queries the old domain controller directly (Radius Devices, Firewalls, RSA Appliances, Proxy Filters, Security door software, etc).

Procedure: Deploy a 2019 Domain Controller

With a vanilla install Server Manager will open every time you boot, (unless you’ve disabled it!) To open it manually, run ‘servermanager.exe’  > Manage > Add Roles and Features.

I usually tick the ‘Skip this page by default’ option > Next.

Role Based… > Next.

Ensure the local server is selected, (if you are managing another server, you can of course do the role install from here as well, but let’s keep things simple) > Next.

Select Active Directory Domain Services > Next.

Next.

Next.

Ensure ‘Restart’ is selected > Next.

Next.

Promote Windows Server To Domain Controller

Back in Server Manager > In the ‘Notifications’ section, click the warning triangle > ‘Promote This Server To Domain Controller’.

Assuming you already have a domain, and this is not a greenfield Install > Add a domain controller to an existing domain > Next.

Type and confirm a Directory Services Restore Mode Password (DSRM,) make it something you will remember in a crisis, or store it securely somewhere > Next.

This is fine, You see this error because it’s trying to create a delegation for this DNS zone, and there isn’t a Windows server above you in the DNS hierarchy. For example if your domain name is petelnetlive.co.uk > Then I do not have access to create a delegation in the .co domain space. (So you can safely ignore) > Next

If you have a backup of AD you can ‘Install From Media’. This used to be handy on remote sites that had awful bandwidth, as it saved you having to replicate a large Active Directly over a ‘pants’ connection > I’ve not had to do that in a long time > Next.

Unless you want to change the default AD install locations > Next.

Next.

Read any warnings  > Install

Go have a coffee, we ticked ‘reboot’ earlier so it will complete, then reboot the server, which will come back up as a domain controller.

You will notice, (if you’re interested,) that your schema version is now 88 (Server 2019), or 87 (Server 2016).

 

Find out your Domain Schema Version

Related Articles, References, Credits, or External Links

NA

Moving Certificate Services To Another Server

KB ID 0001473

Problem

If you are retiring a CA Server, or there’s a problem with the server and you want to move Microsoft Certificate Services to another server, the procedure is pretty straight forward.

BE AWARE: We are moving the CA Server Name , NOT the Server Name (FQDN), the two things are NOT the same, (you might have called them the same thing!) But a Certificate Authority has a name of its own, and that’s what we are going to move.

So the new server doesn’t have to have the same name? No, it can do if you really want, but that’s an added layer of complication I can’t see the point of?

In the video below, I’m migrating from Server 2008 R2 to Server 2019, and I’m also moving CRLs and OSCP responders. In the screenshots below I’m moving from Server 2016 to Server 2016, but the process is pretty much identical all the way back to Server 2003.

Can I migrate from Server 2008 (NON R2) to 2016 (or newer): Yes, but not directly, you need to upgrade to Server 2012 R2 first. If you don’t, the database wont mount and you will get this error.

Solution

On the ‘Source‘ server, open the Certificate Services management console > Right click the CA NAME > All Tasks > Back up CA.

The backup wizard will open, Next > Tick BOTH options > Select a Backup Location > Next > Set a password (you will need this to set the new CA up!) > Next > Finish.

Now we need to take a backup of the Registry key that holds the information for this CA server. Run ‘regedit’ > Navigate to;

[box]HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > CertSvc > Configuration > {CA-NAME}[/box]

Export a copy of this key, (save it in the same folder that you backed up to earlier).

Now we need to uninstall CA Services from this server. Server Manager > Manage > Remove Roles and Services > Next.

REMOVE all the CA role services  > Complete the Wizard, then launch the wizard again and select ‘Active Directory Certificate Services’ > At the pop-up select ‘Remove Features’ > Next.

Next > Next > Next > Close.

Setup Certificate Services on the Target/New Server

Server Manager > Add Roles and Features > Next.

Next > Select ‘Active Directory Certificate Services’ > Add Features > Next.

For now let’s just stick with the Certification Authority > Add the other role services later* > Next.

*Note: I’ve written about all these role services before, just use the search function, (above), if you are unsure what they all do.

Next > Close.

Warning > Configure Active Directory Certificate Services > Next.

Next > Enterprise CA (Unless it’s an offline non domain joined CA) > Root CA (unless it’s a subordinate CA!) > Next.

> Select ‘Use existing private key‘ > Select ‘Select a Certificate and use its associated private key‘ > Next > Import > Browse > In your backup folder locate the certificate (it will have a .p7b extension.) > Enter the password > OK > Select the Cert > Next.

Next > Next > Configure >  Close.

Stop Certificate Services;

[box]net stop certsvc[/box]

If your new server has a different hostname/FQDN open the registry file you exported above with Notepad, locate and change the CAServerName entry to the name of the NEW server.

Right click the registry backup > Merge > Yes > OK.

Launch the Certificate Services management console > Right Click the CA NAME > All Tasks > Restore CA.

The restore wizard will start > Next > Browse to the folder with your backup in > Next > Enter the password you used (above) > Next > Finish.

You will be prompted to start the Certificate Services service > Yes.

What About Certificate Templates? Do I need to Move Them?

No! Certificate templates are actually stored in Active Directory, NOT in/on the actual Certificate Services server, (that’s why sometimes they take a while to appear after you create them!) You can see them here;

Related Articles, References, Credits, or External Links

Digital Certificates Explained

Certificate Services – Migrate from SHA1 to SHA2 (SHA256)

VMware Horizon Machines Stuck ‘Customizing’

KB ID 0001595

Problem

In all honesty there’s lots of reasons for this.

I’ll cover the ones that have tripped me up, if you find some new ones feel free to post them below.

Solutions

Before continuing, the image needs to have the Horizon Agent installing within it, and it has to be the SAME version that your Composer and Connection servers are running, (or newer). Also your Horizon servers are connecting to VMware vCenter using an account, (in a lot of cases that will be the domain administrator account, or an account you setup for this reason), make sure that account has global administrator properties in vSphere.

Also in your image install the LATEST version of VMWare Tools, Note: that might be NEWER than the one that you have on your ESX servers, download it and install it manually, (to do this uninstall the old VMWare Tools, then Uninstall the Horizon Agent, then Install the NEW VMWare Tools, then finally reinstall the Horizon Agent again. (Note: If using Horizon Composer, make sure you install the composer option!)

Horizon Inability to get a licence for your KMS Server.

Check this first;

[box]

slmgr /dli

[/box]

It goes without saying you need a network connection (to the right VLAN) before KMS will work. I’ve ran though KMS setup and troubleshooting here.

Horizon Sysprep Problems

For sysprep obviously you need to be deploying images with sysprep and NOT quick prep, if you are using sysprep check the error log, (if the error log is empty, then sysprep is not your problem).

Navigate to: C:\Windows\System32\Sysprep\Panther\setuperr.log

Sysprep Problem 1

Problem 0x0f0043 Failed DeleteInstance AntiSpywareProduct

[box]

Error      [0x0f0043] SYSPRP WinMain:The sysprep dialog box returned FALSE
Error                 SYSPRP Error 0x-2147417850: Failed to re-enable Compat-Gentel custom trigger.[gle=0x0000047e]
Error                 SYSPRP setupdigetclassdevs failed with error 0
Error                 SYSPRP MRTGeneralize:107 - ERROR: Failed DeleteInstance AntiSpywareProduct.instanceGuid="{D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}" hr=2147749904
Error                 SYSPRP MRTGeneralize:116 - ERROR: Failed DeleteInstance AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}" hr=2147749904
Error                 SYSPRP Error 0x-2147417850: Failed to re-enable Compat-Gentel custom trigger.[gle=0x0000047e]
Error                 SYSPRP setupdigetclassdevs failed with error 0
Error                 SYSPRP MRTGeneralize:107 - ERROR: Failed DeleteInstance AntiSpywareProduct.instanceGuid="{D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}" hr=2147749904
Error                 SYSPRP MRTGeneralize:116 - ERROR: Failed DeleteInstance AntiVirusProduct.instanceGuid="{D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}" hr=2147749904

[/box]

Seen On Window Server 2016 and Windows 10: In your Source Image you need to remove Windows Defender, like so;

[box]

Uninstall-WindowsFeature Windows-Defender-Features

[/box]

Sysprep Problem 2

Problem 0x0f0073

[box]

Error      [0x0f0073] SYSPRP RunExternalDlls:Not running DLLs; either the machine is in an invalid state or we couldn't update the recorded state, dwRet = 0x1f
Error                 SYSPRP WinMain:Hit failure while processing sysprep re-specialize internal providers; hr = 0x8007001f
Error                 SYSPRP Error 0x-2147417850: Failed to re-enable Compat-Gentel custom trigger.[gle=0x0000047e]
Error                 SYSPRP setupdigetclassdevs failed with error 0

[/box]

This is happening because the machine you are using as your image has been sysprepped too many times, you nee to make some changes on the reference image to reset/rearm it, so it can be sysprepped.

On your image machine  run regedit and navigate to;

HKLM > SYSTEM > Setup > Status > Sysprep Status

Ensure the following;

  • CleanupState is set to 2
  • GeneralizationState is set to 7

Open an administrative command window and execure the following commands;

[box]

msdtc -uninstall
msdtc -install

[/box]

Back in registry editor navigate to

HKLM > SOFTWARE > Microsoft > Windows NT > CurrentVersion > SoftwareProtectionPlatform

Set SkipRearm to 1

Try again.

Related Articles, References, Credits, or External Links

NA

Horizon Client ‘Install Failed’

KB ID 0001594

Problem

When attempting to install the VMware Horizon client you see ‘Install Failed’;

Well that’s very descriptive and helpful?

Horizon Client ‘Install Failed’

Firstly make sure you  are NOT trying to install the client software on a Horizon Connection Server, or a Horizon Security Server! If you are not, then the easiest way to get it to install, is to ‘extract’ the .msi installation files, and manually run them. 

In PowerShell navigate to the folder that you download the client .exe file to, and extract its contents with the following command;

[box].\VMware-Horizon-Client-{version-and-build-number}.exe /x[/box]

It looks like nothing has happened, but the files get put in the ‘Temp‘ folder in YOUR user profile, Navigate to C:\Users\{Your-Username}\AppData\Local\Temp

In this location you will find a folder containing the individual install files you require.

From here you can launch the one you want, In my case (VMware Horizon View Client (x64).msi).

Still Not working ‘Install Failed’?

  1. Install the latest C++ VisualRuntime Library
  2. Ensure you have disabled your AV Software, especially if you’re running WebRoot, or Symantec Endpoint Protection, (or at least ensure your AV is not stopping access to c:\windows\system32\drivers\etc\hosts
  3. Grant ‘Full control’ to the c:\windows\system32\drivers\etc\hosts file

Related Articles, References, Credits, or External Links

NA

Adding New Networks to Cisco AnyConnect VPNs

KB ID 0001593

Problem

Note: To add new subnets to a traditional Site to Site VPN, see the following article instead;

Cisco ASA – Adding New Networks to Existing VPNs

I see this get asked in online forums A LOT. If you have an existing AnyConnect VPN setup, and then need to add another network how do you do it?

Well that depends on where the new network is, and how it’s entering the firewall, these diagrams can be either way round, but the new network will either be coming into the ASA on the same interface (i.e you’ve spun up a new network for phones, or a new department etc),  or the traffic will be coming into the ASA through a different interface, (like a DMZ, or partner network).

Option A: New Network is on another interface;

Option B: New Network is on existing (inside) interface;

Note: The process for adding the new network is the same for both, BUT depending on which interface the new traffic is coming in on, this will change your NAT command. 

Warning: For this process to work you must already have a setup and working AnyConnect deployment!

Solution

Option A: New Network is on a Different Interface

Tasks on ASA

  • Locate the NAT Exemption for the AnyConnect traffic, and add a new one on the SAME interface.
  • If using Split Tunneling add the new network to the Spit Tunnel ACL

Locate the Nat Exception (or NO NAT on old Cisco Money) that prevents the AnyConnect traffic form getting NATTED.

[box]

ASA-1(config)# show run nat 
nat (inside,outside) source static any any destination static Obj-ANYCONNECT-SUBNET Obj-ANYCONNECT-SUBNET no-proxy-arp route-lookup 
nat (inside,outside) source static Obj-Local-LAN Obj-Local-LAN destination static Obj-Remote-LAN Obj-Remote-LAN no-proxy-arp route-lookup 
!

[/box]

From the output above we can see that the Nat exemption for the existing traffic is highlighted, we simply need to add another one, for the new interface (which we will call dmz).

Note: I’m using any, yours might be using a specific object or object-group, if so, you will need to create new objects or object groups for the new network(s), for the next step, I’m sticking with any!

[box]

ASA-1# configure terminal
ASA-1(config)# nat (dmz,outside) source static any any destination static Obj-ANYCONNECT-SUBNET Obj-ANYCONNECT-SUBNET no-proxy-arp route-lookup

[/box]

Now let’s see if we are using split tunnelling;

[box]

ASA-1# show run group-policy
group-policy DfltGrpPolicy attributes
 webvpn
  customization value Portal
group-policy GroupPolicy_AnyConnectVPN internal
group-policy GroupPolicy_AnyConnectVPN attributes
 wins-server none
 dns-server value 192.168.1.10 192.168.1.11
 vpn-tunnel-protocol ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SplitTunneling
 default-domain value petenetlive.com
 webvpn
  anyconnect profiles value AnyConnect type user
  customization value Portal
group-policy GroupPolicy3 internal
group-policy GroupPolicy3 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
 vpn-filter value ACL_Filter
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol ikev1
 webvpn
  customization value PulsantPortal

[/box]

So we are using split tunnelling, and our split tunnel ACL is called SplitTunneling.

[box]

ASA-1# show run access-list SplitTunneling
access-list SplitTunneling standard permit 192.168.1.0 255.255.255.0

[/box]

Now simply just add the new subnet;

[box]

ASA-1(config)# access-list SplitTunneling standard permit 192.168.100.0 255.255.255.0

[/box]

Option B: New Network is on the Same Interface

Tasks on ASA

  • Locate the NAT Exemption for the AnyConnect traffic, and add a new one for the new interface.
  • If using Split Tunneling add the new network to the Spit Tunnel ACL

Locate the Nat Exception (or NO NAT on old Cisco Money) that prevents the AnyConnect traffic form getting NATTED.

[box]

ASA-1(config)# show run nat 
nat (inside,outside) source static any any destination static Obj-ANYCONNECT-SUBNET Obj-ANYCONNECT-SUBNET no-proxy-arp route-lookup 
nat (inside,outside) source static Obj-Local-LAN Obj-Local-LAN destination static Obj-Remote-LAN Obj-Remote-LAN no-proxy-arp route-lookup 
!

[/box]

From the output above we can see that the Nat exemption for the existing traffic is highlighted, IMPORTANT: Because I’m using any, (yours might be using a specific object or object-group), I DONT NEED TO ADD ANYTHING as any covers the newly added subnet. if you didn’t use any, then you will need to create new objects or object groups for the new network(s), for the next step, I’m sticking with any! then

[box]

ASA-1# configure terminal
ASA-1(config)# object network Obj-New-LAN
ASA-1(config-network-object)# subnet 192.168.100 255.255.255.0
ASA-1(config-network-object)#nat (inside,outside) source static Obj-New-LAN Obj-New-LAN destination static Obj-ANYCONNECT-SUBNET Obj-ANYCONNECT-SUBNET no-proxy-arp route-lookup 

[/box]

Now let’s see if we are using split tunnelling;

[box]

ASA-1# show run group-policy
group-policy DfltGrpPolicy attributes
 webvpn
  customization value Portal
group-policy GroupPolicy_AnyConnectVPN internal
group-policy GroupPolicy_AnyConnectVPN attributes
 wins-server none
 dns-server value 192.168.1.10 192.168.1.11
 vpn-tunnel-protocol ssl-client ssl-clientless
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SplitTunneling
 default-domain value petenetlive.com
 webvpn
  anyconnect profiles value AnyConnect type user
  customization value Portal
group-policy GroupPolicy3 internal
group-policy GroupPolicy3 attributes
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
 vpn-filter value ACL_Filter
 vpn-tunnel-protocol ikev1
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol ikev1
 webvpn
  customization value PulsantPortal

[/box]

So we are using split tunnelling, and our split tunnel ACL is called SplitTunneling.

[box]

ASA-1# show run access-list SplitTunneling
access-list SplitTunneling standard permit 192.168.1.0 255.255.255.0

[/box]

Now simply just add the new subnet;

[box]

ASA-1(config)# access-list SplitTunneling standard permit 192.168.100.0 255.255.255.0

[/box]

Related Articles, References, Credits, or External Links

NA

VMware vSphere – How to Import and Export OVF and OVA Files

KB ID 0000562

Problem

I prefer to think of OVF Templates as “Zip” files for Virtual Machines and Virtual Appliances. Where as the OVA file is the complete appliance pre packaged. There are two things you will want to do with an OVF Template;

1. Export a VM to an OVF Template

2. Import an OVF Template (Note: VMware call this “Deploy an OVF Template”)

Note: There are tools for OVF templates for other VMware virtualisation products, this is just for vSphere / ESX.

Tech Note: I find it a lot simpler to do this from PowerCLI now, see the article below;

VMware: Export a VM to OVA With PowerCLI

Solution

Export a Virtual Machine to OVF (vSphere v6)

Note: Machine must be Powered Off and have No Snapshots!

Select the VM > Templates > Export OVF Template.

Change the name, annotation as required > OK.

Your files will be downloaded, (the location will depend on your browser settings!)

 

Export a Virtual Machine to OVF (vSphere v3, v4 and v5)

Note: Machine must be Powered Off and have No Snapshots!

1. Connect to your host with the VI client > With your virtual machine powered off > Select it > File > Export > Export to OVF Template.

2. Select a location to save the files to > OK.

3. Depending on the size of the VM this can take a while.

4. It will give you the following message when it’s finished.

5. Here are the files that it has created.

Import / Deploy an OVF Template to a Virtual Machine

HTML5 Web Client: You can select Deploy OVF Template from either the Cluster or Host Level.

Flash Web Client: If importing OVA or OVF files into vSphere via the vSphere Web client, you can import them at the vCenter, Host, or Cluster Level.

 

From this point forward: The procedure is the same for both Flash and HTML5 clients, Ill show the process using the HTML5 client.

Choose Files > Navigate to and select ALL the applicable files > Next.

  

Give the new VM a name, and, (if applicable) select a folder to put it into > Next > Select a host to deploy to > Next.

Review details > Next > Choose the storage, (and optionally disk format) > Next.

Select the Port Group you want to connect the new VM to > Next > Again review the details > Finish.

 

Import / Deploy an OVF Template to a Virtual Machine (vSphere v3, v4 and v5)

1. To create a VM from an OVF template, connect to your host with the VI client > File > Deploy OVF Template.

2. Browse to the location that the .ovf file is stored > Next.

3. Read the details > Next.

4. Give the new VM a name > Next.

5. Select the disk format (Thick or Thin) you want the new VM to use.

What does Lazy Zeroed and Eager Zeroed Mean?

Data on disks is stored as a 1 (one) or a 0 (zero), so if all the blocks on the disk are set to zero, when you put data on the disk, it only has half the work to do (i.e. write the ones). Eager Zeroed, puts zeros on all the blocks on the disks straight away, Lazy Zeroed puts all zeroes in a block the first time the block is read.

6. Read the summary, and if you want to power on the VM on completion, tick the box > Finish.

7. Depending upon the amount of data this can take a while.

8. It will give you the following message when it’s finished.

9. And here is your VM, imported, powered up, and working.

Related Articles, References, Credits, or External Links

Original Article Written 26/01/12

VMware Horizon: ‘VM With Unsupported Guest OS’

KB ID 0001592

Problem

Seen when attempting to deploy Window Server 2016, as an ‘Image‘ (Parent VM,) with VMware Horizon View.

‘VM With Unsupported Guest OS’

I double checked, and Server 2016 (Standard and DataCenter) were supported, as was Server 2019 (Standard and DataCenter.) The image also had a new version of the VMware Horizon View agent installed in it?

Solution

In my case this was an embarrassingly easy fix, previously I’d deployed Windows 7, 8, and 10 with Horizon View, this was the first time I’d ever deployed a server OS as a VDI image, (With Windows Server Datacenter, this works out cheaper, licensing wise).

By Default: VMware Horizon View does not allow server operating systems, (even though they are supported.) You just need to enable the feature! Launch Horizon Administrator, View Configuration > Global Settings > Edit > Tick ‘Enable Windows Server Desktops‘ > OK.

Doh! That cost me two hours, (hope it saved you some time).

Related Articles, References, Credits, or External Links

NA