I deployed Horizon v7 a while ago for a client, they messaged me to say their wildcard cert was about to expire, could I replace it in the Horizon infrastructure.
On logging in, sure enough;
Connection Server Details
Status: The service has a minor issue
SSL Certificate: About to expire {Date} {Time}
This is why I like VMware, it’s picked up the problem, and pointed me in the right direction, (the connection servers).
Solution
Firstly you will notice I’ve got two connection servers, DO ONE AT A TIME, then if something breaks, you can still get into the manager! If you only have one connection server, I’d suggest taking a snapshot of it first!
Import your new certificate onto the connection server. Make sure you select local computer when you import it. Then you will notice that your ‘old’ one has a friendly name of ‘vdm‘. Rename vdm to OLD-vdm, then rename the new one to vdm.
Finally, either restart the VMware Horizon View Connection Server service, or reboot the server.
Related Articles, References, Credits, or External Links
While attempting to deploy VMware Composer, (in my case version 7) on a windows Server, (in my case 2016 Datacenter). This happened;
Installation Failed
The wizard was interrupted before VMware Horizon7 Composer could be completely installed.
Your system has not been modified. To complete installation at another time please run setup again.
Click Finish to exit the wizard.
Annoyingly I know what it was straight away, because I’d read up on the subject before I started.
Solution
‘Power Off’ the server, locate its VM > Edit Settings > VM Options > Boot Options > Ensure firmware is set to “EFI (recommended) > Note: It should be by default > Under Secure boot ‘Untick‘ Secure boot (EFI boot only) > OK.
Power the server back on, then retry the VMware Horizon Composer installation.
Related Articles, References, Credits, or External Links
VMware View is a big product, deploying it can be daunting, and if you’re not sure what you’re doing it’s pretty easy to deploy ‘misconfigured’, or at the very least not configured as well as it should. I’m going to run though most requirements, but it would seem sensible to break this up into a few different articles.
Solution
Configuring Windows Active Directory for VMware View
1. Before you start, on your domain controller open active directory users and computers (dsa.msc). Create an OU for your View Desktops, also to make administration easier create a separate OU for any linked clones you are going to deploy. In the example below I’ve nested one inside the other to keep my AD neat and tidy.
2. Also whilst in AD users and computers, create some groups, one for ViewUsers, and one for ViewAdministrators. Add in your users to the groups as required.
Note: You can call the groups whatever you like, and have as many different groups as you like.
3. Now connect to your Virtual Center Server, and add the domain ViewAdministrators group to the LOCAL Administrators group on that server.
Installing and configuring VMware View 5
4. Run the installer for VMware Connection Server (there is a x32 and an x64 version, make sure you download the correct one as VMware call the x64 bit version VMware-viewconnectionserver-x86_64-5.0.1-640055.exe, which at first glance looks like a x32 bit file). Accept all the defaults until you see the following screen, and select View Standard Server.
View Standard Server: Select if this is the first Connection Server you are deploying. View Replica Server: Select this if you already have a connection server and you want to copy the configuration from that server, once in operation it just becomes a standard replica server. View Security Server: Usually placed on an edge network or in a DMZ to broker connection requests. View Transfer Server: Only required if your clients are going to use ‘Local Mode’ for their View desktops..
5. Accept all the defaults and finish the installation.
6. Connect to the VMware View administrator console, this is a web connection to https://{Connection-server-name/admin Note: Adobe Flash is required for it to work.
7. The first time you connect it will take you straight to View Configuration > Product Licencing and Usage > Select “Edit Licence” and type/paste in your licence key.
8. To point the connection server to your virtual center server, select View Configuration > Servers > vCenter Server section > Add.
9. Give it the vCenter server name, and a username and password for a user who is a member of your ViewAdministrators group.
Note: If your vCenter server has VMware composer installed this is where you would enable it. At this time I do not, but I will return here later after I’ve installed it when I cover VMware Composer and ‘linked clones’.
Related Articles, References, Credits, or External Links
In Part 2 we got our machine ready to be delivered via VMware View. Now we need to create a ‘Pool’, grant users access to that pool, and finally connect to it from a VMware View Client.
Solution
VMware View – Creating a Manual Pool
1. Open a connection to your VMware View Administrator console (https://{connection-server-name}admin). Log in and navigate to Inventory > Pools > Add.
2. We are going to create a manual pool (Note: An automated pool will create machines dynamically as required).
3. I’m selecting dedicated (the machine will get allocated to the first user that connects to it, and remains theirs). With a floating Pool machines are returned to the pool after they are finished with to be given to the next user that requires a machine.
4. My machine is in vCenter.
5. And there’s my vCenter
6. Give the new pool a sensible name.
7. Change the settings for the pool as required, I pretty much accept the defaults, but I allow the users to “reset” their desktop.
8. Select the machine(s) you are going to add to the pool, and complete the wizard.
9. Now you have a new pool, you need to grant users/groups an ‘entitlement’ to use it.
10. Simply add in the users or groups from Active Directory as required.
VMware View – Installing the VMware View Client
11. You will find that there are x32 and x64 bit VMware client software installs. There are available in two flavours, (with local mode, or without local mode).
Note: Local Mode: This is a mechanism where users can ‘check out’ their virtual machines and work on them remotely, then ‘sync’ them back to the network when they return, it requires a VMware Transport Server (use the connection server install media and change the server type to Transport Server).
12. During setup it will ask you the name of your connection server.
13. Normally you would tick “Set default option to login as current user”. If not you will see the login option in step 16 below.
14. When you launch the software, you may want to change the certificate options. The Connection server will have installed with a ‘self signed’ certificate, (which is fine) but you might want to change the ‘Configure SSL” options.
15. Here I’ve set them to allow, it says not secure – but its still encrypted, it should really say ‘least secure’.
16. If you didn’t tick the box in step 13 above you will need to login again.
17. Now you will see all the pools you have an entitlement to, select as appropriate and click connect.
18. All being well the desktop will connect and dynamically resize to fit.
19. Whist connected you will can control your connection with the menu on the view client bar at the top of the screen, also here you will see options for connecting USB Devices (Note: USB will only be available if you had it selected when you installed the client, it IS selected by default).
Related Articles, References, Credits, or External Links
In Part 3 we ran through manual pools, if you want to deploy automated pools using ‘Linked Clones’, then you will need VMware Composer. Composer installs on your Virtual Center Server. It also requires a database, the following is a step by step guide to installing SQL Server 2008 R2 and configuring it for Composer.
VMware View 5 Suppored Database Platforms
When you have your databse platform installed and configured, on the Virtual center server create an ODBC connection to the database and install VMware Composer. Finally you will need to enable composer in the VMware View Administrator Console.
Solution
VMware View – Installing SQL 2008 R2 and Configuring for Composer
1. Let the SQL DVD auto-run and choose Installation > New installation > OK > Product Key > Next > Accept the EULA > Next > Install the setup files.
2. Take note of any warnings, here it’s complaining that I’m on a domain controller (in a test environment this is OK, don’t do this in production!). And it’s giving me a firewall warning. I’m going to disable the firewall as I’m behind a corporate firewall, BUT if you want to create an exception for TCP port 1433, or run the following command. That would be the correct way to address the warning.
[box] netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN [/box]
3. You only need the “Database Engine Services” and the “Management Tools” , or you can simply install everything > Next > Next > Select Default Instance* > Next > Next.
*Unless you specifically want a named instance.
4. I set the services to run under the ‘System’ account, if you want to use the domain admin, or another domain service account use that instead. You can use the “Use same account button for all” to save typing > Next.
5. We will need SQL authentication, type in a suitable complex password (You can add the current user of the domain administrator as well) > Next > If your installing Analysis services you can add an account here > Next.
6. Install the native mode default configuration > Next > Next > Next > Install > Close > Exit the SQL installer.
7. Launch the SQL Management Studio > Log in (for servername simply type in localhost) > Right click Databases > New Database..
8. Give the Database a name > Select the ‘Options’ Settings.
9. Change the recovery model to ‘Simple’ > OK.
10. Expand Security > Logins > Create a new login.
13. Give the new user/login a name, select SQL authentication > Set a complex password > Untick Enforce password expiration > Select the user mappping section (on the left).
14. Select the database you have just created and give this new user the “db_owner” role > OK > Exit the management studio
VMware View – Configure ODBC Settings on the Virtual Center Server
15. On the vCenter Server > Start > Administrative Tools > Data Sources (ODBC).
16. System DSN > Add > SQL Server Native Client > Finish,
17. Add in the Database name and the server you installed SQL on > Next.
18. Supply the details for the user you created and the password you set > Next.
19. Change the default database from ‘master’ to the one you created > Next > accept all the defaults > Finish.
20. Click ‘Test Data Source’ and it should say TEST COMLPETED SUCESSFULLY > OK > OK > OK.
VMware View – Installing VMware Composer
Note: Composer MUST be installed on your VMware virtual Center (vCenter) Server.
21. Run the installer > Next > Next > Accept the EULA > Next > Next > Enter the ODBC details and login you created earlier > Next.
22. Next > Install > Finish.
VMware View – Add Composer to VMware View Administrator Console
23. Connect to, and log into the VMware View Administrator Console > View Configuration > Servers > If you already have a vCenter server select Edit > If not select Add.
24. On the vCenter Server settings tab ensure ‘Enable View Composer’ is ticked and add in a domain user (with rights to create, and delete computer objects in the domain) > OK.
25. You will know if the operation was successful as the vCenter logo will change, it will now have a gold/yellow box around it.
Related Articles, References, Credits, or External Links
After some messing about on my test network I was left with a ‘replica’ machine that I needed to get rid of, this was easier said than done, as it was in an orphaned state.
Solution
1. Find out which host in the cluster the replica is on, In my case that’s simple (I only have one). In a live environment click the replica machines summary tab, and it will tell you which host it is on. Connect directly to the host with the VI client software. (Remember the username this time will probably be root!), then right click the replica and select ‘Delete form Disk’.
2. Log back into your Virtual Center Server with the VI client. Right click the host that had the replica on it and select ‘Disconnect’.
Note: We actually need to remove it from the cluster, but to to that it would need to be in maintenance mode (not good if you have live servers running) that’s why we are disconnecting it first (the VM‘s will stay online).
3. Once disconnected, right click the host again, and this time ‘Remove”. Don’t panic the guest machines will stay online.
4. Then simply add the ESX host back into the cluster once again, this time its updated inventory (Minus the deleted replica) will be added back.
Related Articles, References, Credits, or External Links
It’s been a while since I wrote Part 4, so it’s time to wrap this up. Now we have Composer installed on the Virtual Center, we can start to deploy our linked clone desktops.
Solution
VMware View – Prepare your Source Machine
1. I’ve already covered how to prepare your Windows 7 client machine to be a View client here. Once that’s done, release its IP address (ipconfig /release) and shut it down.
2. With your source machine shut down, take a snapshot of the machine.
VMware View – Create an Automated Linked Clone Pool
3. Log into your VMware View Administrator console > Inventory > Pools > Add.
4. Automated > Next.
5. Dedicated > Next (unless you want a floating user assignment, the description of each is on this page).
6. View Composer linked clones > Next (ensure your vCenter is listed, and has “Yes” in the View Composer section).
7. Give the pool an ID, name, and description. (Note: If you use folders for your VM’s, you can also select those here).
8. I tend to stick with the defaults, except I let the users reset their desktops > Next.
9. I’m not redirecting any disposable files or profiles > Next.
10. Expand Security > Logins > Create a new login.
11. For the default Image, browse to your source machine, then select the snapshot. Set the Folder, Host/Cluster, and Resource pool as applicable. Then browse for a datastore.
12. Here I’ve selected to store my disks on different datastores. If you can, put your replica disk on the FASTEST storage, as this gets the most “Read” traffic > OK > Next.
13. The domain should auto populate > Pick an OU to place the new machines into, then select either to use quickprep (the VMware one), or Sysprep (the Microsoft one). > Next.
Note: You can also use a customization specification (yes Americans are worse at spelling than me!), you set these up in the VI client on the home screen under ‘Customization Specifications Manager’.
14. Review the information > Finish.
15. Now you have you pool, you need to allow your users to connect to it, with it selected press ‘Entitlements’.
16. Add in the users and/or groups you want to grant access to > OK.
17. It can take a while for the replica to be created then all the linked clones to become ‘Available’ watch progress under ‘Inventory > Desktops’.
18. When available you should be able to connect to them using the VMware View Client.
19. And finally get your new Windows 7 linked clone desktop.
Related Articles, References, Credits, or External Links
Persona Management, is the VMware version of “Roaming Profiles” and “Redirected Folders” rolled into one. Though the redirected folders bit is a lot easier to set up and less problematic than the Microsoft Folder Redirection policy.
Its handy if you using floating pools but still want your users to have a persistent user interface. Having these files centrally makes them easier to backup, and the more your users can customise their desktops and settings the better their level of equipment husbandry.
Solution
Create a “Roaming Profile” Network share with the correct permissions
1. On a network accessible server, create a folder and set the SHARE permissions as follows;
Share Permissions
Everyone = Read. Domain Users = Full Control.
Note: You may also want to DISABLE Caching on this folder.
2. Stop inheritable permissions from propagating to the folders and set the security permissions as follows;
Security / NTFS Permissions
Creator Owner (Subfolders and Files Only) = Full Control. Domain Users (This folder Only) = List Folder/Read Data and Create Folders/Append Data. System (This Folder, Subfolders and files) = Full Control. Creator Owner (Subfolders and Files Only) = Full Control. Everyone = No Permissions.
Note: I’m using domain users, you might have a different security group that you want to substitute.
3. Make sure that the machines that you will be using as view targets, have the View Persona Management option selected (this is selected by default).
Here you will find the folders that can be redirected to a central location.
13. For example, here I’m redirecting the users “My Documents” folder.
14. And their “My Pictures” folder.
15. Make sure you have a pool created, and your users are have an ‘entitlement’ to them. These machines will also HAVE TO be in the OU your policy is applying to.
16. Now when your users connect to their View Desktops.
17. Their user profile will be persistent.
18. Because their settings are stored in your profile shared folder.
Note: Persona Management will store the profile in username.domainname format. The reason there is a V2 on the end of it, denotes the profile is for Windows 7 or Vista. If users swap between these OS’s and any older Windows OS’s, then they will get a separate profile for those as well. If this is the case rely on the folder redirection rather than the profile.
Related Articles, References, Credits, or External Links
Kiosk mode is quite useful, if you have some machines that you want to put in a public area for visitors to use, or for machines that are used in displays etc. Or if you have some older PC’s that you just want to repurpose as internet terminals or ‘point of sale’ box’s.
Essentially it’s a system that delivers a virtual VMware View desktop to a PC or Thin client without the need to authenticate to the connection server. Kiosk authentication is disabled by default, so you need to run a few commands to get it enabled.
Solution
Before starting you will need a Virtual Machine ready to be used for the Kiosk machine. You might want to create this machine with a “nonpersistent” disk.
Note: Alternatively you can create a user that matches the MAC address of the client machine and auto generate a password like so, (this assumes the thin client or PC’s MAC addresses is 3C:4A:92:D3:12:1C).
4. Then allow this connection server to accept kiosk connections with the following command;
[box]vdmadmin -Q -enable -s PNL-CS[/box]
Note: Where PNL-CS is the name of my VMware Connection Server.
5. You can view the settings configured on this connection server with the following command;
[box]vdmadmin -Q -clientauth -list[/box]
6. While still on your connection server open VMware View Administrator, and create a ‘Pool’ for your Kiosk machine.
7. Manual Pool > Next.
8. Dedicated > Next.
9. vCenter virtual Machines > Next.
10. Next.
11. Give the pool an ID and Display name > Next.
12. Select the machine you are using as the source for the Kiosk machine > Next.
13. When the pool is created > Entitlements.
14. Add in the group that you created in step 1 > OK.
15. Just check on the ‘desktops’ tab and make sure the machine is listed as ‘available’.
Step 3: Connect to the Kiosk Machine
16. Now from your client machine or thin client, you can execute the following command to open the kiosk session.
Note: In a live environment you may want to make the host machine or thin client automatically log on and put this command in the ‘startup’ folder, or call it from a startup/logon script so the machine will boot straight into the kiosk virtual machine.
17. All being well you should be presented with the kiosk VM machine, note you no longer get the normal VMware View tool bar etc, it will behave as if the machine is in front of you.
Related Articles, References, Credits, or External Links