VMware Horizon – Replacing Certificates

KB ID 0001547

Problem

I deployed Horizon v7 a while ago for a client, they messaged me to say their wildcard cert was about to expire, could I replace it in the Horizon infrastructure.

On logging in, sure enough;

Connection Server Details
Status: The service has a minor issue
SSL Certificate: About to expire {Date} {Time}

This is why I like VMware, it’s picked up the problem, and pointed me in the right direction, (the connection servers).

Solution

Firstly you will notice I’ve got two connection servers, DO ONE AT A TIME, then if something breaks, you can still get into the manager! If you only have one connection server, I’d suggest taking a snapshot of it first!

Import your new certificate onto the connection server. Make sure you select local computer when you import it.  Then you will notice that your ‘old’ one has a friendly name of ‘vdm‘. Rename vdm to OLD-vdm, then rename the new one to vdm.

Finally, either restart the VMware Horizon View Connection Server service, or reboot the server.

Related Articles, References, Credits, or External Links

NA

VMware Composer Install Fails

KB ID 0001498

Problem

While attempting to deploy VMware Composer, (in my case version 7) on a windows Server, (in my case 2016 Datacenter). This happened;

Installation Failed

The wizard was interrupted before VMware Horizon7 Composer could be completely installed.

Your system has not been modified. To complete installation at another time please run setup again.

Click Finish to exit the wizard.

Annoyingly I know what it was straight away, because I’d read up on the subject before I started. 

Solution

‘Power Off’ the server, locate its VM > Edit Settings > VM Options > Boot Options > Ensure firmware is set to “EFI (recommended) > Note: It should be by default > Under Secure boot ‘Untick‘ Secure boot (EFI boot only) > OK.

Power the server back on, then retry the VMware Horizon Composer installation.

Related Articles, References, Credits, or External Links

NA

VMware View Connection Server – Stop Session timeouts

KB ID 0000605

Problem

For security reasons, the VMware View Administrator will timeout after a short period of inactivity, and you will see the following.

Server Error
Your session has timed out. Please log in again.
Click OK to be redirected to the login screen.

However if you work in the console a lot, this can get quite annoying.

Solution

From within the View Administrator console > View Configuration > Global settings > Edit > Tick “Enable automatic status updates” > OK > OK.

Note: Another advantage to doing this is, you don’t have to keep pressing refresh to update the interface.

Related Articles, References, Credits, or External Links

NA

Deploying VMware View 5 – Part 1: Configure Active Directory and Deploy VMware Connection Server

KB ID 0000594

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

VMware View is a big product, deploying it can be daunting, and if you’re not sure what you’re doing it’s pretty easy to deploy ‘misconfigured’, or at the very least not configured as well as it should. I’m going to run though most requirements, but it would seem sensible to break this up into a few different articles.

Solution

Configuring Windows Active Directory for VMware View

1. Before you start, on your domain controller open active directory users and computers (dsa.msc). Create an OU for your View Desktops, also to make administration easier create a separate OU for any linked clones you are going to deploy. In the example below I’ve nested one inside the other to keep my AD neat and tidy.

2. Also whilst in AD users and computers, create some groups, one for ViewUsers, and one for ViewAdministrators. Add in your users to the groups as required.

Note: You can call the groups whatever you like, and have as many different groups as you like.

3. Now connect to your Virtual Center Server, and add the domain ViewAdministrators group to the LOCAL Administrators group on that server.

Installing and configuring VMware View 5

4. Run the installer for VMware Connection Server (there is a x32 and an x64 version, make sure you download the correct one as VMware call the x64 bit version VMware-viewconnectionserver-x86_64-5.0.1-640055.exe, which at first glance looks like a x32 bit file). Accept all the defaults until you see the following screen, and select View Standard Server.

View Standard Server: Select if this is the first Connection Server you are deploying. View Replica Server: Select this if you already have a connection server and you want to copy the configuration from that server, once in operation it just becomes a standard replica server. View Security Server: Usually placed on an edge network or in a DMZ to broker connection requests. View Transfer Server: Only required if your clients are going to use ‘Local Mode’ for their View desktops..

5. Accept all the defaults and finish the installation.

6. Connect to the VMware View administrator console, this is a web connection to https://{Connection-server-name/admin Note: Adobe Flash is required for it to work.

7. The first time you connect it will take you straight to View Configuration > Product Licencing and Usage > Select “Edit Licence” and type/paste in your licence key.

8. To point the connection server to your virtual center server, select View Configuration > Servers > vCenter Server section > Add.

9. Give it the vCenter server name, and a username and password for a user who is a member of your ViewAdministrators group.

Note: If your vCenter server has VMware composer installed this is where you would enable it. At this time I do not, but I will return here later after I’ve installed it when I cover VMware Composer and ‘linked clones’.

Related Articles, References, Credits, or External Links

Deploying VMware View 5 – Part 2: Configure Windows 7 to be a VMware View Desktop

Deploying VMware View 5 – Part 3: Creating a ‘Manual Pool’ and Connecting a View Client

KB ID 0000598

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

In Part 2 we got our machine ready to be delivered via VMware View. Now we need to create a ‘Pool’, grant users access to that pool, and finally connect to it from a VMware View Client.

Solution

VMware View – Creating a Manual Pool

1. Open a connection to your VMware View Administrator console (https://{connection-server-name}admin). Log in and navigate to Inventory > Pools > Add.

2. We are going to create a manual pool (Note: An automated pool will create machines dynamically as required).

3. I’m selecting dedicated (the machine will get allocated to the first user that connects to it, and remains theirs). With a floating Pool machines are returned to the pool after they are finished with to be given to the next user that requires a machine.

4. My machine is in vCenter.

5. And there’s my vCenter

6. Give the new pool a sensible name.

7. Change the settings for the pool as required, I pretty much accept the defaults, but I allow the users to “reset” their desktop.

8. Select the machine(s) you are going to add to the pool, and complete the wizard.

9. Now you have a new pool, you need to grant users/groups an ‘entitlement’ to use it.

10. Simply add in the users or groups from Active Directory as required.

VMware View – Installing the VMware View Client

11. You will find that there are x32 and x64 bit VMware client software installs. There are available in two flavours, (with local mode, or without local mode).

Note: Local Mode: This is a mechanism where users can ‘check out’ their virtual machines and work on them remotely, then ‘sync’ them back to the network when they return, it requires a VMware Transport Server (use the connection server install media and change the server type to Transport Server).

12. During setup it will ask you the name of your connection server.

13. Normally you would tick “Set default option to login as current user”. If not you will see the login option in step 16 below.

14. When you launch the software, you may want to change the certificate options. The Connection server will have installed with a ‘self signed’ certificate, (which is fine) but you might want to change the ‘Configure SSL” options.

15. Here I’ve set them to allow, it says not secure – but its still encrypted, it should really say ‘least secure’.

16. If you didn’t tick the box in step 13 above you will need to login again.

17. Now you will see all the pools you have an entitlement to, select as appropriate and click connect.

18. All being well the desktop will connect and dynamically resize to fit.

19. Whist connected you will can control your connection with the menu on the view client bar at the top of the screen, also here you will see options for connecting USB Devices (Note: USB will only be available if you had it selected when you installed the client, it IS selected by default).

Related Articles, References, Credits, or External Links

VMware View 5 – Part 4 Installing and Configuring SQL 2008 R2 and VMware Composer

VMware – Cannot Delete an ‘Orphaned’ Replica

KB ID 0000601 

Problem

After some messing about on my test network I was left with a ‘replica’ machine that I needed to get rid of, this was easier said than done, as it was in an orphaned state.

Solution

1. Find out which host in the cluster the replica is on, In my case that’s simple (I only have one). In a live environment click the replica machines summary tab, and it will tell you which host it is on. Connect directly to the host with the VI client software. (Remember the username this time will probably be root!), then right click the replica and select ‘Delete form Disk’.

2. Log back into your Virtual Center Server with the VI client. Right click the host that had the replica on it and select ‘Disconnect’.

Note: We actually need to remove it from the cluster, but to to that it would need to be in maintenance mode (not good if you have live servers running) that’s why we are disconnecting it first (the VM‘s will stay online).

3. Once disconnected, right click the host again, and this time ‘Remove”. Don’t panic the guest machines will stay online.

4. Then simply add the ESX host back into the cluster once again, this time its updated inventory (Minus the deleted replica) will be added back.

Related Articles, References, Credits, or External Links

NA

Deploying VMware View 5 – Part 5 Deploying Linked Clone View Desktops

KB ID 0000607

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

It’s been a while since I wrote Part 4, so it’s time to wrap this up. Now we have Composer installed on the Virtual Center, we can start to deploy our linked clone desktops.

Solution

VMware View – Prepare your Source Machine

1. I’ve already covered how to prepare your Windows 7 client machine to be a View client here. Once that’s done, release its IP address (ipconfig /release) and shut it down.

2. With your source machine shut down, take a snapshot of the machine.

VMware View – Create an Automated Linked Clone Pool

3. Log into your VMware View Administrator console > Inventory > Pools > Add.

4. Automated > Next.

5. Dedicated > Next (unless you want a floating user assignment, the description of each is on this page).

6. View Composer linked clones > Next (ensure your vCenter is listed, and has “Yes” in the View Composer section).

7. Give the pool an ID, name, and description. (Note: If you use folders for your VM’s, you can also select those here).

8. I tend to stick with the defaults, except I let the users reset their desktops > Next.

9. I’m not redirecting any disposable files or profiles > Next.

10. Expand Security > Logins > Create a new login.

11. For the default Image, browse to your source machine, then select the snapshot. Set the Folder, Host/Cluster, and Resource pool as applicable. Then browse for a datastore.

12. Here I’ve selected to store my disks on different datastores. If you can, put your replica disk on the FASTEST storage, as this gets the most “Read” traffic > OK > Next.

13. The domain should auto populate > Pick an OU to place the new machines into, then select either to use quickprep (the VMware one), or Sysprep (the Microsoft one). > Next.

Note: You can also use a customization specification (yes Americans are worse at spelling than me!), you set these up in the VI client on the home screen under ‘Customization Specifications Manager’.

14. Review the information > Finish.

15. Now you have you pool, you need to allow your users to connect to it, with it selected press ‘Entitlements’.

16. Add in the users and/or groups you want to grant access to > OK.

17. It can take a while for the replica to be created then all the linked clones to become ‘Available’ watch progress under ‘Inventory > Desktops’.

18. When available you should be able to connect to them using the VMware View Client.

19. And finally get your new Windows 7 linked clone desktop.

Related Articles, References, Credits, or External Links

NA

VMware View – Using Persona Management

KB ID 0000615 

Problem

Persona Management, is the VMware version of “Roaming Profiles” and “Redirected Folders” rolled into one. Though the redirected folders bit is a lot easier to set up and less problematic than the Microsoft Folder Redirection policy.

Its handy if you using floating pools but still want your users to have a persistent user interface. Having these files centrally makes them easier to backup, and the more your users can customise their desktops and settings the better their level of equipment husbandry.

Solution

Create a “Roaming Profile” Network share with the correct permissions

1. On a network accessible server, create a folder and set the SHARE permissions as follows;

Share Permissions

Everyone = Read. Domain Users = Full Control.

Note: You may also want to DISABLE Caching on this folder.

2. Stop inheritable permissions from propagating to the folders and set the security permissions as follows;

Security / NTFS Permissions

Creator Owner (Subfolders and Files Only) = Full Control. Domain Users (This folder Only) = List Folder/Read Data and Create Folders/Append Data. System (This Folder, Subfolders and files) = Full Control. Creator Owner (Subfolders and Files Only) = Full Control. Everyone = No Permissions.

Note: I’m using domain users, you might have a different security group that you want to substitute.

3. Make sure that the machines that you will be using as view targets, have the View Persona Management option selected (this is selected by default).

Configure Windows 7 to be a VMware View Desktop

4. You need to get the administrative template for Persona Management. You will find it on your VMware Connection Server in the following location;

[box] C:Program FilesVMwareVMware ViewServerextrasGroupPolicyFiles [/box]

Locate the ViewPM.adm file and copy it to a domain controller.

5. Create a new group policy that is linked to the OU containing your View machines.

6. Edit the policy > Expand Computer Configuration > Policies >Administrative Templates > Right Click > add/Remove Administrative Temple > Add in the ViewPM.adm template.

7. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management [/box]

8. In the roaming and Synchronisation Section > Manage user persona > Set to Enabled > Next Setting.

9. Enable > Enter the shared folder you created earlier > Next Setting.

10. Enabled (to remove local cached copies of the profile).

11. Enabled to roam the local folder > That’s all I’m going to configure in this branch of the policy.

Persona Management Folder Redirection

12. Navigate to;

[box] Computer Configuration > Polices > Administrative Templates > Classic Administrative Templates > VMware View Agent Configuration > Persona Management > Folder Redirection [/box]

Here you will find the folders that can be redirected to a central location.

13. For example, here I’m redirecting the users “My Documents” folder.

14. And their “My Pictures” folder.

15. Make sure you have a pool created, and your users are have an ‘entitlement’ to them. These machines will also HAVE TO be in the OU your policy is applying to.

Creating a ‘Manual Pool’ and Connecting a View Client

Deploying Linked Clone View Desktops

16. Now when your users connect to their View Desktops.

17. Their user profile will be persistent.

18. Because their settings are stored in your profile shared folder.

Note: Persona Management will store the profile in username.domainname format. The reason there is a V2 on the end of it, denotes the profile is for Windows 7 or Vista. If users swap between these OS’s and any older Windows OS’s, then they will get a separate profile for those as well. If this is the case rely on the folder redirection rather than the profile.

Related Articles, References, Credits, or External Links

NA

VMware View 5 – Configure and Deploy Clients in ‘Kiosk Mode’

KB ID 0000610 

Problem

Kiosk mode is quite useful, if you have some machines that you want to put in a public area for visitors to use, or for machines that are used in displays etc. Or if you have some older PC’s that you just want to repurpose as internet terminals or ‘point of sale’ box’s.

Essentially it’s a system that delivers a virtual VMware View desktop to a PC or Thin client without the need to authenticate to the connection server. Kiosk authentication is disabled by default, so you need to run a few commands to get it enabled.

Solution

Before starting you will need a Virtual Machine ready to be used for the Kiosk machine. You might want to create this machine with a “nonpersistent” disk.

Configure Windows 7 to be a VMware View Desktop

Step 1: Prepare Active Directory

1. Set yourself up an OU to hold your kiosk machine, and a security group that will contain the user account you are going to create later.

Step 2: Configure the VMware Connection Server

2. Now log into your VMware Connection Server, open a command window with elevated privileges. then issue the following command;

[box]vdmadmin -Q -clientauth -setdefaults -ou “OU=Kiosk,OU=ViewDesktops,DC=petenetlive,DC=com” -noexpirepassword -group kioskusers[/box]

Note: where kioskusers is the name of the group you created.

3. Now I will create a user ‘custom-kiosk-user’ with a password of ‘Password123’, and put him in the OU and group we created earlier;

[box]vdmadmin -Q -clientauth -add -domain petenetlive -clientid custom-kiosk-user -password “Password123” -ou “OU=Kiosk,OU=ViewDesktops,DC=petenetlive,DC=com” -group kioskusers -description “Kiosk Terminal”[/box]

Note: Alternatively you can create a user that matches the MAC address of the client machine and auto generate a password like so, (this assumes the thin client or PC’s MAC addresses is 3C:4A:92:D3:12:1C).

4. Then allow this connection server to accept kiosk connections with the following command;

[box]vdmadmin -Q -enable -s PNL-CS[/box]

Note: Where PNL-CS is the name of my VMware Connection Server.

5. You can view the settings configured on this connection server with the following command;

[box]vdmadmin -Q -clientauth -list[/box]

6. While still on your connection server open VMware View Administrator, and create a ‘Pool’ for your Kiosk machine.

7. Manual Pool > Next.

8. Dedicated > Next.

9. vCenter virtual Machines > Next.

10. Next.

11. Give the pool an ID and Display name > Next.

12. Select the machine you are using as the source for the Kiosk machine > Next.

13. When the pool is created > Entitlements.

14. Add in the group that you created in step 1 > OK.

15. Just check on the ‘desktops’ tab and make sure the machine is listed as ‘available’.

Step 3: Connect to the Kiosk Machine

16. Now from your client machine or thin client, you can execute the following command to open the kiosk session.

[box]c:program filesvmwarevmware viewclientbinwswc” -unattended -serverURL PNL-CS -userName custom-kiosk-user -password “Password123″[/box]

Note: In a live environment you may want to make the host machine or thin client automatically log on and put this command in the ‘startup’ folder, or call it from a startup/logon script so the machine will boot straight into the kiosk virtual machine.

17. All being well you should be presented with the kiosk VM machine, note you no longer get the normal VMware View tool bar etc, it will behave as if the machine is in front of you.

Related Articles, References, Credits, or External Links

Deploying VMware View 5