Deploying VMware View 5 – Part 2: Configure Windows 7 to be a VMware View Desktop

KB ID 0000596

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

In Part 1 we looked at setting up your connection server. To actually deliver a virtual desktop you need to a) have a desktop built, and b) have the VMware View ‘agent’ installed on it.

In addition there are various changes you need to make, both to streamline the virtual machine, and make it more efficient for VMware View.

Note: If you are doing manual assignment of desktops to users, then this is not as important, but if you are going to deploy linked clone desktops this is VERY important. Either way its still good practice to ‘prep’ desktops first.

Solution

1. Build the desktop you intend to deliver via View (In this example I’m using Windows 7 Pro x32 bit).

Licencing Note: For manual desktop assignments you can use MAK license keys, but for larger deployments using VMware composer and linked clones, use Microsoft’s KMS server to service your licensing needs.

Using KMS Server for Windows Server 2008 R2, Windows 7, and Office 2010

2. Run a full Windows update, allow the machine to reboot, then keep running Windows update until it says that it is up to date.

3. Then install the VMware tools.

4. Install any software and applications you require.

5. Download these scripts to auto configure your clients.

Note: There are two scripts, one called PrepClient.bat and the other called PrepClientPM.bat (Only use the latter if you are going to deploy persona management). I originally got these scripts from VMware, and have made a subtle change to them, they are 99% NOT my work!

Make sure you execute the scripts from a command window “As Administrator”, (right click the cmd shortcut while holding down Shift). You will need to do this even if you are logged in as the administrator.

What this script is doing?

a. Sets screen saver to “Blank Screen”, enable after one minute, and password protects it. b. Empties the internet cache. c. Turns off RSS Feeds in Internet Explorer. d. Disables Microsoft Action center. e. Stops the “Welcome to Internet Explorer” Dialogue for new users. f. Disables “Superfetch”. g. Disables Windows update (Note: If you are not using linked clones you might want to remove this line);

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU” /v NoAutoUpdate /t REG_DWORD /d 0x1 /f[/box]

h. Disables System Restore, and removes access to the restore options. i. Sets the application log size to 10MB and allows it to overwrite events as needed. j. Sets the system log size to 10MB and allows it to overwrite events as needed. k. Sets the security log size to 10MB and allows it to overwrite events as needed. l. Disables the Network Location Wizard. m. Disables Crash Dump Logging. n. Deleted files are instantly deleted, they do not go to the recycle bin (Stops the recycler file filling up with junk), to stop this remove this line.

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer” /v NoRecycleFiles /t REG_DWORD /d 0x1 /f[/box]

o. Enables Remote Desktop (RDP Connections) from all clients (the less secure option) p. Disables Windows User Access control. q. Disables Windows SideShow. r. Disables the following services.

Bitlocker Drive Encryption Service ‘BDESVC’ Block Level Backup Engine Service ‘wbengine’ Diagnostic Policy Service ‘DPS’ Desktop Window Manager Session Manager Service ‘UxSms’ Disk Defragmenter Service ‘Defragsvc’ Home Group Listener Service ‘HomeGroupListener’ Home Group Service ‘HomeGroupProvider’ IP Helper Service ‘iphlpsvc’ Microsoft iSCSI Initiator Service ‘MSiSCSI’ Microsoft Software Shadow Copy Provider ‘swprv’ Client side Caching Service ‘CscService’ Secure Socket Tunnelling Protocol Service ‘SstpSvc’ Windows Security Center Service ‘wscsvc’ Simple Service Discovery Protocol Service ‘SSDPSRV’ ReadyBoost Service ‘SysMain’ Tablet Input Service ‘TabletInputService’ Themes Service ‘Themes’ Universal Plug and Play Service ‘upnphost’ Volume Snapshot Service ‘VSS’ (Note: NOT Disabled if using the Persona Management Batch File) Windows Backup Service ‘SDRSVC’ Windows Defender Service ‘WinDefend’ Windows Error Reporting Service ‘WerSvc’ Windows Firewall Service ‘MpsSvc’ Windows Media Center Receiver Service ‘ehRecvr’ Windows Media Center Scheduler Service ‘ehSched’ Windows Search Service ‘WSearch’ Windows Update Service wuauserv’ Wireless LAN Service ‘Wlansvc’ Wireless Auto config Service ‘WwanSvc’

s. Sets Windows to show “Blank Screen” when booting instead of the Windows animation. “bcdedit /set BOOTUX disabled”. t Remove all Shadow Copies, “vssadmin delete shadows /All /Quiet” (Note: NOTDisabled if using the Persona Management batch file). u. Disables Hibernation “powercfg -H OFF”. v. Disables the “Last accessed” timestamp for windows files “fsutil behavior set DisableLastAccess 1”. w. Stops scheduled Windows Defragmentation (Note: In Linked clone environments this would expand all the delta disks and is a common ‘gotcha’). x. Stops the registry backup which happens every 10 days. y. Stops the scheduled Windows Defender tasks. z. Stops the Windows System Assessment Tools (this gives your PC its ‘performance rating’ from 1 to 5).

Another Option to Prepare Windows 7 for View

You can also (If you prefer a graphical tool) use Desktop Optimizer from Quest. (Note: Also needs to be ran as administrator or you will get runtime errors!)

6. Then Install the VMware View Agent.

7. Then make sure any floppy drives, and CD/DVD drives are also disconnected.

8. If the virtual machine is going to be in a manual pool leave it powered on. If it’s going to be part of an automated pool, you can snapshot it.

Related Articles, References, Credits, or External Links

Deploying VMware View 5 – Part 1: Configure Active Directory and Deploy VMware Connection Server

Deploying VMware View 5 – Part 3: Creating a ‘Manual Pool’ and Connecting a View Client

 

VMware View – Windows Pool ‘Stuck’ on Customizing

KB ID 0000646 

Problem

While trying to deploy a Windows XP Pool yesterday, I hit upon this problem. Windows 7 works fine, but as soon as I tried to roll out a Windows XP pool, they stopped like this;

After a couple of hours, the whole operation timed out, and each machine shows as;

Status
{Date}{Time} o’clock {Time-Zone}:
Customization operation timed out

I tried to deploy the pool with both ‘quick prep’ and ‘sysprep’, but the results were the same. The replica is created, the pool creates the machines, but they DO NOT join the domain.

Solution

Despite my best efforts, I had to admit defeat and call VMware. Turns out they knew what the problem was straight away.

1. In my case the pool was going to be a linked clone pool. Go to the reference XP machine that you are using for this pool, and power it on.

2. Start > Run > appwiz.cpl {Enter}.

3. Locate and uninstall the VMware View Agent software.

4. Reboot the machine.

5. Download and install Microsoft Update 944043 on the XP Source machine. (Note: here’s the x32 bit version for XP).

6. Reboot the machine, (or the next step will fail and ask for a reboot!)

7. Reinstall the VMware View Agent.

8. Now if you are creating a linked clone pool, release the IP address > shut down the guest machine > snapshot the guest machine > recreate your pool.

Conclusion

VMware tell me that this is well documented in this kb article. But both at the time, and since, I’ve analysed the logs on the connection server, and the agent logs on the deployed machines, and found no mention of the following error,

“View Composer agent initialization state error (18): Failed to join the domain”

Hopefully this will help out someone stuck in the same position.

Related Articles, References, Credits, or External Links

NA

Set Up the VMware View 5 (and Horizon View) Event Database

KB ID 0000856

Problem

Below I’ll configure SQL 2008 R2, insofar as I will setup a new database for the View Events, create a user for that database, then finally connect the View 5 Horizon View Connection Server to that database.

Solution

1. Firstly, I’m assuming you have a SQL Server setup and ready to create database on, If you do not rather than reinvent the when follow my instructions in the article below.

Deploying VMware View 5 -Part 4 Installing and Configuring SQL 2008 R2

Note: Complete ONLY Steps 1 to 6 then return here.

2. Login to the SQL Management Studio > Databases > New Database.

3. Call it View5Events (Note: You can call it ‘Aunty Mary’s Canary’ if you want to).

4. Options section > change the recovery mode to ‘Simple’ > OK.

5. Expand Security > Logins > New Login.

6. Give the user a name i.e. view5events > Tick ‘SQL Authentication’ > Type and re-type a password > Untick ‘Enforce password policy’.

7. User Mapping tab > Tick the View5Events Database > Tick db_owner > OK > Close the SQL Management Studio.

8. Login to the Connection Server (Flash Required) > View Configuration > Event Configuration > Edit,

Database Server: The name of the Server Running SQL.
Port: 1433 (Standard SQL Port make sure it it NOT blocked by a firewall).
Database Name: View5Events
User name: view5events
Password: {You set above}
Table prefix: _vdi

9. To see if it is working > Monitoring > Events > (It may be empty for a while don’t panic).

 

Related Articles, References, Credits, or External Links

NA

Allow access to VMware View through Cisco ASA 5500

KB ID 0000545 

Problem

To access VMware View though a firewall you need the following ports to be open;

In the following example I’m using 192.168.1.100 as the internal IP address of the View Server and the public IP address of the firewall is 123.123.123.123.

Which solution you use, depends on weather you are allowing access via a dedicated public IP that you will assign to the VMware View server, or if you do not have a spare public IP, you will need to use port forwarding.

Option 1 – You have a public IP that you want to assign to the VMware View Server

Option 2 – You want to use Port Forwarding (And your ASA is pre version 8.3)

Option 3 – You want to use Port Forwarding (And your ASA is version 8.3 or newer)

Solution

Option 1 – You have a public IP that you want to assign to the VMware View Server

As I’m using 123.123.123.123 on the outside of my ASA I’m going to use another public IP address for the VMware View server (123.123.123.124) and I will statically map that to its internal IP address. Then I allow the ports to that IP address, and finally apply the access-list (ACL) that I’ve used to the outside interface (where the VMware View traffic will be coming from).

Warning: The last command (starting access-group, applies the access-list ‘inbound’ in the inbound direction on the outside interface, you may already have an access-list applied to this interface (the ‘show run access-group’ command will tell you) If you do have another ACL simply substitute the name of yours for the work inbound in my example below).

[box]static (inside,outside) 123.123.123.124 192.168.1.100 netmask 255.255.255.255
access-list inbound extended permit tcp any host 123.123.123.123 eq www
access-list inbound extended permit tcp any host 123.123.123.123 eq https
access-list inbound extended permit tcp any host 123.123.123.123 eq 4172
access-list inbound extended permit udp any host 123.123.123.123 eq 4172
access-group inbound in interface outside
[/box]

Option 2 – You want to use Port Forwarding (And your ASA is pre version 8.3)

Below I’m creating a static PAT entry for all the ports required, then allowing the traffic with an access-list, and finally applying the access-list (ACL) that I’ve used to the outside interface (where the VMware View traffic will be coming from)

Warning: The last command (starting access-group, applies the access-list ‘inbound’ in the inbound direction on the outside interface, you may already have an access-list applied to this interface (the ‘show run access-group’ command will tell you) If you do have another ACL simply substitute the name of yours for the work inbound in my example below).

Note: If you port forward https on the outside interface, as I’m doing here, you will not be able to access the ASDM from outside – unless you put it on another port. The following two commands would change the ASDM to port 2345 for example:

no http server enable
http server enable 2345

[box]static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.1.100 https netmask 255.255.255.255
static (inside,outside) tcp interface 4172 192.168.1.100 4172 netmask 255.255.255.255
static (inside,outside) udp interface 4172 192.168.1.100 4172 netmask 255.255.255.255
access-list inbound permit tcp any interface outside eq www
access-list inbound permit tcp any interface outside eq https
access-list inbound permit tcp any interface outside eq 4172
access-list inbound permit udp any interface outside eq 4172
access-group inbound in interface outside
[/box]

Option 3 – You want to use Port Forwarding (And your ASA is version 8.3 or newer)

Below I’m creating a network object for all the ports required and statically NATTING the ports required to them, then I’m allowing the traffic to reach that network object, and finally applying the access-list (ACL) that I’ve used to the outside interface (where the VMware View traffic will be coming from)

Warning: The last command (starting access-group, applies the access-list ‘inbound’ in the inbound direction on the outside interface, you may already have an access-list applied to this interface (the ‘show run access-group’ command will tell you) If you do have another ACL simply substitute the name of yours for the work inbound in my example below).

Note: If you port forward https on the outside interface, as I’m doing here, you will not be able to access the ASDM from outside – unless you put it on another port: The following two commands would change the ASDM to port 2345 for example:

no http server enable
http server enable 2345

[box]object network VMWare-View-T80
host 192.168.1.100
nat (inside,outside) static interface service tcp www www
object network VMWare-View-T443
host 192.168.1.100
nat (inside,outside) static interface service tcp https https
object network VMWare-View-T4172
host 192.168.1.100
nat (inside,outside) static interface service tcp 4172 4172
object network VMWare-View-U4172
host 192.168.1.100
nat (inside,outside) static interface service udp 4172 4172
access-list inbound permit tcp any object VMWare-View-T80 eq www
access-list inbound permit tcp any object VMWare-View-T443 eq https
access-list inbound permit tcp any object VMWare-View-T4172 eq 4172
access-list inbound permit udp any object VMWare-View-U4172 eq 4172
access-group inbound in interface outside
[/box]

Related Articles, References, Credits, or External Links

Cisco PIX / ASA Port Forwarding Using Command Line, ASDM and PDM