Horizon View 6.2.2 Gotchas

Hey guys!

A customer and I upgraded their 1500+ seat production VDI+RDSH deployment from VMware Horizon View 6.0 to the latest 6.2.2 this week, and encountered a few issues that are not particularly talked about. This will be more of a brief than my typical post due to time constraints, but I will likely go back to add color as soon as possible.

  1. The first revelation isn’t directed toward VMware at all – This was a facility that utilizes Dragon for dictation, and their support for the PowerMic II’s is dismal. When we upgraded the Horizon View Agent on a user linked-clone pool that was configured for Dragon, the microphone was no longer detected. After a long weekend with no response, my customer was told the issue is likely bandwidth related. That’s a heck of a leap given the circumstances and troubleshooting we recanted to them, especially with no investigation on their part.
  2. For the VMware side of the house – Holy moley was this a hard upgrade for some reason. We walked through all of the pre-reqs (Including new firewall ports) for the new version of Horizon View but felt the smite of the installer itself instead – Even when if reported a clean installation, there were issues with a partial upgrade with most components:
    1. View Composer was partially upgraded even though it claimed success.
    2. View Connection Servers claimed success but still said 6.0 in the Administrator Console. VMware told us that this is a graphical bug they’re trying to squash.
    3. View Security servers would not pair, likely due to corrupted installs with mixed data.
    4. IPSec connectivity between security and connection servers was suspect in this customer environment, even with no network firewall between them and the appropriate rules configured in the Windows Firewall. This led to an early morning call due to loss of external connectivity.
    5. In order to use VMware Blast for RDSH applications, a second installer is required. We’re waiting until all agents are updated before deploying as per VMware’s recommendation.
    6. External access through the PCoIP Secure Gateway wouldn’t work until both the View Agent and the users Horizon Client were updated to the latest version. This was unexpected and not documented in the VMware Compatibility Matrix. You can imagine the scramble to resolve that one.
    7. Teradici Tera1-based zero clients will be no longer VMware certified (or supported by Teradici) at the end of April 2016. As it is, they can not have the latest 4.8 firmware applied to them, requiring …..
    8. Enable TLS 1.0 and 1.1 if you’re hardware or software is unable to communicate securely. Or decide to remediate the actual issue (Deprecated hardware/software) instead of compromising security. This will be required end-to-end.

That’s it for now – As I said, I plan to come back and color these in as time permits.

Be careful out there!

Migrating VMware View vCenter to a new host

Hey everyone!

The end of support for Windows Server 2003 is coming, and a lot of organizations are scrambling to migrate their production systems before the  July 14, 2015 deadline. Many groups are still running the vCenter (5.0 or 5.1) that VMware View utilizes on Windows Server 2003, and I was recently asked about the migration path. For a vCenter/Windows OS compatibility matrix, click here.

There are two scenarios: One where the vCenter server maintains the same hostname and IP address, and one where the name and IP change. Today’s post deals with the first scenario and tomorrows will address the second.


Migrating vCenter to a new host without VMware View downtime
IMPORTANT NOTE: Proceed at your own risk. This operation is not supported by VMware. Click HERE for the KB.

  1. Export RSA Keys from old server
    1. Open an administrative command prompt and navigate to navigate to the %windir%\Microsoft.NET\Framework\v2.0xxxxx directory
    2. The ASP.NET IIS registration tool exports the RSA public-private key pair from the SviKeyContainer container to the keys.xml file and saves the file locally. Type: aspnet_regiis -px “SviKeyContainer” “c:\keys.xml” -pri. 
    3. Copy the .XML file to the new server or network storage.
  2. Document Database user names and passwords

  3. Shutdown Virtual Center Services (And Composer if co-existing) on the vCenter server being replaced

  4. Log into the View Administrator portal and disable virtual machine provisioning.

    1. Expand View Configuration
    2. Go to Servers\vCenter Servers
    3. Select the vCenter that will be migrated, and select ‘Disable Provisioning’
  5. Perform end-to-end backups of your environment (vCenter, Composer, ADAM). KB for that HERE.
  6. Shutdown old vCenter Server.
  7. In Active Directory, delete the old vCenter computer object.
  8. On the new vCenter Server, Rename the machine to the same as the old vCenter Server, Assign is the same static IP as the old vCenter, and join to the domain.
  9. Migrate RSA Keys to New VCenter Server
    1. On the destination computer, open an administrative command prompt and navigate to the %windir%\Microsoft.NET\Framework\v2.0xxxxx directory.
    2. type: aspnet_regiis -pi “SviKeyContainer” “path\keys.xml” –exp
  10. Install SQL Native Client (sqlncli.msi)
  11. Configure ODBC System DSN Connection for VCenter (Native 64-bit) and View Composer (Native 64-bit).
  12. Perform a simple installation of the vCenter Server and components (same version as what was running on old VCenter Server)
  13. If View composer is not standalone, Install View Composer. This may be a good time to split View Composer off of the vCenter server if that’s your ultimate goal.
  14. Ensure that all services started and are running.
  15. Connect to vCenter using either the vSphere client or Web Client (Depending on version). Ensure that hosts have reconnected and everything looks as you’d expect.
  16. In View Administrator, you may need to go to the Dashboard and Verify the SSL Certificates for the new VCenter.
  17. Enable Provisioning in View Administrator (should just work)
  18. Double-check any customization specs in the new VCenter Server.
  19. Test Recomposing and Provisioning of new Linked Clones.

User experience and expected behavior

It’s not exaggerating to say that this is an intense change-the-tires-while-doing-60-on-the-highway kind of operation, but in my testing of an 25 linked clone environment there was no impact. Any existing desktop connections or new connections to existing desktops should observe little or no disruption of service.

Resolve VMware View desktops in “Already Used” state

Hello!

This blog post should be a refresher, but I had to change this setting recently and thought I’d throw it out there on the blog as well.

In this situation, the client is running Horizon View 6 and predominately uses floating linked clone desktops that are set to refresh once a user logs out. For an unknown reason, this client does not prevent users from performing power operations on the View desktop that they’re connected to. This resulted in a few desktops in an “Already Used” state throughout the day as users presumably shutdown or restart their virtual desktops instead of logging off.

IT has been resolving this by manually refreshing desktops in this state. However, there’s an automated way to correct this problem if its happening to you!Enter PAED-DirtyVMPolicy. This per-pool setting (View 5.1.1 and newer) allows control over how “Already Used” desktops are treated.

There are three policy settings:

pae-DirtyVMPolicy=0. Mark virtual machines that were not cleanly logged off as ‘Already used’ and block user access to them. This is the default behavior in View 4.6 and later releases.

pae-DirtyVMPolicy=1. Allow virtual machines that were not cleanly logged off to become available without being refreshed. View Client users can access these desktops.

pae-DirtyVMPolicy=2. Automatically refresh virtual machines that were not cleanly logged off. View Client users can access these desktops after the refresh operation is completed.

Source: https://www.vmware.com/support/view51/doc/view-512-release-notes.html?ClickID=dkhs0xbx0kzhztss2ynnshxsykxz2zhozybk

To apply these a policy, RDP to a connection server and fire up ADSI Edit:

1) Connect to dc=vdi,dc=vmware,dc=int on localhost:
2

2) Expand the Server Groups OU:
3

3) Choose a pool experiencing the issue:
4

4) Right-click and select Properties on that pool:
6

5) Scroll down until you find pae-DirtyVmPolicy. Set this to a 1 or 2 to resolve.
7

6) Repeat for all affected pools.

NOTE: It would be a good idea to prevent users from performing power options on View Desktops via Group Policy and let the View Manager handle it. That group policy would change settings here: User Config>Admin Template>Start Menu and Taskbar>Remove and prevent access to the Shutdown, Restart, Sleep, and Hibernate

From the Field: Resolve ‘corrupted’ or stuck View Composer agent

Hey all, 

Yesterday I got to play with something I haven’t seen before. I hope it’s rare and that it’s never seen again, but I wrote down my resolution steps just in case. Note that there is not much (if anything) on the internet for this problem.

I tried many combinations, most of them with less chance of destruction. This is the method that worked. 

– – – – – – – – – – – – –

Issue: When trying to upgrade the View Agent on a VDI master desktop, the below symptoms are observed. 

Symptoms:
12

The Composer agent is still running, and the service is still started (Even after successful uninstallation):

34

Resolution Steps:

  1. Clone VM to have a backup
  2. Start machine
  3. Uninstall VMware (Horizon) View Agent 
  4. Reboot
  5. Attempt to install new View Agent
  6. Get messages depicted in the Symptoms section
  7. Verify that the agent was successfully removed:
    1. 5
    2. But that the Composer Agent is still running anyway:
      34
  8. Disable the composer service and reboot
  9. Open an administrative command prompt
  10. Manually remove composer service
    1. Type sc delete vmware-viewcomposer-ga
      7

  11. Remove dependencies to View Composer Agent from core windows components.

    1. Open Regedit

    2. Navigate to HKLM>System>CurrentControlSet>Services

    3. Start searching for the DependsOn string for the services listed below. Clear this key:
      8

      1. BFE

      2. Netlogon

      3. TCP/IP

  12. Exit the registry editor and reboot machine.

  13. Install the View agent as if none of this ever happened:
    9

VMware vExpert 2015!

Hello all!

First week of February- first three days in a VMware AirWatch bootcamp and the remainder roaming the Mascone Center in San Francisco at PEX. If you’re looking for a Mobile Device Management/Enterprise mobile security/File sync and share solution, AirWatch is for you. I’m also interested to see how tightly Airwatch will get integrated into the Horizon roadmap at some point in the future.

The 2015 vExpert announcement came out on my way home from VMware PEX. I’m absolutely humbled to be included on a list of absolute VMware rockstars for the first time.

I guess I have to double my efforts on this blog and my other outlets to prove (to myself) that I belong on this whos-who list!

Unidesk Layering in a VMware View deployment

Happy New Year!

Firstly, I hope everyone had a fantastic 2014 and enjoyed some time with family over the holidays. I had a very short work week, but part of that time was spent deploying Unidesk into my home lab and give this Layering thing a spin.

What is Layering?
Layering is the seperation of the PC experience into individual OS, User, and Application portions.

Conventionally, a PC is monolithic- Windows, Microsoft Word and everything the user created or downloaded is stored on the same hard disk. As time goes on and more “stuff” happens to the machine, the performance and experience degrades.

With Unidesk layering, desktops boot off of a virtual C: drive made up of independently managed layers. Desktop/IT staff creates a golden image complete with user applications, and end users are free to make any customizations they want in their user layers. Unidesk dynamically composites these layers at boot time into unified storage.

Why use a layering solution?

Ease of management: In many situations, there’s a single gold image to patch and run Windows Update on. The application layer can include bundles of applications to get most of the use cases, or individual applications for some subset of users… so a lot of flexibility here. And User data (settings, shortcuts, etc) is persistent regardless of what happens to the other layers. Unidesk also has a built-it “Undo” feature – you can revert a layer back to a prior point in time: This is awesome if you find a Windows Update causes a critical application to behave unexpectedly, or to rid a user desktop of viruses, malware or DLL conflicts.

In Conclusion

This will be the end of this blog post- I’ll kick the tires more over the weekend and come back with some findings on Monday. The Unidesk sales people that I’ve talked to are great guys, and they say that once a potential customer gets a Proof of Concept in the door it’s not long before they’re converted to full-fledged customers. I’ve spent a great deal of time looking at user environment management in 2014, and the Unidesk approach deserves some serious consideration.

APPSENSE BLUEPRINT DAY 2 – INSTALLING APPSENSE SUITE COMPONENTS

“Know the system requirements to run the AppSense Management Suite IIS Services and extension’s”

Hey everyone, welcome back! Today we get into the actual installation of AppSense. I think the easiest way to handle this will be seperating out into individual components.

Here we go!

AppSense Environment Manager

Supported Languages – English, German, French
Processor – Minimum – 1 CPU at 1.4GHz. Recommended 2CPU at 2GHz.
Memory – Minimum 2 GB. Recommended 4GB.
Disk Space – 10GB (When using SQL Express)

Required Utilities and Components

Client

  • Microsoft Windows Installer 3.1 – minimum requirement (included in Microsoft Windows Server 2003 Service Pack 1)
  • Microsoft Core XML Services (MSXML) 6.0
  • XML Lite 1.0.1018.0
  • Microsoft Visual C++ 2013 Redistributable Package (The x64 version requires x86 and x64 2013 Redistributable packages)

Personalization Server

  • Microsoft Windows Installer 3.1
  • Windows PowerShell 3.0 (only required for scripting)
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 4.0
  • Internet Information Services (IIS)
  • Microsoft ASP.NET 4.0
  • Microsoft Core XML Services (MSXML) 6.0

Browser Interface

  • Microsoft Windows Installer 3.1
  • Microsoft .NET Framework 4.0
  • Internet Information Services (IIS)
  • Microsoft ASP.NET 4.0

User Interface

  • Microsoft Windows Installer 3.1
  • Microsoft .NET Framework 4.0
  • Microsoft Visual C++ 2013 Redistributable Package (The x64 version requires x86 and x64 2013 Redistributable packages)

The following components are installed as part of the AppSense DesktopNow installer:

  • Windows Installer 4.5 Redistributable
  • Microsoft Core XML Services (MSXML) 6.0
  • Microsoft .NET Framework 4.0
  • Microsoft Visual C++ 2013 Redistributable Package (x86) and (x64)

Operating System Support:

  • Windows XP Professional SP2
  • Windows Vista Business, Ultimate and Enterprise
  • Windows 7 Business, Ultimate and Enterprise
  • Windows 8 Professional and Enterprise
  • Windows 8.1 Professional and Enterprise
  • Windows Server 2003 SP1 Standard and Enterprise *
  • Windows Server 2003 R2 Standard and Enterprise *
  • Windows Server 2008 Standard and Enterprise **
  • Windows Server 2008 R2 Standard and Enterprise
  • Windows Server 2012 Standard and Enteprise
  • Windows Server 2012 R2 Standard and Enterprise

* Cannot run server components.
** Only x64 can run server components.

Application/Desktop Technology Support

  • Citrix Presentation Server 4.5
  • Citrix XenApp 5.0 +
  • Citrix XenDesktop 5.0+
  • Microsoft AppV 4.6+
  • Symantec Workplace Virtualization 7.5+
  • Unidesk 2.6+
  • VMware View 4.6+
  • VMware Horizon View 6.0+
  • VMware ThinApp 5.0+

Antivirus Support

  • Norton Antivirus 360
  • Avast Internet Security
  • AVG Antivirus
  • Kaspersky Internet Security
  • McAfee Antivirus Plus
  • Trend Micro

 

AppSense Application Manager

Supported Languages – English and German
Processor – Minimum – 1 CPU at 1GHz. Recommended 2CPU at 2GHz.
Memory – Minimum 2 GB. Recommended 4GB.
Disk Space – 1GB.

Operating System Support:

  • Windows XP Professional SP2
  • Windows Vista Business, Ultimate and Enterprise
  • Windows 7 Business, Ultimate and Enterprise
  • Windows 8 Professional and Enterprise
  • Windows 8.1 Professional and Enterprise
  • Windows Server 2003 SP1 Standard and Enterprise
  • Windows Server 2003 R2 Standard and Enterprise
  • Windows Server 2008 Standard and Enterprise
  • Windows Server 2008 R2 Standard and Enterprise
  • Windows Server 2012 Standard and Enteprise
  • Windows Server 2012 R2 Standard and Enterprise

Application/Desktop Technology Support

  • Citrix Presentation Server 4.5
  • Citrix XenApp 5.0 +
  • Citrix XenDesktop 5.0+
  • Microsoft AppV 4.6+
  • Symantec Workplace Virtualization 7.5+
  • VMware View 4.6+
  • VMware Horizon View 6.0+

Antivirus Support

  • Norton Antivirus 360
  • Avast Internet Security
  • AVG Antivirus
  • Kaspersky Internet Security
  • McAfee Antivirus Plus
  • Trend Micro

The following components are installed as part of the AppSense DesktopNow Installer:

  • Windows Installer 3.1 Redistributable (v2)
  • Microsoft Core XML Services (MSXML) 6.0
  • Microsoft .NET Framework 4.0 Full
  • Microsoft Visual C++ 2010 Redistributable package (x86).
  • Microsoft Visual C++ 2013 Redistributable package (x86).
AppSense Performance Manager

Supported Languages – English
Processor – Minimum – 1 CPU at 1.4GHz. Recommended 2CPU at 2GHz.
Memory – Minimum 2 GB. Recommended 4GB.
Disk Space – 1GB

Required Utilities and Components

Performance Manager Console

  • Microsoft Windows Installer 3.1 – Minimum requirement (included in Microsoft Windows Server 2003 Service Pack 1).
  • Microsoft.NET Framework 3.5 Service Pack 1.
  • Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package.

Performance Manager Agent

  • Microsoft Windows Installer 3.1 – Minimum requirement (included in Microsoft Windows Server 2003 Service Pack 1).
  • Microsoft Core XML Services (MSXML) 6.0.
  • Microsoft Visual C++ 2010 Service Pack 1 Redistributable Package.

Operating System Support:

  • Windows XP Professional SP2
  • Windows Vista Business, Ultimate and Enterprise
  • Windows 7 Business, Ultimate and Enterprise
  • Windows 8 Professional and Enterprise
  • Windows 8.1 Professional and Enterprise
  • Windows Server 2003 SP1 Standard and Enterprise *
  • Windows Server 2003 R2 Standard and Enterprise *
  • Windows Server 2008 Standard and Enterprise **
  • Windows Server 2008 R2 Standard and Enterprise
  • Windows Server 2012 Standard and Enteprise
  • Windows Server 2012 R2 Standard and Enterprise

AppSense Management Center

Supported Languages – English and German
Processor – Minimum – 1 CPU at 1.4GHz. Recommended 2CPU at 2GHz.
Memory – Minimum 2 GB. Recommended 4GB.
Disk Space – 10GB (When using SQL Express)

Required Utilities and Components

Server

  • Microsoft SQL Server (2008, 2008 R2, 2012)
  • Microsoft Internet Information Services (IIS)
  • Background Intelligent Transfer Service (BITS) Server Extensions
  • Microsoft ASP.NET 4.0

Agent

  • Windows Installer 4.5 Redistributable
  • Microsoft Core XML Services (MSXML) 6.0
  • Microsoft Visual C++ 2013 x86 Redistributable Package and Microsoft Visual C++ 2013 x64 Redistributable Package

Operating System Support:

  • Windows XP Professional SP2
  • Windows Vista Business, Ultimate and Enterprise
  • Windows 7 Business, Ultimate and Enterprise
  • Windows 8 Professional and Enterprise
  • Windows 8.1 Professional and Enterprise
  • Windows Server 2003 SP1 Standard and Enterprise *
  • Windows Server 2003 R2 Standard and Enterprise *
  • Windows Server 2008 Standard and Enterprise **
  • Windows Server 2008 R2 Standard and Enterprise
  • Windows Server 2012 Standard and Enteprise
  • Windows Server 2012 R2 Standard and Enterprise

* Can be managed with the CCA (Agent), but cannot run server components.
** Can be managed with the CCA (Agent), but only x64 can run server components.

Supported Database Systems:

Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2012 *
Microsoft SQL Server 2014 *

* Not compatible with SQL AlwaysOn

AppSense Blueprint Day 1 – Introduction and features of AppSense DesktopNow Management Suite

“Understand the various components of the AppSense Management Suite, as well as key features of each”

Welcome to the beginning!

What is DesktopNow? DesktopNow is an application suite that provides End-user and VDI solutions for some of the trickiest problems such asProfile management, desktop rights (No more user administrators!), software licensing control (For example Microsoft Office). It’s used in a VMware Horizon View, Citrix XenApp/XenDesktop, Microsoft RDS environment- it’s agent based and managed centrally.

The DesktopNow suite is made up of (Right off the AppSense website):

bg-em AppSense Environment Manager

Set up, configure, personalize, control, lock-down and self-heal users on any desktop.

  • Centralized user management
  • Set up, personalize, lock down, and self-heal desktops
  • Cross-platform personalization
  • Context & location based controls

bg-amAppSense Application Manager

Control application access entitlement, eliminate the need for full Local Administrator accounts, manage URL and network access, and reduce per device application license requirements.

  • Privilege management
  • Application control
  • Software licensing enforcement
  • Compliance and governance

bg-pmAppSense Performance Manager

Dynamically control and allocate CPU, memory and disk resource to improve quality of service, increase user density and reduce hardware requirements.

  • Granular system resource entitlement
  • Improve user experience and response times
  • Enable server consolidation and reduce costs
  • Control run-away or rogue processes

Untitled 2AppSense Management Center

AppSense Management Center is part of AppSense DesktopNow suite of products. It is the framework that enables AppSense user virtualization technologies to be deployed and scale rapidly throughout the enterprise.

  • Manage multiple configurations
  • Deploy agents and patches
  • Monitor Client health and Manage Alerting

Appsense APP-101

Hey all!

I’m going to begin walking through the AppSense Certified Professional (APP-101) exam. This is a Pearson-Vue proctored exam and I don’t see much on the internet for a walkthrough or the test experience.I’m an End User Computing professional by trade, and I want to dig deeper into the stuff AppSense has come out with to resolve user environment issues.

This test covers their DesktopNow application suite.
DesktopNow_productFamily_diagram_bullets

Here is their official blueprint – as the days go on, this table will be hyperlinked with information:

Topic area

Required skill

%

Understanding AppSense functionality

5

Installing AppSense Suite components

10

Configure components

IIS configuration
SQL account requirements
How to connect to the management server Create deployment groups
Install the CCA on managed computers

5

AppSense Management Center

Install packages
Administer package delivery
Install and configure failover servers

15

AppSense Environment Manager

Show understanding of personalization profile roll-back and archive
Use self-healing functionality to ensure critical files, service, and registry keys remain unchanged

Implement application lockdown to remove unwanted functionality such as menu items and other components from the user interface

30

AppSense Application Manager

ANAC functionality
Trusted Ownership requirements
Using digital signatures to secure access
Creating custom rules
Automatically block unauthorized applications without the need for administrative intensive listing techniques.
Configure application access based on user, group, and client rules
Track and audit user activity, including automatic archiving of unauthorized applications

15

AppSense Performance Manager

Default configuration
Ensure quality of service is maintained by applying CPU and memory control to preserve system resources
Ensure that server freezes are eliminated by tuning system resources
Implement a memory optimization schedule to reduce rebasing and excessive RAM usage Understand application and system state control to provide granular control of system resources

15

Monitor events and alerts

Set up alert rules
Monitoring events and interpreting error codes

5

Microsoft 70-412 PASSED, Officially MCSA Server 2012 certified.

Hello World!

I officially joined the ranks of those who attained MCSA certification in Windows Server 2012 this afternoon! This was also the first time I took an Online Proctored exam, so I’ll talk about that as well.

Online Proctored?

Yep. I took this exam from my own laptop, and not in a Pearson Vue exam center. When I signed up for the exam, I saw that some Microsoft exams through Pearson Vue are giving this as an option and I thought- why not? My transcript shows that I completed the 70-412-OP exam but there’s no other distinction.

I took the exam over my lunch break. Once I signed into the exam site, downloaded the Pearson application and did a webcam/microphone check, a representative called me to walk me through the rules. On camera, I had to:

  • Show my desk
  • Do a 360* view around the room
  • Show any objects on the work surface, including labelling
  • Unbutton and roll up my sleeves, and show my arms to the camera

Once I completed these steps, I was free to begin the exam. The exam itself was just like any other exam I’ve taken, so I don’t think the content changed because I was taking the test from home.

The Test itself

I agreed to a test Non-Disclosure Agreement (Of course) so there’s not much I can really say about the course content or individual questions. 41 questions, point and shoot, drop-down and multiple choice. A lot of the content was on things I’ve already posted to this blog, and quite a heavy reresentation of Active Directory which hasn’t made it to the site. Know Active Directory inside and out.

Now What?

I’m not going to finish the 70-412 post series in the immediate future. I need to focus on things that translate directly with my day job… so the next series will be related to AppSense’s professional certification. Following that, more end user virtualization/computing content to follow.

I imagine that I’ll get back to to 70-412, or even spin off another site just for certification stuff to focus this site on the technology instead of training… but that’s for another day.

Tonight is for celebrating!

MCSA_2013(rgb)_1480