VMware EUC Win10 Compatibility Components

Updated: 1/4/2019

Supported

S

Semi-Annual Channel

SAC

Supported Fresh Install Only

SF

Broad Deployment

BD

Supported, reference KB

S-KB

Not Supported

NS

Windows 10 OS Version: 1607
LTSB
(Ent)
1607
CBB
(Ent, Pro)
1703 CBB
Semi-Annual Channel
(broad deployment)
(Ent, Pro, Edu)
1709
Semi-Annual Channel
(broad deployment)
(Ent, Pro, Edu)
1803
Full support 
1809
Full
Support
Horizon 7            
Horizon Agent 7 NS NS NS NS NS NS
Horizon Agent 7.0.1 NS NS NS NS NS NS
Horizon Agent 7.0.2 SF SF NS NS NS NS
Horizon Agent 7.0.3 S S NS NS NS NS
Horizon Agent 7.1 S S S NS NS NS
Horizon Agent 7.2 S S S S-KB NS NS
Horizon Agent 7.3.2 S S S S-KB S NS
Horizon Agent 7.4 S S S S-KB S NS
Horizon Agent 7.5 S NS S S S NS
Horizon Agent 7.5.1 S NS S S S NS
Horizon Agent 7.6 S NS S S S S
Horizon Agent 7.7 S NS S S S S
App Volumes            
App Volumes 2.12 S S NS NS NS NS
App Volumes 2.13 S S S NS NS NS
App Volumes 2.14 S S S S S NS
App Volumes 2.15 S S S S S S
User Environment Manager            
User Environment Manager 9.2 S S S NS NS NS
User Environment Manager 9.3 S S S S NS NS
User Environment Manager 9.4 S S S S S NS
User Environment Manager 9.5 S S S S S NS
User Environment Manager 9.6 S S S S S S

Download this chart in Excel format!

EUCComponentsWin10V2.4

UEM Supported Version with Windows 10
https://kb.vmware.com/s/article/57386

 Horizon Supported Version with Windows 10
https://kb.vmware.com/s/article/2149393

 App Volumes Release Notes generally has Windows 10 support information
https://docs.vmware.com/en/VMware-App-Volumes/2.14/rn/VMware-App-Volumes-214-Release-Notes.html

Interop Matrix (VMware components)
https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&133=&131=

Special thanks to Steven Hajny (https://www.linkedin.com/in/stevenzhajny/) for gathering this information

vIDM and Horizon Blast/Client Oddity

Hey all, I thought I should share a recent fix one of my coworkers discovered. This oddity was discovered when attempting to launch a VDI desktop from the vIDM portal. When selecting your entitled desktop and attempting to connect via PCoIP or Blast this is when the error might happen if vIDM isn’t configured correctly. If your connecting via a PC and are able to launch your desktop but NOT able to connect via a Mac it could be an issue in your ‘ranges’ section on vIDM.

Specifically, in the vIDM Admin Console select the following:

Catalog > Virtual App > Virtual Apps Settings > Select a Network Range

Verify that you do not have HTTPS:// in front of your VIPs under all ranges.

vIDMOddity1

 

 

 

 

 

 

 

 

 

 

 

 

 

This will cause Mac platforms to fail when attempting to connect to VDI through the vIDM portal. A symptom of this misconfiguration is seeing ‘https://https://’ in your browser after clicking on your VDI desktop from the vIDM portal. Make sure also that your Launch URL doesn’t begin with https://.

Catalog > Virtual Apps > Virtual App Configuration > (Custom App> Launch URL

Horizon Install Order and Silent Installs

This blog post is regarding the correct order of installing/Uninstalling Horizon Agents, Silent Installs/Uninstalls, and enabling FIPS.

 

VMware Horizon Install Sequence Order 

InstallOrder

 

Installation of various user experience, environment and VDI agents can cause unexpected issues of fail completely if installed in the incorrect order.
If you need to upgrade the Horizon View Agent you will need to reverse this process from the bottom-up.

 

1.     Hypervisor Tools

 

2.     VDI Agent

 

3.     VMware vRealize Operations Manager Agent

  • If you have a View 5.0 or 5.1 environment, you must manually install the desktop agent on your desktops. The vROPs Agent is included with the Horizon View agent 5.2 or later.

 

4.     VMware vRealize Log Insight Agent

  • If Log Insight is not deployed in the environment, skip this step.

 

4.     VMware User Environment Manager (UEM) Agent (formerly Immidio Flex+)

  • If VMware UEM is not deployed in the environment, skip this step.

 

5.     VMware App Volumes Agent

  • If VMware App Volumes is not deployed in the environment, skip this step.

 

Horizon View, Silent Install Instructions:

https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-virtual-desktops/GUID-3096DA8B-034B-435B-877E-5D2B18672A95.html#GUID-3096DA8B-034B-435B-877E-5D2B18672A95

https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-virtual-desktops/GUID-61090F90-186F-4932-BB0F-06902F0908B5.html#GUID-61090F90-186F-4932-BB0F-06902F0908B5

https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-virtual-desktops/GUID-1FD90D4D-0C7C-4E9E-B12D-974ABF15E398.html#GUID-1FD90D4D-0C7C-4E9E-B12D-974ABF15E398

https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-virtual-desktops/GUID-0B32D33F-152F-45EC-AC2C-F523D9432426.html

 

Paul Grevink has a good blog that walks through the View Agent components:

https://paulgrevink.wordpress.com/2016/07/16/view-agent-what-is-installed/

 

1.     In the View desktop, go to Start > Run, type regedit, and click OK. The Registry Editor window opens.

2.     Navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

3.     Find the value that corresponds to the version of View Agent software that is installed. For example:

View 4.5 – {6F862EF7-F25E-4B3B-8345-FA005F12F668}
View 4.6 – {EFF57BA4-5BF2-403E-84BC-3469F9DAAACD}
View 5.0 – {5DD04237-3DCD-4735-BF8F-3BEEC0F61A6E}
View 5.1 – {CDA7820C-4849-4E55-A7B1-38E175B5F61C}
View 5.2 – {58D47F5C-618E-11E2-8D25-74C36188709B}
View 5.3 – {E3AD16CE-E5D6-4844-98FF-75E96EF7377F}
View 6.0 – {1230DF2B-7BA0-4AAD-80EA-527A3C3614D4}
View 6.1 – {A2E9FEAC-6D18-4890-9428-A6F53D600E01}

4.     To silently uninstall the View Agent, go to Start > Run, type cmd, and click OK.

5.     The command prompt opens launch a command prompt and run this command:

MsiExec.exe /X {AGENT_VALUE} /forcerestart /qn

 

Where the AGENT_VALUE is the value noted in Step 3.

 

VMware Horizon View, Silent Uninstall Instructions:

https://kb.vmware.com/s/article/2064845

 

VMware vRealize Log Insight Manager, Silent Install Instructions:

https://docs.vmware.com/en/vRealize-Log-Insight/4.5/com.vmware.log-insight.agent.admin.doc/GUID-8E1DF3DB-3D91-4F2E-A66F-EB754F074297.html

  1. Log in to the Windows machine on which to install or update the vRealize Log Insight Windows agent.
  2. Open a Command Prompt window.
  3. Change to the directory where you have the vRealize Log Insight Windows agent .msi file.
  4. Run the following command to install or update with default values. Replace Version-Build_Number with your version and build number.

The /quiet option runs the command silently, and the /lxv option creates a log file in the current directory.

Drive:\path-to-msi_file>VMware-Log-Insight-Agent-Version-Build_Number.msi /quiet /lxv* li_install.log

 

(Optional) : Specify a user service account for the vRealize Log Insight Windows agent service to run under.

Drive:\path-to-msi_file>VMware-Log-Insight-Agent-*.msi SERVICEACCOUNT=domain\user SERVICEPASSWORD=user_password

 

VMware User Environment Manager, Silent Install Instructions:

https://docs.vmware.com/en/VMware-User-Environment-Manager/9.2/com.vmware.user.environment.manager-install-config/GUID-2105963C-C101-4934-9433-85519910827E.html

 

Syntax:

msiexec.exe /i “VMware User Environment Manager 9.2 x64.msi” /qn INSTALLDIR=”C:\Program Files\Immidio” ADDLOCAL=”FlexProfilesSelfSupport” LICENSEFILE=”\\filesrv1\share\VMware UEM.lic” /l* InstallUEM.log

 

Examples:

msiexec.exe /i “VMware User Environment Manager 9.2 x64.msi” /qn INSTALLDIR=”D:\Apps\VMware UEM” ADDLOCAL=”FlexProfilesSelfSupport” LICENSEFILE=”\\filesrv1\share\VMware UEM.lic” /l* InstallUEM.log

msiexec.exe /i “VMware User Environment Manager 9.2 x64.msi” /qn INSTALLDIR=”D:\Apps\VMware UEM” ADDLOCAL=”FlexProfilesSelfSupport” LICENSEFILE=”\\filesrv1\share\VMware UEM.lic” /l* InstallUEM.log\Flex Profiles\FlexEngine.exe

 

VMware App Volumes, Silent Install Instructions:

https://docs.vmware.com/en/VMware-App-Volumes/2.12.1/com.vmware.appvolumes.user.doc/GUID-03F11B40-2D24-4CCD-ABC5-4E875928FB35.html

 

Syntax:

msiexec.exe /i “App Volumes Agent.msi” /qn MANAGER_ADDR=<Manager_FQDN/IP> MANAGER_PORT=<port>

 

Example:

msiexec.exe /i “App Volumes Agent.msi” /qn MANAGER_ADDR=appvm.vmbucket.com MANAGER_PORT=443

 

VMware App Volumes, Silent Upgrade Instructions:

https://docs.vmware.com/en/VMware-App-Volumes/2.13/com.vmware.appvolumes.install.doc/GUID-013F8935-6BFA-4837-9F49-78404E6C056D.html

  1. Open a Windows command prompt on your machine.
  2. Type the following command to upgrade the agent:

msiexec.exe /i “App Volumes Agent.msi” /qn REINSTALLMODE=vomus REINSTALL=ALL

 

Disabling EnforceSSLCertificateValidation with REGKEY

NewImage

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

You can disable SSL certificate validation after you have installed the App Volumes agent. To do this manually make the modification to registry to create your own .reg file to import. You will need to disable EnforceSSLCertificateValidation if you have FIPS enabled in your environment.

Registry location, set value to ‘00000000’ to disable:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svservice\Parameters] “EnforceSSLCertificateValidation”=dword:00000000

 

Registry file import command: regedit.exe /s path of .reg file

 

Example of importing a registry file:

 

reg import c:\location\regfile.reg

 

 

Rarely needed, unless your organization has a hard security requirement, you may need to enable FIPS mode. Please keep in mind, enabling FIPS mode, can break a lot of things if not properly setup. You can Enable or disable the FIPS setting via a registry setting, GPO, or Local Policy. To check whether FIPS is enabled or disabled in the registry, follow the following steps:

  1. Press Windows Key+R to open the Run dialog.
  2. Type “regedit” into the Run dialog box (without the quotes) and press Enter.
  3. Navigate to “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\”.
  4. Look at the “Enabled” value in the right pane.
  5. If it’s set to “0”, FIPS mode is disabled. If it’s set to “1”, FIPS mode is enabled.
  6. To change the setting, double-click the “Enabled” value and set it to either “0” or “1”.
  7. Restart the computer.

FIPS mode needs to be enable on the Windows servers and on the golden image. 

For more information on FIPS mode, visit https://docs.vmware.com/en/VMware-Horizon-7/7.0/com.vmware.horizon-view.installation.doc/GUID-8A3ACF3D-05C5-4216-BD79-A53A72EE1D91.html

Multiple Horizon View Clients, One Workstation

With as much traveling as I do around the country one thing I sometimes need is being able to access multiple Horizon View environments. To do this on a Mac, you can simply clone the Horizon View Client. Adding those multiple View Clients to your Dock can be a little tricky considering it’s the same icon for every client session. One workaround I did was customized the icons:

 

 

 

Download link for ICNS files:
https://www.dropbox.com/s/nqkhlqc8nly38ss/HorizonView-XiCONS.zip?dl=0

1. Right-click ‘Applications’
2. Open ‘Applications’ folder
3. Find the multiple Horizon View Clients
4. Right-click on the 1st instance of your Horizon View Client and select ‘Show Package Contents’
5. This will open a new FINDER window showing the View Client package contents
6. Rename ‘view1_2017-05-31.icns’ to ‘view.icns’
7. Copy ‘view.icns’ (Right-click on the file and select copy)
8. Past the file into the folder ‘Contents’
9. Drag ‘view.icns’ file (The one you just copied) into the ‘Resources’ folder
10. Click ‘Yes’ to overwrite the existing ‘view.icns’
11. That’s it! Now re-open your Applications folder and the icon should be updated.
Repeat this process for the remaining View Clients.

NOTE: Pasting the new view.icns file directly into the ‘Resources’ folder doesn’t have the same behavior as the steps outlined above. You need to move the file into the File Contents and then move the file into Resources.

Horizon 7.0.2, What’s New?

Blast Improvements

  • Further enhancements to the protocol
  • Improvements in the GPU-encode/decode that significantly lower bandwidth and latency
  • Improvements in the JPG/PNG codec to reduce bandwidth utilization by 6x
  • vRealize Operations integration with Blast Extreme.  I can now see Blast statistics in the vROPs console
  • UEM Smart Policies Integration with Blast.  I can now use the same PCoIP smart policies to control the Blast protocol.  This enhancement also allows administrators to set per-device policies so I can set different policies for Windows, Mac, Android, and IOS.
  • A Raspberry Pi client

3D Graphics

  • NVIDIA M10 support for high-density graphics acceleration use cases
  • Intel vDGA support on the Skylake platform using 1:1 PCI-E passthru

Horizon RDSH

VMware has continued to close the feature gap with Citrix XenApp, and the latest release checks off a few more boxes.    The main features in this release are:

  • Real-time Audio/Video support for RDSH
  • USB Redirection for RDSH on servers running Windows Server 2012 R2
  • Parameter Passthrough to RDSH Apps – this allows administrators to create custom links that pass parameters through to the application, such as command-line switches or authentication tokens, on launch.

Remote Experience

  • Expanded Windows OS support, including support for Windows 10 LTSB, Anniversary Update, and Pro virtual desktops
  • Flash redirection is now GA.  This allows flash content to be redirected to the local endpoint for rendering for a better experience.
  • Windows Media Redirection support for Windows 10 and Server 2016
  • Windows Media MMR support for Linux-based thin clients
  • Client Drive Redirection is now supported on port 443.  Enhancements have also been made to improve performance on high-latency networks and to speed up file and folder listings
  • DPI synchronization on native Windows clients to ensure crisp rendering of remote session
  • Enhanced clipboard with support for Microsoft Word and Excel
  • Clipboard size increased to 10 MB
  • Ability to link one smart card to multiple accounts

HTML Access Improvements

  • Time Zone Sync
  • File transfer between remote desktop and endpoint using web client
  • RTAV support for desktops and apps

Horizon View 7 Agent and RDP

Working with a customer and also conducting some testing in my lab I discovered that with Horizon 7 Instant Clones I wasn’t able to RDP into them. I verified my firewall settings and also that the ‘Allow connections from computers’ piece was enabled. After various tests I discovered once installing the Horizon 7 Agent it disables TLS 1.1 and 1.2. I resolved this issue by installing a patch from Microsoft on my VDI image to add RDS support for TLS 1.1 and TLS 1.2 (Microsoft KB3080079). Additionally, my endpoint needed the RDP 8.0 update (Microsoft KB2592687) to also enable TLS 1.2. Once putting these two pieces in place I was able to RDP into my Instant Clones with no issues.

KB Reference links to support for TLS 1.1 and TLS 1.2

VDI Desktop: https://support.microsoft.com/en-us/kb/3080079

Endpoint: https://support.microsoft.com/en-us/kb/2592687

 

Composite USB Devices Step-by-Step


The goal:

ACME Inc. has requirements for specific peripheral devices to work with VDI. One of the devices is a Microsoft LifeCam Cinema Webcam. ACME’s vision is for when an end-user plugs-in a USB device the device should auto-connect to the users VDI session.

The challenge:

Microsoft LifeCam Cinema, a frequently used Webcam has difficulty working in the VDI environment. The device appears in the drop-down list from the Horizon View Client. When enabled the camera uses the Microsoft Webcam drivers that are installed in the image. This would be fine, and in fact a preferred method according to Microsoft. However, the Webcam doesn’t work in VDI using normal pass-through. If enable redirect for the Webcam, it switches to using the VMware Webcam drivers and it works fine in VDI. So how do we exclude a single device, accept all the others, and still have a functioning Webcam?

Solution Summary:

By enabling USB device splitting we are providing a dedicated channel for each device which also in-turn gives us better visibility of unique peripheral devices in the VDI environment.

  • Import Horizon View templates into Active Directory
  • Identify your VIDs/PIDs
  • Enable Horizon View Client GPO policies
  • Enable Horizon View Agent GPO policies
  • Validation

Preparation Steps

Follow these steps at the domain level for the GPO that you will be placing in the View OU:

Open Microsoft Group Policy Editor (gpedit.msc)

  1. Modify or create a new GPO by executing a right-click on ‘Group Policy Objects’ (image1) and then select ‘New’.
  2. Give your GPO a name.
  3. Select ‘Ok’ to save your new GPO.

Image1:

Edit your GPO (Image2)

  1. Expand Group Policy Objects
  2. Select your GPO
  3. Select ‘Edit’

Image2:

Templates can be obtained by visiting vmware.com and downloading the latest Horizon GPO bundle (Image3).

Image3:

Importing Templates

  1. Expand Computer Configuration and Policies
  2. Expand Administrative Templates
  3. Right-click on ‘Administrative Templates’ and select ‘Add/Remove Templates…’ (Image4)

Image4:

Select templates to import and ‘Open’ (Image5)

  1. ‘vdm_agent.adm’
  2. ‘vdm_client.adm’

Image5:

That’s the preparation steps now let’s move onto the physical end-point (we will come back to configure the GPOs at later step.)

Physical Client Steps Required

Verify the USB Webcam is visible on the endpoint device by checking the Windows Device Manager on the physical end-point (Image6).

Image6:

Quick summary of VIDS and PIDS

USB devices are identified primarily by their vendor identification (VID) and product identification (PID). VIDs and PIDs are unique identifier numbers. A company that wishes to produce USB devices needs to register and pay for a VID. This ID is unique to that supplier. For example, Microsoft has a VID of 0x045E, and Apple has a VID of 0x05ac. Depending on how many products the company produces, they may have multiple VIDs within a single company. The product ID is a four-byte identifier that names the specific device. Coupled with the VID, the PID uniquely identifies a driver that the Operating System (OS) must load for a given device. Note that there may be multiple “products” that all use the same VID and PID if they all use the same device driver. You can see the VID and PID for a device if you look in the device manager. To do this, right-click a device and select Properties. Then click the Details tab and select Hardware Ids from the Property drop-down menu. You can see the VID and PID values reported. In the example below, this Microsoft Webcam has a VID of 045E and PID of 075D.

Locations to check for VID/PID beside device manager are in the View Client PCoIP logs (debug-XXX-XX-XX-XXXXXX.txt). (Image7)

Image7:

Steps to identify the Hardware ID for the USB device in question (Image8).

  1. Select ‘Device Manager’
  2. Select the device, i.e. ‘Microsoft LifeCam Cinema’ and select properties.
  3. Select the ‘Details’ tab
  4. In the properties pull-down, select ‘Hardware Ids’
  5. Write-down the Hardware Ids.

Image8:

Identify the ‘Device class guid’ for the USB device in question (Image9).

  1. Select ‘Device Manager’
  2. Select the device, i.e. ‘Microsoft LifeCam Cinema’ and properties.
  3. Select the ‘Details’ tab
  4. In the properties pull-down, select ‘Device class guid’
  5. Write-down the guid

Image9:

Wildcards in USB Device VIDs and PIDs

In USB configurations, you can use the ‘*’ wildcard to indicate unknown characters in the VID and PID specifications.

The standard VID-PID combination in a configuration looks like this:

vid-xxxx_pid-yyyy

With the number of characters for the VID and PID variable, which is not necessarily four digits long. To use a wildcard to specify USB devices from any vendor (here, the device type is 5593):

vid-*_pid-5593

To use a wildcard to specify all USB devices from one vendor (here, the vendor is FA11):

vid-FA11_pid-*

You can use multiple ‘*’s to indicate the exact number of unknown characters:

vid-0781_pid-55**

In this example, PIDs have four characters, all starting with ’55

Reference this link for more information on VIDS/PIDS formats. http://www.vmware.com/files/pdf/techpaper/vmware-horizon-view-usb-device-redirection.pdf

The following steps should be configured on the View Client GPO (vdm_client.adm).

Physical desktop GPO configuration steps needed (Image 10)

  1. Expand ‘User Configuration’
  2. Expand ‘Administrative Templates’
  3. Expand ‘Classic Administrative Templates (ADM)’, ‘VMware View Client Configuration’, and select ‘View USB Configuration’
  4. Select and enable, ‘Allow Auto Device Splitting’

Image10:

USB Auto-connect GPO configuration steps needed (Image 11)

  1. Expand ‘User Configuration’
  2. Expand ‘Administrative Templates’
  3. Expand ‘Classic Administrative Templates (ADM)’ and ‘VMware View Client Configuration’
  4. Select ‘Scripting definitions’
  5. Select and enable:
  • ‘Connect all USB devices to the desktop on launch’
  • ‘Connect USB devices to the desktop when they are plugged in’

Image11:

Guest OS Steps Required

The following steps should be configured on the View Agent GPO (vdm_agent.adm).

Guest desktop GPO configuration steps needed:

  1. Expand ‘User Configuration’
  2. Expand ‘Administrative Templates’
  3. Expand ‘Classic Administrative Templates (ADM)’ and ‘VMware View Agent Configuration’
  4. Select ‘View USB Configuration’
  5. Select ‘Exclude Vid/Pid Device’
  6. Enable policy
  7. Enter the VID/PID, i.e. ‘o:vid-045e_pid-075d’ in our example we are using an override agent modifier (Horizon Client uses the View Agent policy setting instead of the Horizon Client policy setting.)

Image12:

Validation

This is the final step of validation. When connecting to your VDI environment verify a few steps to see if all the changes you did above, worked.

We should see from the Horizon View Client pull-down for ‘Connect USB Device’ showing a similar image:

  • Grey ‘Automatically Connect at Startup’
  • Grey ‘Automatically Connect when Inserted’
  • Additional USB devices

Note: You should NOT see the Microsoft Webcam (LifeCam) as we are excluding it from pass-through, but instead forcing a redirect connection of the camera to the VDI desktop which will use VMware’s native webcam drivers. (Image13)

Image13:

m and have it operate as normal inside your VDI session. Additionally, you should not see the Microsoft Webcam driver listed in the device chain. (Image14)

Image14:

You can also verify the policy is in effect by checking the Horizon View Agent logs on the guest OS. In this example we are looking at ‘log-2016-03-09.txt’ from DriveLetter:\ProgramData\VMware\VDM\logs location on the VDI desktop.

Image15:


Using Powershell to check ADAM replication

Hey folks, I wanted to share a powershell script I deployed at a customers. You will find this script useful for when checking the Horizon View Broker replication status along with the Global Entitlement replication health. Typically I would establish a RDP session into each broker and execute the repadmin command on each server, this automates that process. You will need to execute this script using View PowerCLI on a Horizon View Connection server.

<#

Name: “ViewShowADAMRep.ps1”

Purpose: This script is used to view the replication status of the ADAM database on each View Connection server.

Achieved by:

– Acquiring connection server names via user input variable

– Opening a new powershell session on a connection server

– Running a repadmin based command to show replication on the local system for the View related LDAP instance

Execution Option1 (Displays results on the screen only): ./ViewShowADAMRep.ps1

Execution Option2 (Dumps results into a textfile, Output.txt): ./ViewShowADAMRep.ps1 > Output.txt

Creator: Jeremy Wheeler

Date: 01/20/2016

#>

#Create connection servers variable and fill with desired connection servers.

#Remove the hashtag and replace ‘connectionserver##’ with your View Connection server information.

$connservers = @()

#$connservers += “connectionserver#1”

#$connservers += “connectionserver#2”

#$connservers += “connectionserver#3”

#$connservers += “connectionserver#4”

#$connservers += “connectionserver#5”

#$connservers += “connectionserver#6”

#$connservers += “connectionserver#7”

Write-Host “”

Write-Host ” – Testing broker ADAM Replication…”

Write “”

Write “**************************************************”

Write “***** Now testing broker ADAM Replication *****”

Write “**************************************************”

Write “”

#Loop through connection servers

foreach ($conn in $connservers) {

#Null reused variable

$session = $null

#Create new powershell session on remote system

$session = New-PSSession -ComputerName $conn

#Runs a powershell command on the remote system

Invoke-Command -Session $session -ScriptBlock {repadmin.exe /showrepl localhost:389 ‘DC=vdi,DC=vmware,DC=int’}

}

Write-Host ” – Testing Global Entitlement ADAM Replication…”

Write-Host “”

Write “”

Write “**************************************************************”

Write “***** Now testing Global Entitlement ADAM Replication *****”

Write “**************************************************************”

Write “”

#Loop through connection servers

foreach ($conn in $connservers) {

#Null reused variable

$session = $null

#Create new powershell session on remote system

$session = New-PSSession -ComputerName $conn

#Runs a powershell command on the remote system

Invoke-Command -Session $session -ScriptBlock {repadmin.exe /showrepl localhost:22389 ‘DC=vdiglobal,DC=vmware,DC=int’}

}

Write-Host “done.”

Write-Host “”

#Removes all live powershell sessions (aka. cleanup)

Get-PSSession | Remove-PSSession

Horizon View CPA Uninitialized Failure

I discovered this issue at a customers today. They have two sites, North and South. They are running 6.2.0 Horizon View at both locations. After initializing CPA in North and joining South to the federation everything looked healthy. We were still messing with setting up additional brokers etc. When it came time to testing CPA, one thing we wanted to do first was remove the CPA role and re-add it fresh. I was able to un-join South Site from the federation with no problems. However, when attempting to uninitialized CPA in North is failed once it reached our 6th View replica server.

The 6th replica server we were having issues with so it didn’t surprise me that this happened. After CPA failed to uninitialized I noticed the “Cloud Pod Architecture” section in the View Admin Console was a blank screen. I attempted rebooting servers etc. and it wouldn’t come back, just a blank screen. The fix was going into ADSI and navigating to Connection Server #6 and changing the “pae-LinkedModeEnabled” property from 1 to 0. This VMware KB2080522 helped me fix the problem. Reference VMware KB2012377 for assistance when connection to the View ADAM database.

Image1:

Image2:

Once making this change and allowing a few moments for this change to replicate, I refreshed the View Admin Console and I could now see the ‘Cloud POD Architecture’ screen allowing me to create a new federation.

 

Cloud Pod Architecture and Cisco Nexus 1000v Bug

A customer I worked with owns two vBLOCKS between two datacenters.  They run Nexus 1000v for the virtual networking component. They deployed VDI and when we enabled cloud pod architecture the Global data replication worked great, however all of our connection servers in the remote pod would show red or offline. I found that we could not telnet to the internal pod or remote pod connection servers over port 8472.  All other ports we were good on. VMware Support confirmed this issue is with the Nexus 1000v and found that there was a bug in the N1kv and a TCP Checksum Offload.

 

The specific ports in question are the following:

VMware View Port 8472 – The View Interpod API (VIPA) interpod communication channel runs on this port. View Connection Server instances use the VIPA interpod communication channel to launch new desktops, find existing desktops, and share health status data and other information.

Cisco Nexus 1000V Port 8472 – VXLAN

 

Cisco has a bug report posted about 8472 being dropped at the VEM for N1kV:

https://tools.cisco.com/quickview/bug/CSCup55389

 

The bug mentions TCP Checksum being the root cause and offloading only 8472 packets. If removing the N1KV isn’t an option, you can disable TCP Offloading.

Disable TCP Offloading

  1. In the Windows server, open the Control Panel and select Network Settings > Change Adapter Settings.

a

Right-click on each of the adapters (private and public), select Configure from the Networking menu, and then click the Advanced tab. The TCP offload settings are listed for the Citrix adapter.

b

I recommend applying the following:

  • IPv4 Checksum Offload
  • Large Receive Offload (was not present for our vmxnet3 advanced configuration)
  • Large Send Offload
  • TCP Checksum Offload

 

You would need to do this on each of the VMXnet3 Adapters on each connection server at both datacenters. Once disabled (it did cause nic to blip), we were able to Telnet between the datacenters on port 8472 again.

 

After making these adjustments you should be able to login to the View Admin portal and see all greens for remote connection servers. I have tested this and validated it and it works as intended. For more information I recommend you read VMware KB 2055140.