Introducing the Horizon View Configuration Tool

Ever wished you could just deploy an OVA to setup your new View environment? Now you can! Thanks to Marilyn Basanta - a Solutions Management Engineer at VMware!

The Horizon View Configuration Tool automates Horizon View 5.3 installation and deployment. It removes the complexities and manual steps required for setting up a basic Horizon View deployment.

Features

The vCT ships as a virtual appliance with all the required VMware components to set up your Horizon View environment. After providing a Windows Server 2008 R2 SP1 ISO, an ESX host (not managed by vCenter), a few parameters, and licenses, the tool will provision your environment dynamically and automatically. The vCT deploys the following components:

• Virtual machine with Active Directory Domain Controller configured (or you may integrate with the existing DC in your environment)


• Virtual machine with Horizon View Connection Server installed


• Virtual machine with Horizon View Composer installed


• vCenter Server Appliance virtual machine deployed and configured

** Note this is a Tech Preview and is NOT going to be supported by VMware Global Support Services. 

 

 

I want that! Take me to it!

 

Read More

New Google+ Community for Horizon Workspace

Come check out the new VMware Horizon Workspace Google+ Group (unofficial). A place for Horizon Workspace admins, users, and enthusiasts to post ideas, tips, questions and answers.

Read More

How to clear a user's "Auto connect to this desktop" setting as an admin

When using the Horizon View Client, users are able to select Options > Auto connect to this desktop. This will allow them to enter their credentials upon launching the client, then immediately get passed through to their desktop. The user will no longer be prompted to enter the View Server address.

This is easy enough to disable as the user. Simply login and UNcheck the option that was previously enabled. Alternateively, you can disable the option to Auto connect to the Connection server per VMware KB article 1013849

But how can this be achieved as the administrator? Perhaps a user mistakenly selected this option and it would just be easier for you to take care of it (yes this has happened).

I'll leave this up to you to decide if it's more trouble than it's worth.. but here's how to accomplish this =)

This setting is stored in the ADAM database on the Connection server for the user. As you can see from the screenshot below, a GUID will be generated for the user's session and there will be a value in the pae-NameValuePair attribute named alwaysConnect=true.

It's likely you will have plenty of GUID entries here so you'll want to perform a query on the database to find the entries that contain this value.

1. Right-click the database connection (shown as "View [localhost:389]) in this example, and click New > Query.


2. Under Root of Search, click Browse and select the Properties organizational unit.


3. Click OK.


4. In the Query String, paste this search string:

          (pae-NameValuePair=*alwaysConnect=true*)

 

 

This will show you users with always connect set to true. To disable the option for the user, simply change the value to false.

Pro Tip: If you set the attributes box to * to return everything then you can use the user SID in member to look up the user name. SID lookup is under Utilities > SID Lookup which will return you the username of that SID.

And there you go!

Read More

Error Code 500 after rebooting Horizon Workspace

Error Code 500 - You may have seen this "Cannot display web page" error after rebooting your Horizon Workspace instance and attempting to login to the Gateway. You may also receive this error randomly after your Workspace has already been running fine for a few days. Related to this error, you may also see messages like

Error

Application Manager encountered an error. Please contact customer service and provide the information displayed below.

 

Message

An unexpected error occurred. If this error persists, please contact your administrator.

In either case, there are a few things to check.

1. Double check your time drift between vApps. Login to https:///cfg/system and under System Information check your Relative Drift. Anything in yellow/red will need looking into.

The most common cause of time drift is one vApp on HostA, and another vApp on HostB. If the ESXi hosts aren't configured the same for NTP settings, you will need to configure that and make sure the NTP service is running.

NOTE: As soon as you join your Connector to your domain, it will start time syncing with your Domain Controller. If you have multiple Domain Controllers, ensure there are no time sync issues between DCs. Then ensure there aren't time issues between your DC the Connector is using, and the NTP Server your other vApps are using.

It may also be worth double checking you're logging in with a valid user. See http://kb.vmware.com/kb/2062056 for more information on validating a user.

2. Try SSH'ing into one of your vApps using sshuser. If you find an error stating

Your password has expired. Choose a new password.
     WARNING: Your password has expired
     You must change your password now and login again!

     If this is the case, then you're running into a bug found in the GA release of Horizon Workspace 1.5.      You will need to review http://kb.vmware.com/kb/2059293 for resetting your password and
removing its expiration date. If this has been done already, it may have only been applied to the root      user and not sshuser.

NOTE: If your Workspace instance is currently version 1.5 build 1220937, as soon as you apply the workaround from KB2059293, there is no need to attempt an upgrade or re-deploy to get to build 1318295.

Good luck!

Read More

Use Tags to not lose track of View Linked Clone Replicas

The Problem
If you've managed a View Linked Clone pool for any amount of time, you probably know the frustration that can come with trying to determine which replica is tied to a particular pool. This information can be especially important when trying to find unused replicas that are hanging around using up precious storage space. Or maybe when auditing your inventory, you find you have 5 View Pools, but 6 replica VMs. How do we know if we really are using all 6 replicas?

There is a public VMware Knowledge Base article (2009844) that utilizes SviConfig.exe to automate the process of finding unused Replicas, but sometimes this command can be less than helpful. The command can often fail with vague errors, and only works with registered replicas in vCenter's inventory. It also doesn't tell you what pool the replica is tied to!

There is also KB1031842 that goes over an ESXi command that can show mapping of what VM is using a particular replica. But in a large environment, this can be a tedious task parsing through the hundreds of lines of output.

The Solution
The nice thing about Replicas is that they are simply a clone of our Parent VM. This means that outside of the protection View puts on the VM itself.. it's a regular ol' virtual machine! These objects easily Tagged to help with sorting and inventory management.

Tags are a very powerful organization mechanism that were introduced in vSphere 5.1. Tags are recorded as metadata for the object it's assigned to and can be super helpful for searching the vCenter.

To create a Tag

1. From the vSphere Web Client Home, click Tags


2. Click the Items tab and click Tags


3. Click the New Tag icon


4. In the vCenter Server drop-down menu, select the vCenter you want the Tag to reside on


5. Enter a name for your Tag. I have matched my Tag name to my View Pool Name


6. For Category, select/create a Category. I named mine View


7. For the Tag Category options, choose Many tags per object. This allows multiple tags from the View category to be applied to an object at any one time.
   NOTE: You cannot change the cardinality from Many tags per object to 1 tag per object


8. Click OK
   

You can find more information on Tags at the vSphere 5.1 Documentation Center

Assigning your Tag to a newly created Replica

1. After creating your Linked Clone Pool in View, you'll find the parent VM being cloned to the Replica in the More Tasks pane

     2. Under Related events find the Replica name your Parent VM is cloning to

     NOTE: If your Replica was created earlier, no worries. You can search your vCenter's Task History      to find the Replica name

     3. Now you can go to your Hosts and Clusters view or VMs and Templates view

• Find and Right Click the desired Replica


• Click Assign Tag


• Choose your Tag and click OK


• Your Replica is now tagged!

Congratulations! You can now easily search your vCenter inventory for your Tag name and find which replica is tied to that Tag. Depending on your naming conventions, your search results may vary. As you can see from my example, my tag matches my View Pool's vm naming so that gets returned as well

You can also click the Tag name under Tags and find your assigned Replica

Thanks for reading!

Read More

How to integrate Horizon View Desktops with Horizon Workspace [Updated]

If you're a system administrator utilizing Horizon Workspace, chances are you also have an existing Horizon View instance. Horizon Workspace makes it easy for admins to integrate their existing View environment into Workspace, giving your users seamless integration and easy access to their entitled desktops.

Before we begin
There are a few prerequisites that must be in place before proceeding:

• Horizon View 5.2 or 5.3


• View must have been deployed using the default 443 port


• Make sure the View Pools are created with administrator permissions on the root folder in View


• Reverse DNS/IP lookup for all View Connection Servers


• Entitled View users must be synced to Workspace (Configurator > Directory)


• Make sure the UPN is set to Required in your Connector's User Attributes

Once the prereqs have been met, you'll need to first join the connector-va to the same domain as the View Connection Server.

   1. Connect to https://:8443

   2. Click Join Domain

   3. Enter your domain and credentials

Now you can click on View Pools to enable View.

   1. Enter your Connection Server's FQDN

   2. Accept the thumbprint by clicking on red text under SSL Cert.

   3. Click on "SAML Auth enabled" to be redirected to your Connection Server.

On your Connection Server

   1. View Configuration > Servers > Connection Servers

   2. Edit your Connection Server > Authentication

   3. Set the dropdown box to Allowed for Delegation of authentication to VMware Horizon

   4. Click Manage Authenticators

   5. Click Add

   6. Enter whatever you want for your Label

   7. In the Metadata URL replace with your gateway-va IP or FQDN (or load balancer if applicable). It should read something like this

   https://gateway-va.domain.com/SAAS/API/1.0/GET/metadata/idp.xml

You can leave the Administration URL blank.

You should now see SAML 2.0 Authenticators showing as green back on your View Dashboard. If it is not green, try clicking it and accepting the thumbprint. If there are still issues, go back and ensure you entered your Metadata URL properly.

Back on your Connector's View Pools page, make sure you click Save and Sync your info

And that's it! You should now be able to have your users log into https:///web and they'll now have a View Desktops tab showing their accessible desktops. These desktops can be launched via the web browser using HTML5 (if utilizing BLAST in View) or via the View Client if they have it installed on their Client (right click the desktop for launch options.)

If you'd like more information on this, check out the whitepaper on View Integration.

Good luck!

[Update]

If you're now running Workspace Portal 2.1 and find yourself having issues syncing your Horizon View Pools with errors similar to "Failed to sync due to a problem with the Connection Server" or "Authentication to the Connection Server failed" then try adding and configuring the domain_krb.properties and krb5.conf file per the Workspace Portal 2.1 Release Notes in the Known Issues section.

Read More

Helpful Hints

Having issues getting multiple DNS servers configured for your Horizon Workspace implementation? Curious how you might configure a proxy setting without having to modify SUSE Linux config files using vi?

Dale Carter, an EUC Consulting Architect at VMware has posted a nice little write up answering these and other questions over at the VMware blog.

Dale covers using YaST, a built-in system configuration tool unique to SUSE Linux. This tool makes it incredibly easy to configure a proxy, firewall, disk operations, etc. In case you're wondering, YaST stands for Yet another System Tool.

I want to read that!

Read More

New blog!

Welcome to my blog!

That virtual boy is a project dedicated to sharing virtualization goodies and other tech bacon. I'm excited to start getting posts rolled out soon so please subscribe and check back often!

You can also find us on Twitter: @thatvirtualboy

Read More