Eric Monjoin
Staff Consulting Architect but also pilot, spending time in front of my computer or flying in the air...

Lets talk about End User Computing Because we worth it ...

Horizon

Change the Expiration Period for Service Provider Metadata on Connection Server

January 12, 2022

Well, this procedure is in the documentation, but I put it here so I can access it more quickly.

You need to do this when you have to use SmartCard or Certificate through UAG as an example.

Procedure

  1. Start the ADSI Edit utility on your Connection Server host.
  2. In the console tree, select Connect to.
  3. In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name DC=vdi, DC=vmware, DC=int.
  4. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the Connection Server host followed by port 389.For example: localhost:389 or mycomputer.example.com:389
  5. Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and double-click CN=Common in the right pane.
  6. In the Properties dialog box, edit the pae-NameValuePair attribute to add the following values:.
  • cs-samlencryptionkeyvaliditydays=number-of-days
  • cs-samlsigningkeyvaliditydays=number-of-days

In this example, number-of-days is the number of days that can elapse before a remote Connection Server stops accepting SAML assertions. After this period of time, the process of exchanging SAML metadata must be repeated

App Volumes

App Volumes 4.5 – Error “Failed to connect Manager Service..” when registering additional App Volume Manager servers

January 7, 2022

During the installation of App Volume 2111 (4.5), if you try to register additional App Volumes Managers, you would certainly failed with the following error message :

And if you look at in the nginx.log, you would see the following error :

2021/12/06 22:15:08 [info] 5200#5264: *72 client sent plain HTTP request to HTTPS port while reading client request headers, client: 192.168.0.67, server: 0.0.0.0, request: "POST /cv_api/sessions HTTP/1.1", host: "appvol4mgr01.domain.dom:443"
Continue reading…
Horizon Cloud

New Horizon Cloud Connector v1.10.0

March 27, 2021

What’s New March 25, 2021 (v2103, v1.10, v21.03, v21.1)

  • Horizon Cloud Administration Console is now Horizon Universal Console.
  • Universal Broker and multi-cloud assignments are now available for existing deployments of Horizon Cloud pods on Microsoft Azure. Universal Broker provides a single URL for end-users to access virtual desktops and apps, whether on-premises or in the cloud, as well as multi-cloud assignments that enable you to create dedicated and floating virtual desktop assignments that span multiple pods and sites.
  • Universal Broker and multi-cloud assignments now support Horizon pods on Azure VMware Solutions (AVS), enabling unified brokering of multi-cloud assignments across hybrid and multi-cloud deployments, supporting both Horizon pods and Horizon Cloud pods on Microsoft Azure.
  • App Volumes for Horizon Cloud pods on Microsoft Azure now supports Windows 10 Enterprise multi-session, allowing multiple users to each login into individual sessions with their own app assignments. App Volumes and MSIX app attach formats can be delivered to a session simultaneously, and the App Volumes agent will use the correct mode of virtualization for each format respectively.
  • Multi-cloud virtual desktop assignments for Horizon Cloud pods on Microsoft Azure now support multiple tenant subnets from either the pod’s VNet or from multiple connected, peered VNets. (Feature debuted on February 23, 2021)
  • Image Management Service for Horizon Cloud pods on Microsoft Azure is in Limited Availability. For more information and to request access to this feature, please email the VMware Horizon Cloud Service team at horizoncloudservice@vmware.com.
  • Administrators can now generate Agent DCT logs from within the console for virtual desktop assignments and Farms on Horizon Cloud pods on Microsoft Azure. This feature is in Limited Availability. For more information, please email the VMware Horizon Cloud Service team at horizoncloudservice@vmware.com.
App Volumes

AppVolumes 2103 (4.4) Tools – Off line packaging for both AppVolumes On-Prem and on Azure

March 26, 2021

One of the great update from AppVolumes 2103 (aka 4.4) is now you can install only App Volumes Tools and package applications offline from a simple VM on VMware Workstation for example and produce the same package for App Volumes on Prem (.vmdk file) and for App Volumes on Azure (.vhd files). So exactly the same package for both environment.

So let me describe how I created my “Capture and Build” VM, how to capture and import your applications….

Continue reading…
Horizon

Awaited feature now available on Horizon 2103… Join VM in untrusted Domains

March 24, 2021

One year ago I posted a feature request for one of my customer who require to deploy Instant Clone VM on many Active Directory domain without Trust Relationship within each other and with the domain used by the Horizon Connection Server, so what was my surprise when I received the Announcing General Availability of Horizon Enterprise 2103 and saw this feature is now available 🙂

App Volumes / Dynamic Environment Manager / Horizon / Unified Access Gateway

New Release of Horizon Enterprise 2103 and Unified Access Gateway 2103

March 24, 2021

What’s New?

  • Horizon Server
    • Added support for “Global Access Group”
    • Added support for open source database — “PostgresSQL”
    • Added support for untrusted domain
    • Pegged unabated growth of event database
    • Ability to pre-assign computer names to instant clone desktops
    • Delivered View API parity REST APIs
  • Horizon Agents & Clients
    • Teams offload Mac client
    • USB redirection for HTML Access & Chrome client
    • Pen redirection iOS & Android
    • HEVC 444 Intel GPU Linux client
    • Bandwidth control for integrated printing
    • Serial port improvements, auto mapping, ID passing
    • Agent hot patch via MSP
    • Expose HCA, H.264/H.265 enablement and networking client settings to registry and GPO template
    • Drop 32-bit support Windows agent, Linux agent and client
  • App Volumes
    • Support for Windows 10 Enterprise multi-session on Horizon Cloud on Azure
    • App Volumes Command-Line Capture Program for working with App Volumes and MSIX formatted VMDK and VHD packages
    • Global option to allow the same packages to work across both VDI/RDSH regardless of the packaging OS used
  • Dynamic Environment Manager
    • Replication of the Script folder in SyncTool
    • Simplification of computer environment configuration
    • Support for late arrival of system environment variables in agent configuration for computer environment settings
    • Improvements in default printer logic to roam default printer settings for redirected printers
Azure / Horizon Cloud / PowerShell

Horizon Cloud from Zero to Hero – Set your Azure AD subscription ready for Horizon Cloud

March 4, 2021

In order to deploy Horizon Cloud on Azure, you first need to perform many task on Azure side like creating Virtual Network and so on. This can be done from the Azure portal or you can also use PowerShell to accomplish all tasks…

Before, let me tell you that all the merit for the following script must go to my colleague Roch Norwa and you can find the initial version on his blog here : https://digitalworkspace.blog/2020/04/19/horizon-cloud-on-azure-introduction-and-deployment-automation-script/

I made some slight changes to Roch scripts :

  • Added registration of Microsoft.SQL to the management subnet
  • Use only one Virtual Networ instead of 2
  • Use 3 of subnets instead of 2 : Management, VDI (and RDS host) and UAG
  • Changed Register-AzureRmResourceProvider for Register-AzResourceProvider
Continue reading…
PowerShell

PowerCLI and VMware Horizon.. error BaseImageVM_List

March 4, 2021

PowerShell and more specifically VMware PowerCLI (who are the PowerShell commands to manage VMware Infrastructure with around 800 cmdlets) are incredible tools who extremely facilitate administrators day to day life…

Now sometime it happens, after an upgrade, that didn’t work any more as expected.

In order to manage Horizon deployment using PowerShell scripts, using PowerCLI is not enough and you need to add the VMware.HV.Helper modules who contains many commands and more especially the New-HVPool one in order to create Horizon pools.

Continue reading…
vSphere

vCenter 7 – Depreciation of IWA…

January 30, 2021

Every Friday we have an informal meeting with peoples from VMware PS: Architect, Sr Consultant and Consultant but also TAM and Project manager as well and today we spoke about the depreciation of IWA with vCenter 7 and so the necessity to move to AD FS for upcoming release :

Deprecation of Integrated Windows Authentication

Integrated Windows Authentication (IWA) is deprecated in vSphere 7.0 and will be removed in a future release. For more information, see VMware Knowledge Base article 78506

So we started to have look about how to move from IWA to AD FS and for this I deployed a brand new vCenter 7 on my own labs as many questions arise : How other applications will deal with this change (I mainly thought to Horizon and App Volumes Manager) but also could we still connect using the local vsphere.local domain. Spoiler : Yes it works for both (external apps and using local account)

Now let see how to configure this 🙂

Continue reading…
Workspace One Access (Aka Identity Manager)

Adding Static Route to WS1 Access

January 21, 2021

I had a request from Spanish colleagues about adding static routes to Workspace One Access (in their case it was because of database in a different network).

I first had a look on our internal channel on Slack and find a first way to do it … but with Identity Manager version 3.3. However, when I try to test it in my Home Lab using my on-premise WS1 Access 20.10 it was totally different. vIDM 3.3 is based on Suse Linux when WS1 Access 20.10 is based on Photon 3. After some exchange by mail with my colleagues, they sent me the procedure they used for their deployment… different for the first two !!!
Yes they deployed Workspace One Access 20.01…

Basically both method work with vIDM 3.3 and Workspace One v20.01 as both are running Suse Linux

Method 1 : for Identity Manager 3.3 and WS1 Access 20.01: (thanks to Mahmood Ramzan for this one)

First edit “routes” files in /etc/sysconfig/network

vi /etc/sysconfig/network/routes

Then add your route in this form : <net_range>/<mask> <gateway> <interface>

10.1.2.0/24 192.168.12.254 eth0

Then restart your network and confirm the route is persistent:

# /etc/init.d/network restart
# ip route list

Method 2 : for Identity Manager 3.3 and WS1 Access 20.01: (thanks to Javier Perez for this one) :

After connecting to WS1 using sshuser and sudo as root (or direct login as root), create the ifroute-eth0 file

# vim /etc/sysconfig/network/ifroute-eth0

Add your route (same format as for vIDM 3.3)
and set permission on this file:

# chmod 644 /etc/sysconfig/network/ifroute-eth0

Restart your network as explained above.

Method for Workspace One Access 20.10 and upward :
Starting with Workspace One Access 20.10, appliance are based on Photon 3.0. So adding a file call route-eth0 in /etc/sysconfig/network-scripts make it works by running /etc/sysconfig/network-scripts/ifup-routes but it doesn’t works when booting the appliance.

To add static routes to Photon appliance you need to follow this procedure :

So once logged as root edit this file : /usr/local/horizon/scripts/networkwizard.hzn

# vi /usr/local/horizon/scripts/networkwizard.hzn

Find the section “function save_sysconfig_properties” around line 800 (803 to be precise)

Alter the file to set the routes by adding the following lines in green :

function save_sysconfig_properties() {
    if [ $ETHO_DEVICE_RESTORED -eq 0 ]; then
      # any DHCP
      local DHCP=no
      if [ "$SYSCONF_IPV4_IP0" = "DHCP" -a "${SYSCONF_IPV6_IP[0]}" = "DHCP" ]; then
          DHCP="yes"
      elif [ "$SYSCONF_IPV4_IP0" = "DHCP" ]; then
          DHCP="ipv4"
      elif [ "${SYSCONF_IPV6_IP[0]}" = "DHCP" ]; then
          DHCP="ipv6"
      fi
      echo save $ETH0_CONF
      echo -n > $ETH0_CONF
      echo "[Match]" >> $ETH0_CONF
      echo "Name=eth0" >> $ETH0_CONF
      echo "" >> $ETH0_CONF
      echo "[Network]" >> $ETH0_CONF
      echo "DHCP=$DHCP" >> $ETH0_CONF
      if [ -n "$SYSCONF_IPV4_IP0" -a "$SYSCONF_IPV4_IP0" != "DHCP" ]; then
          echo "Address=$SYSCONF_IPV4_IP0/`mask2cdr $SYSCONF_IPV4_NETMASK`" >> $ETH0_CONF
          echo "Gateway=$SYSCONF_IPV4_GATEWAY" >> $ETH0_CONF
          echo "DNS=$SYSCONF_NET_DNS" >> $ETH0_CONF
          echo "LinkLocalAddressing=no" >> $ETH0_CONF
          echo "IPv6AcceptRA=no" >> $ETH0_CONF
          echo "[Route]" >> $ETH0_CONF
          echo "Destination=10.0.0.0/24" >> $ETH0_CONF
          echo "Gateway=192.168.0.250" >> $ETH0_CONF
          echo "GatewayOnlink=true" >> $ETH0_CONF
      fi
      if [ -n "${SYSCONF_IPV6_IP[0]}" -a "${SYSCONF_IPV6_IP[0]}" != "DHCP" ]; then
          local ndx=0
          while true
          do
              local tmpip=${SYSCONF_IPV6_IP[$ndx]}
              local tmppfx=${SYSCONF_IPV6_PFX[$ndx]}
              if [ -z "$tmpip" ]; then
                  break
              fi
              echo "Address$ndx='$tmpip/$tmppfx'" >> $ETH0_CONF
              ndx=$(($ndx + 1))
          done
      fi
    fi
}

Reboot the appliance to ensure it works fine