- RSS Channel Showcase 9093820
- RSS Channel Showcase 9501194
- RSS Channel Showcase 3082833
- RSS Channel Showcase 5577890
Articles on this Page
- 02/22/18--06:29: _Re: 2-way forest tr...
- 02/22/18--07:10: _Re: 2-way forest tr...
- 02/23/18--00:58: _Re: os permissions ...
- 02/23/18--10:23: _Size of VCSA applia...
- 02/23/18--10:45: _Rebooting UAGs
- 02/23/18--11:12: _Re: Size of VCSA ap...
- 02/23/18--11:14: _Re: Size of VCSA ap...
- 02/23/18--11:46: _Re: Rebooting UAGs
- 02/23/18--12:06: _Re: Rebooting UAGs
- 02/23/18--12:19: _Re: Rebooting UAGs
- 02/23/18--14:14: _Re: viewdbchk on Ho...
- 02/24/18--12:36: _Re: Rebooting UAGs
- 02/24/18--12:51: _Re: Rebooting UAGs
- 02/25/18--03:26: _Re: Rebooting UAGs
- 02/25/18--20:51: _Re: Recomposing Win...
- 02/26/18--06:39: _Re: 2-way forest tr...
- 02/27/18--03:03: _MultiScreen
- 02/27/18--08:29: _Re: MultiScreen
- 02/27/18--10:48: _Re: Confining View ...
- 02/27/18--10:53: _Re: Rebooting UAGs
- 02/22/18--06:29: Re: 2-way forest trust - domain status error detected
- 02/22/18--07:10: Re: 2-way forest trust - domain status error detected
- 02/23/18--00:58: Re: os permissions for View 6.2 PowerCLI scripts
- 02/23/18--10:23: Size of VCSA appliance for View
- 02/23/18--10:45: Rebooting UAGs
- 02/23/18--11:12: Re: Size of VCSA appliance for View
- 02/23/18--11:14: Re: Size of VCSA appliance for View
- 02/23/18--11:46: Re: Rebooting UAGs
- 02/23/18--12:06: Re: Rebooting UAGs
- 02/23/18--12:19: Re: Rebooting UAGs
- 02/23/18--14:14: Re: viewdbchk on Horizon 7.3.2
- 02/24/18--12:36: Re: Rebooting UAGs
- 02/24/18--12:51: Re: Rebooting UAGs
- 02/25/18--03:26: Re: Rebooting UAGs
- 02/25/18--20:51: Re: Recomposing Win10 1709 with Horizon 7.4, stuck at customizing
- 02/26/18--06:39: Re: 2-way forest trust - domain status error detected
- 02/27/18--03:03: MultiScreen
- 02/27/18--08:29: Re: MultiScreen
- 02/27/18--10:48: Re: Confining View to one monitor not two
- 02/27/18--10:53: Re: Rebooting UAGs
I think the culprit was selective authentication, after changing it to Forest-wide authentication the domain became green.
My question here is what needs to be done if you want to have selective authentication enabled ?
Probably you need to give computer objects of view connection servers a permission to read another domain and maybe allow to authenticate on DCs from another domain ?
That's Great bro . Ok now we can look at the other problem (i.e. to secure cross domain env.). but please, mark this query as answered
usually, we require a user that must have cross domain access and in this case the only thing we may have is the membership to a security group that holds the scope of Enterprise Admins or Enterprise Domain Admins (Global Level). for security purpose, we can encrypt its cross forest communication by enable AES Auth and with complex password. but "Delegation of Authority" would be difficult and may result in partial Two-way Trust once again.
let me re-check it on my side and then i'll be able to answer it more confidently. but this is for sure that you have to compromise on above settings, still we can look for more secure way mentioned earlier in-case of password complexity and AES encryption (default behave you can find it to enable in user's property pages).
Hope this would be helpful for your further.
OK, it is more complicated than I expected.
I have found out following.
1) When I logon with the user account interactively and run the script it works fine.
2) When I run the script remotely (invoke-command) with same user credentials all View PowerCLI commandlets return mentioned error.
3) If I add local administrator rights to the user and run the script remotely again it works fine.
Any idea what is needed to set to avoid local admin rights for the user?
Hi. We are starting a View 7 deployment as a pilot to hopefully go production. We only have 1,000 View licenses now. But I imagine that would expand. When I deploy the VCSA v6.5 appliance, do I still choose the size of the appliance based the number of possible desktop vms we may have at one time? We have the Enterprise license so we do play on using Instant Clones.
Our computer vCenter infrastructure uses all Medium deployments. I am just thinking if I ever go over 4,000 View licenses if I would need the Large vCenter deployment. Thanks,,,
We have 2 UAGs in our DMZ, that are connected to 2 connection brokers via an F5 LTM. Our understanding was a benefit of the UAGs vs. security servers, was that if users are connected using UAG, they will not get kicked if we have to restart one of the UAGs. Essentially if the connection is brokered, the UAG is out of the mix. But that's not what we're seeing. When we reboot a UAG, the person gets bounced. Is our expectation of this behavior incorrect?
I would size it based on the total # of desktops/hosts it is expected to support. If you're not sure that you will expand beyond 1,000, it is possible to resize the VCSA in the future. There are blog articles on how to do it, but I'd clear it with support first.
Hi. Thank you very much. I will use a medium. Thanks,,,
Right this is my biggest problem with the UAG's. You can't just reboot the UAG's and have them magically move the users that are connecting through them to other UAG's.
It's almost a poor man's solution (For a very expensive product) but you have to use Quiesce mode on the UAG (Or disable in the load balancer) to drain the UAG's. Then once all users are off the UAG you can reboot it. I suggested a solution that will auto move sessions to another UAG for a truly seamless experience while performing maintenance etc. Hopefully VMWare one day engineers such a solution.
Thanks. That settles that. Kind of a bummer, we were kind of sold on that being the case. I guess technically quiesce mode does it, but, it's not how we understood it.
One annoyance as well. We are using CPA across 2 data centers. If I authenticate via the UAGs in DC1, but am given a VM from a pool in DC2, my session doesn't identify which UAG I used. Hence if I throw a UAG in quiesce mode, I technically won't know if everyone's off it, because they could be in the opposite DC. When I connect all within the same DC, I cans ee which UAG I am on in the Security Gateway tab in the session (Horizon 7.3.2).
I have ran into this same behavior on one of our two connection servers as well. Not sure why it never happens on the other connection server.
I tried what you suggested and logged in with another admin account. Running script and entering password under this account works fine...
Separate question but kind of related.
We utilize F5 as our load balancer. Essentially all users, internally and externally, go to a GTM. We'll call it https://vdi.site.com. For this discussion, since it's UAG, we'll stick to external use case.
When they hit the GTM, there are 2 LTMs behind it:
DC1LTM = UAG 1, UAG 2
DC2LTM = UAG 1, UAG 2
The UAGs themselves are pointed at another LTM for connectivity to their Horizon brokers. My question is though, when I set say the DC1s UAGs into quiesce mode, how does the F5 know not to send traffic that way? Is there a health check that can be configured for the F5 to be aware of quiesce mode?
Probably a question for F5 I suppose, but, thought I'd try here.
Excellent question. I can't speak for F5 since we use Citrix Netsalers but yes as you said you must have a health check configured on the F5 that will know if the UAG is in quiesce mode. Again this is what works on Netscaler so it may be different On F5. This should return a 200 if successful and 503 if UAG is in quiesce mode.
o Send String: “GET /favicon.ico HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n”
Hi can you confirm if you have upgraded view composer to Horizon 7.4 build when you hit this issue? If possible attach view log bundle from desktop machine when it fails to recompose.
Follow https://kb.vmware.com/s/article/2030311 to disable automated recovery if needed.
OK, I have tested this and you must grant "allow to authenticate" permission on the domain controllers from another domain for your view server computer objects. After that it starts working normally.
I'm using Horizon View 7.X and Windows Server 2016 RDS Host to publish session for my users.
I would know how to restrict Horizon Client to use only 1 monitor if users get 2+ monitors instead of using all monitors by default.
Thank you for your help.
When creating or editing a pool, there's a tab (section) for "Desktop Pool Settings" - Within that, there's a section for "Remote Display Protocol" - It has tons of options including 3D Rendering, Max Resolution, and Max # of monitors per session.
I have just got my 4 monitors set up for my work pc. 2 using onboard graphics, and 2 using an Asus EN210 PCIe card. I am trying to set them up in a specific layout, but I cannot seem to get it working, and I am not sure if it is possible or not, ShowBoxLucky PatcherKodi
Do changes to the props.conf really require a restart of splunk? Is there a way to apply the changes without restarting?