Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


Channel Description:

Most recent forum messages

older | 1 | .... | 828 | 829 | (Page 830) | 831 | 832 | .... | 904 | newer

    0 0

    I think the culprit was selective authentication, after changing it to Forest-wide authentication the domain became green.

     

    My question here is what needs to be done if you want to have selective authentication enabled ?

    Probably you need to give computer objects of view connection servers a permission to read another domain and maybe allow to authenticate on DCs from another domain ?


    0 0

    That's Great bro . Ok now we can look at the other problem (i.e. to secure cross domain env.). but please, mark this query as answered

     

    usually, we require a user that must have cross domain access and in this case the only thing we may have is the membership to a security group that holds the scope of Enterprise Admins or Enterprise Domain Admins (Global Level). for security purpose, we can encrypt its cross forest communication by enable AES Auth and with complex password. but "Delegation of Authority" would be difficult and may result in partial Two-way Trust once again.

     

    let me re-check it on my side and then i'll be able to answer it more confidently. but this is for sure that you have to compromise on above settings, still we can look for more secure way mentioned earlier in-case of password complexity and AES encryption (default behave you can find it to enable in user's property pages).

     

    Hope this would be helpful for your further.


    0 0

    OK, it is more complicated than I expected.

     

    I have found out following.

     

    1) When I logon with the user account interactively and run the script it works fine.

    2) When I run the script remotely (invoke-command) with same user credentials all View PowerCLI commandlets return mentioned error.

    3) If I add local administrator rights to the user and run the script remotely again it works fine.

     

    Any idea what is needed to set to avoid local admin rights for the user?

     

    Thanks


    0 0

    Hi. We are starting a View 7 deployment as a pilot to hopefully go production. We only have 1,000 View licenses now. But I imagine that would expand. When I deploy the VCSA v6.5 appliance, do I still choose the size of the appliance based the number of possible desktop vms we may have at one time? We have the Enterprise license so we do play on using Instant Clones.

     

    Our computer vCenter infrastructure uses all Medium deployments. I am just thinking if I ever go over 4,000 View licenses if I would need the Large vCenter deployment. Thanks,,,


    0 0
  • 02/23/18--10:45: Rebooting UAGs
  • We have 2 UAGs in our DMZ, that are connected to 2 connection brokers via an F5 LTM. Our understanding was a benefit of the UAGs vs. security servers, was that if users are connected using UAG, they will not get kicked if we have to restart one of the UAGs. Essentially if the connection is brokered, the UAG is out of the mix. But that's not what we're seeing. When we reboot a UAG, the person gets bounced. Is our expectation of this behavior incorrect?


    0 0

    I would size it based on the total # of desktops/hosts it is expected to support.  If you're not sure that you will expand beyond 1,000, it is possible to resize the VCSA in the future.  There are blog articles on how to do it, but I'd clear it with support first.


    0 0

    Hi. Thank you very much. I will use a medium. Thanks,,,


    0 0
  • 02/23/18--11:46: Re: Rebooting UAGs
  • Right this is my biggest problem with the UAG's. You can't just reboot the UAG's and have them magically move the users that are connecting through them to other UAG's.

     

    It's almost a poor man's solution (For a very expensive product) but you have to use Quiesce mode on the UAG (Or disable in the load balancer) to drain the UAG's. Then once all users are off the UAG you can reboot it. I suggested a solution that will auto move sessions to another UAG for a truly seamless experience while performing maintenance etc. Hopefully VMWare one day engineers such a solution.


    0 0
  • 02/23/18--12:06: Re: Rebooting UAGs
  • Thanks. That settles that. Kind of a bummer, we were kind of sold on that being the case. I guess technically quiesce mode does it, but, it's not how we understood it.


    0 0
  • 02/23/18--12:19: Re: Rebooting UAGs
  • One annoyance as well. We are using CPA across 2 data centers. If I authenticate via the UAGs in DC1, but am given a VM from a pool in DC2, my session doesn't identify which UAG I used. Hence if I throw a UAG in quiesce mode, I technically won't know if everyone's off it, because they could be in the opposite DC. When I connect all within the same DC, I cans ee which UAG I am on in the Security Gateway tab in the session (Horizon 7.3.2).


    0 0

    I have ran into this same behavior on one of our two connection servers as well.  Not sure why it never happens on the other connection server.

     

    I tried what you suggested and logged in with another admin account.  Running script and entering password under this account works fine...


    0 0
  • 02/24/18--12:36: Re: Rebooting UAGs
  • Separate question but kind of related.

     

    We utilize F5 as our load balancer. Essentially all users, internally and externally, go to a GTM. We'll call it https://vdi.site.com. For this discussion, since it's UAG, we'll stick to external use case.

     

    When they hit the GTM, there are 2 LTMs behind it:

     

    DC1LTM = UAG 1, UAG 2

    DC2LTM = UAG 1, UAG 2

     

    The UAGs themselves are pointed at another LTM for connectivity to their Horizon brokers. My question is though, when I set say the DC1s UAGs into quiesce mode, how does the F5 know not to send traffic that way? Is there a health check that can be configured for the F5 to be aware of quiesce mode?

     

    Probably a question for F5 I suppose, but, thought I'd try here.


    0 0
  • 02/24/18--12:51: Re: Rebooting UAGs
  • Excellent question. I can't speak for F5 since we use Citrix Netsalers but yes as you said you must have a health check configured on the F5 that will know if the UAG is in quiesce mode. Again this is what works on Netscaler so it may be different On F5. This should return a 200 if successful and 503 if UAG is in quiesce mode.

     

    o   Send String: “GET /favicon.ico HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n”

     


    0 0
  • 02/25/18--03:26: Re: Rebooting UAGs
  • 0 0

    Hi can you confirm if you have upgraded view composer to Horizon 7.4 build when you hit this issue? If possible attach view log bundle from desktop machine when it fails to recompose.

    Follow https://kb.vmware.com/s/article/2030311 to disable automated recovery if needed.


    0 0

    OK, I have tested this and you must grant "allow to authenticate" permission on the domain controllers from another domain for your view server computer objects. After that it starts working normally. 


    0 0
  • 02/27/18--03:03: MultiScreen
  • Hello,

     

    I'm using Horizon View 7.X and Windows Server 2016 RDS Host to publish session for my users.

    I would know how to restrict Horizon Client to use only 1 monitor if users get 2+ monitors instead of using all monitors by default.

     

    Thank you for your help.

     

    Benjamin.


    0 0
  • 02/27/18--08:29: Re: MultiScreen
  • When creating or editing a pool, there's a tab (section) for "Desktop Pool Settings" - Within that, there's a section for "Remote Display Protocol" - It has tons of options including 3D Rendering, Max Resolution, and Max # of monitors per session.


    0 0

    I have just got my 4 monitors set up for my work pc. 2 using onboard graphics, and 2 using an Asus EN210 PCIe card. I am trying to set them up in a specific layout, but I cannot seem to get it working, and I am not sure if it is possible or not, ShowBoxLucky PatcherKodi

     


    0 0
  • 02/27/18--10:53: Re: Rebooting UAGs
  • Do changes to the props.conf really require a restart of splunk? Is there a way to apply the changes without restarting?


older | 1 | .... | 828 | 829 | (Page 830) | 831 | 832 | .... | 904 | newer