Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Channel Catalog


Channel Description:

Most recent forum messages

older | 1 | .... | 894 | 895 | (Page 896) | 897 | 898 | .... | 904 | newer

    0 0

    Might be more of a Dell/Wyse question, but, wanted to see if anyone on these forums bumped into this.

     

    In our environment we use the Wyse 5010 w/ PCoIP terminal as our standard endpoint. We are a Windows 7 shop on Horizon 7.3.2. We are able to get the SpeechMikes passed into the Horizon session, via splitting the vid/pid at the terminal level. This setup has worked for us for a few years now, no issue.

     

    Recently we began developing a Win 10 image as well using Blast. Using the same terminal endpoint, signing into our Windows 10 image, Blast uses the mic just fine still. However, on PCoIP, no audio in is happening. We see the mi in device manager just fine, and audio OUT from the mic still works, just not audio in. The Philips control center client sees the device, it allows config of the buttons on the mic, all seems well, except audio in.

     

    In a nutshell:

     

    All from an identical endpoint:

    Win 7 Blast - Mic fine

    Win 7 PCoIP - Mic Fine

    Windows 10 Blast - Mic Fine

    Windows 10 PCoIP - Mic bad.

     

    I tried installing the teradici audio driver in the base just to see if it made a difference, but, no luck.

     

    I'm opening a ticket with Dell in parallel, but, any feedback here, I'd be happy to get.

     

    Thanks in advance.


    0 0

    We have a need to deploy firefox via a virtual application to desktops that do not have internet access to minimize the chance of viruses on these desktops. When the users launch the virtual application, is it within it's own box? Or can the RDS host potentially get a virus from the internet useage?


    0 0

    The RDS host itself would be vulnerable, but the desktops running the Horizon client should be safe as the only traffic they are seeing is the remote display protocol traffic (assuming you have things like USB redirection, client drive redirection, copy/paste, etc disabled).. 


    0 0

    I'm again seeing issues with the UAG on 3.3.1 fail to deploy a PKCS#12 certificate generated from a Microsoft server. Using openssl I have to convert the PKCS#12 certificate to a PEM and then directly back to a PKCS#12 certificate and then the UAG will deploy with it.

     

    markbenson


    0 0

    thats correct , while importing the pfx into connection server please check export private key option to fix this error


    0 0

    Hi, had the same problem, added local administrators group on both our connection servers on the Java key. Works just fine now!

     

    HKLM\Software\VMware, Inc.\VMware VDM\KeyVaultCNG\java.

     

    MrCheesecake  had the solution !!

     

    //Bengt


    0 0

    like pchapman said your RDS host would be vulnerable.

     

    I think your best bet is to look at ThinApp to encapsulate a browser and remove access to the filesystem.


    0 0

    Hello community!

     

    So, i'm trying to understand how can i use NSX load balancing to do both the external load balancing for the UAG and the internal load balancing for the connection servers. I know best practices would be be the In line topology, but what i am wondering is: can i make both load balancers in one EDGE? Or i would need two edges in my topology: one to be the external load balancer balacing the UAGS and another edge to be the internal load balancer to balance the connection servers?


    0 0

    I don't use NSX but I think you are mixing up the UAG and security servers. The security servers required a in line or 1:1 topology between the security server and the connection server. With a UAG that is no longer the case and they can be both load balanced and point to a load balanced VIP of connection servers as long as persistence is configured correctly.


    0 0

    I'm talking about the UAG! For external access they can have a VIP loading balancing the UAG. And between the UAG and the connections servesr i can have an interval loading balancing the connections servers. So it would be something like that:

     

          LB External VIP (DMZ)

                   |

                   |

    UAG1 ---------  UAG2

                   |

                   |

         LB Internal VIP (INTERNAL)

                   |

                   |

    CS1------------- CS2

     

     

    What i am trying to understand is: can LB External VIP and LB Internal VIP be configured in the same NSX EDGE? Would that make sense? Or i need two NSX EDGE, one to configure the external LB and the other to confiugre de internal LB.


    0 0

    Your diagram is correct and that's how our environment looks with the exception that we have additional UAG/connection servers.

     

    I unfortunately can't speak to the need for multiple NSX edges since I'm not familiar with it. However, it's important that the VIP and subnets that the UAG and connections servers are on are all different so you can firewall between them.


    0 0

    This was a known issue in View 7.4 7400497 which has been fixed in View 7.5.1 onwards.


    0 0

    Hi,

     

    We have a closed environment so no access to the internet.

    We do not have a internal CA, so we need to order a certificate from a certificate vendor.

    What kind of certificate could we order, so that the clients that connect to the environment can trust the solution ?

     

    If our domain is named private.local is that ok, or do we have to have like private.com ?

    Is it ok with a wildcard certificate ?

    Any good articles is also appreciated.

     

    Thanks for reply

     

    /R

    Andreas


    0 0

    In November of 2015 the CA/Browser Forum (CA/B) published that public certificate authorities were supposed to stop issuing certs for internal names or private IP addresses after July 1, 2012.

    Guidance on Internal Names - CAB Forum

    Internal Server Name SSL Certificate Issuance After 2015

    Replace Your Certificates for Internal Names | DigiCert Blog

     

    You just need a simple web server cert installed on the connection servers for something like vdi.example.com using a public domain that you own.

     

    1. Do you own a external domain that you can purchased a SSL cert for?
    2. Do you run a internal DNS server that you can configure split DNS on for the external domain?
    3. How many connection servers do you have?
    4. Do you have a load balancer?
    5. Is tunneling enabled on the connection servers?
    6. What display protocol are you using (Blast, PCoIP)?
    7. What clients do you use (Horizon Client, Zero/Thin client, HTML access)?

     

    If you have two connection servers (cs1.company.local and cs2.company.local) you could purchase a single web server cert named vdi.company.com with SAN entries for vdi.company.com, cs1.company.com and cs2.company.com (Do this regardless of if you have a load balancer). Then install that cert on the load balancer (skip this if you don't have one), both connection servers and configure split DNS to resolve vdi.company.com to the internal IP of the load balancer, cs1.company.com to the internal IP of cs1 and cs2.company.com to the internal IP of cs2. You should not create public DNS entries that resolve to the private IP address. Replacing the SSL certificate is just a matter of importing it into the cert store on each connection server, removing the "vdm" friendly name from the existing cert, adding the "vdm" friendly name to the new cert and restarting the connection server services.


    0 0

    Hi,

     

    Thanks for reply, and good links.

     

    Do you own a external domain that you can purchased a SSL cert for but only use internally with split DNS?

    - No this is a closed small domain with only 2 domain controllers, some file servers, horizon view installation, and 20 clients.

    - There is absolutely no access to the internet, and there will not be either.

    How many connection servers do you have?

    - There are 2 connections servers

    Do you have a load balancer?

    - No

    Is tunneling enabled on the connection servers?

    - No

    What display protocol are you using (Blast, PCoIP)?

    - PcoIP

    What clients do you use (Horizon Client, Zero/Thin client, HTML access)?

    - Thin client

     

    If I understand this correctly there is not a solution longer to order a SSL certificate for a private.local domain ? I must change it to private.com for example ?

    Or am i misunderstanding ? Certificates are not my strongest area.

     

    So what are my options ?


    0 0

    Is this production or a lab? You will be vulnerable to a MiTM but you could turn off SSL checking if this is a air gaped/protected network and you don't have any compliance requirements to have certificates.

     

    If that won't work you will need to purchase a external domain name (e.g. company.com) to then purchase a SSL cert for that domain (e.g. vdi.company.com). You will then use split DNS to point vdi.company.com to your load balancer or connection servers.


    0 0

    Hi

    Have you got any solution for the issue mentioned.we have vmware horizon 7 and everyday morning people are calling for the desktop unavailable issue.

    The desktop is pinging and even in the console it shows the user is logged in if we try a admin account.in view admin console it shows agent unreachable.


    0 0

    any luck for the issue mentioned.we are also facing the same issue..

     

    I would be really grateful if someone auggestsa fix..


    0 0

    The only time we get that issue is if there are not enough available desktops in the pool.  The user obviously is entitled to said pool or they wouldn't get that far but there may be no available desktops to pick from.  Is this a dedicated or floating pool? 


    0 0

    We have Horizon 7.2 using ESXi 6.0.0 and vCenter 6.0.0

    I have multiple pools that are now experiencing 5+ minute login times and after calling VMware the initial fix was to uninstall the view agent and VMware Tools then reinstall those.  That successfully increased the login times to 7+ minutes.  I tried this on another pool and the login time jumped to 20+ minutes followed by an error which logged me out.

    This is a production environment so, shockingly, I'm getting pressure to fix this.  Any suggestions on how to drastically lower the login times?


older | 1 | .... | 894 | 895 | (Page 896) | 897 | 898 | .... | 904 | newer