- RSS Channel Showcase 8973514
- RSS Channel Showcase 8806105
- RSS Channel Showcase 5452256
- RSS Channel Showcase 2621001
Articles on this Page
- 09/26/18--08:35: _Philips SpeechMike ...
- 09/26/18--09:06: _Internet use via a ...
- 09/26/18--11:37: _Re: Internet use vi...
- 09/26/18--11:42: _Re: Deploying UAG 3...
- 09/26/18--21:59: _Re: View Horizon 7 ...
- 10/01/18--01:39: _Re: viewdbchk on Ho...
- 10/01/18--04:49: _Re: Internet use vi...
- 10/02/18--04:19: _UAG and Connection ...
- 10/02/18--08:00: _Re: UAG and Connect...
- 10/02/18--09:05: _Re: UAG and Connect...
- 10/02/18--09:54: _Re: UAG and Connect...
- 10/02/18--14:39: _Re: Recomposing VM ...
- 10/03/18--05:42: _Install certificate...
- 10/03/18--07:04: _Re: Install certifi...
- 10/03/18--07:21: _Re: Install certifi...
- 10/03/18--07:28: _Re: Install certifi...
- 10/03/18--11:26: _Re: Error: The assi...
- 10/03/18--11:30: _Re: Desktop Source ...
- 10/04/18--08:18: _Re: Desktop Source ...
- 10/04/18--08:21: _Insane login times ...
- 09/26/18--08:35: Philips SpeechMike Audio In Issue (Win10)
- 09/26/18--09:06: Internet use via a virtual app to minimize chance of a virus
- 09/26/18--11:37: Re: Internet use via a virtual app to minimize chance of a virus
- 09/26/18--21:59: Re: View Horizon 7 admin page - ERR_SSL_VERSION_OR_CIPHER_MISMATCH
- 10/01/18--01:39: Re: viewdbchk on Horizon 7.3.2
- 10/01/18--04:49: Re: Internet use via a virtual app to minimize chance of a virus
- 10/02/18--04:19: UAG and Connection Server Load balancing with NSX
- 10/02/18--08:00: Re: UAG and Connection Server Load balancing with NSX
- 10/02/18--09:05: Re: UAG and Connection Server Load balancing with NSX
- 10/02/18--09:54: Re: UAG and Connection Server Load balancing with NSX
- 10/02/18--14:39: Re: Recomposing VM or pool : Refit operation resync failed
- 10/03/18--05:42: Install certificate on Horizon view solution
- 10/03/18--07:04: Re: Install certificate on Horizon view solution
- Do you own a external domain that you can purchased a SSL cert for?
- Do you run a internal DNS server that you can configure split DNS on for the external domain?
- How many connection servers do you have?
- Do you have a load balancer?
- Is tunneling enabled on the connection servers?
- What display protocol are you using (Blast, PCoIP)?
- What clients do you use (Horizon Client, Zero/Thin client, HTML access)?
- 10/03/18--07:21: Re: Install certificate on Horizon view solution
- 10/03/18--07:28: Re: Install certificate on Horizon view solution
- 10/03/18--11:30: Re: Desktop Source unavailable
- 10/04/18--08:18: Re: Desktop Source unavailable
- 10/04/18--08:21: Insane login times - Win10 LTSB
Might be more of a Dell/Wyse question, but, wanted to see if anyone on these forums bumped into this.
In our environment we use the Wyse 5010 w/ PCoIP terminal as our standard endpoint. We are a Windows 7 shop on Horizon 7.3.2. We are able to get the SpeechMikes passed into the Horizon session, via splitting the vid/pid at the terminal level. This setup has worked for us for a few years now, no issue.
Recently we began developing a Win 10 image as well using Blast. Using the same terminal endpoint, signing into our Windows 10 image, Blast uses the mic just fine still. However, on PCoIP, no audio in is happening. We see the mi in device manager just fine, and audio OUT from the mic still works, just not audio in. The Philips control center client sees the device, it allows config of the buttons on the mic, all seems well, except audio in.
In a nutshell:
All from an identical endpoint:
Win 7 Blast - Mic fine
Win 7 PCoIP - Mic Fine
Windows 10 Blast - Mic Fine
Windows 10 PCoIP - Mic bad.
I tried installing the teradici audio driver in the base just to see if it made a difference, but, no luck.
I'm opening a ticket with Dell in parallel, but, any feedback here, I'd be happy to get.
Thanks in advance.
We have a need to deploy firefox via a virtual application to desktops that do not have internet access to minimize the chance of viruses on these desktops. When the users launch the virtual application, is it within it's own box? Or can the RDS host potentially get a virus from the internet useage?
The RDS host itself would be vulnerable, but the desktops running the Horizon client should be safe as the only traffic they are seeing is the remote display protocol traffic (assuming you have things like USB redirection, client drive redirection, copy/paste, etc disabled)..
I'm again seeing issues with the UAG on 3.3.1 fail to deploy a PKCS#12 certificate generated from a Microsoft server. Using openssl I have to convert the PKCS#12 certificate to a PEM and then directly back to a PKCS#12 certificate and then the UAG will deploy with it.
thats correct , while importing the pfx into connection server please check export private key option to fix this error
Hi, had the same problem, added local administrators group on both our connection servers on the Java key. Works just fine now!
HKLM\Software\VMware, Inc.\VMware VDM\KeyVaultCNG\java.
MrCheesecake had the solution !!
like pchapman said your RDS host would be vulnerable.
I think your best bet is to look at ThinApp to encapsulate a browser and remove access to the filesystem.
So, i'm trying to understand how can i use NSX load balancing to do both the external load balancing for the UAG and the internal load balancing for the connection servers. I know best practices would be be the In line topology, but what i am wondering is: can i make both load balancers in one EDGE? Or i would need two edges in my topology: one to be the external load balancer balacing the UAGS and another edge to be the internal load balancer to balance the connection servers?
I don't use NSX but I think you are mixing up the UAG and security servers. The security servers required a in line or 1:1 topology between the security server and the connection server. With a UAG that is no longer the case and they can be both load balanced and point to a load balanced VIP of connection servers as long as persistence is configured correctly.
I'm talking about the UAG! For external access they can have a VIP loading balancing the UAG. And between the UAG and the connections servesr i can have an interval loading balancing the connections servers. So it would be something like that:
LB External VIP (DMZ)
UAG1 --------- UAG2
LB Internal VIP (INTERNAL)
What i am trying to understand is: can LB External VIP and LB Internal VIP be configured in the same NSX EDGE? Would that make sense? Or i need two NSX EDGE, one to configure the external LB and the other to confiugre de internal LB.
Your diagram is correct and that's how our environment looks with the exception that we have additional UAG/connection servers.
I unfortunately can't speak to the need for multiple NSX edges since I'm not familiar with it. However, it's important that the VIP and subnets that the UAG and connections servers are on are all different so you can firewall between them.
This was a known issue in View 7.4 7400497 which has been fixed in View 7.5.1 onwards.
We have a closed environment so no access to the internet.
We do not have a internal CA, so we need to order a certificate from a certificate vendor.
What kind of certificate could we order, so that the clients that connect to the environment can trust the solution ?
If our domain is named private.local is that ok, or do we have to have like private.com ?
Is it ok with a wildcard certificate ?
Any good articles is also appreciated.
Thanks for reply
In November of 2015 the CA/Browser Forum (CA/B) published that public certificate authorities were supposed to stop issuing certs for internal names or private IP addresses after July 1, 2012.
You just need a simple web server cert installed on the connection servers for something like vdi.example.com using a public domain that you own.
If you have two connection servers (cs1.company.local and cs2.company.local) you could purchase a single web server cert named vdi.company.com with SAN entries for vdi.company.com, cs1.company.com and cs2.company.com (Do this regardless of if you have a load balancer). Then install that cert on the load balancer (skip this if you don't have one), both connection servers and configure split DNS to resolve vdi.company.com to the internal IP of the load balancer, cs1.company.com to the internal IP of cs1 and cs2.company.com to the internal IP of cs2. You should not create public DNS entries that resolve to the private IP address. Replacing the SSL certificate is just a matter of importing it into the cert store on each connection server, removing the "vdm" friendly name from the existing cert, adding the "vdm" friendly name to the new cert and restarting the connection server services.
Thanks for reply, and good links.
Do you own a external domain that you can purchased a SSL cert for but only use internally with split DNS?
- No this is a closed small domain with only 2 domain controllers, some file servers, horizon view installation, and 20 clients.
- There is absolutely no access to the internet, and there will not be either.
How many connection servers do you have?
- There are 2 connections servers
Do you have a load balancer?
Is tunneling enabled on the connection servers?
What display protocol are you using (Blast, PCoIP)?
What clients do you use (Horizon Client, Zero/Thin client, HTML access)?
- Thin client
If I understand this correctly there is not a solution longer to order a SSL certificate for a private.local domain ? I must change it to private.com for example ?
Or am i misunderstanding ? Certificates are not my strongest area.
So what are my options ?
Is this production or a lab? You will be vulnerable to a MiTM but you could turn off SSL checking if this is a air gaped/protected network and you don't have any compliance requirements to have certificates.
If that won't work you will need to purchase a external domain name (e.g. company.com) to then purchase a SSL cert for that domain (e.g. vdi.company.com). You will then use split DNS to point vdi.company.com to your load balancer or connection servers.
Have you got any solution for the issue mentioned.we have vmware horizon 7 and everyday morning people are calling for the desktop unavailable issue.
The desktop is pinging and even in the console it shows the user is logged in if we try a admin account.in view admin console it shows agent unreachable.
any luck for the issue mentioned.we are also facing the same issue..
I would be really grateful if someone auggestsa fix..
The only time we get that issue is if there are not enough available desktops in the pool. The user obviously is entitled to said pool or they wouldn't get that far but there may be no available desktops to pick from. Is this a dedicated or floating pool?
We have Horizon 7.2 using ESXi 6.0.0 and vCenter 6.0.0
I have multiple pools that are now experiencing 5+ minute login times and after calling VMware the initial fix was to uninstall the view agent and VMware Tools then reinstall those. That successfully increased the login times to 7+ minutes. I tried this on another pool and the login time jumped to 20+ minutes followed by an error which logged me out.
This is a production environment so, shockingly, I'm getting pressure to fix this. Any suggestions on how to drastically lower the login times?