View Administration VMware Horizon 6 Version 6.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
View Administration You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2016 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents View Administration 7 1 Using View Administrator 9 View Administrator and View Connection Server 9 Log In to View Administrator 10 Tips for Using the View Administrator Interface 10 Troubleshooting the Text Display in View Administrator 12 2 Configuring View Connection Server 13 Configuring vCenter Server and View Composer 13 Backing Up View Connection Server 25 Configuring Settings for Client Sessions 25 Disable or Enable View Connection Server 36 Edit the External URLs 36 Join or Withdraw f
View Administration 6 Maintaining View Components 89 Backing Up and Restoring View Configuration Data 89 Monitor View Components 97 Monitor Machine Status 97 Understanding View Services 98 Change the Product License Key 100 Monitoring Product License Usage 100 Update General User Information from Active Directory 101 Migrate View Composer to Another Machine 102 Update the Certificates on a View Connection Server Instance, Security Server, or View Composer Information Collected by the Customer Experience I
Contents Update Support Requests 207 Troubleshooting an Unsuccessful Security Server Pairing with View Connection Server Troubleshooting View Server Certificate Revocation Checking 208 Troubleshooting Smart Card Certificate Revocation Checking 209 Further Troubleshooting Information 209 207 13 Using the vdmadmin Command 211 vdmadmin Command Usage 213 Configuring Logging in View Agent Using the -A Option 215 Overriding IP Addresses Using the -A Option 216 Setting the Name of a View Connection Server Gr
View Administration 6 VMware, Inc.
View Administration View Administration describes how to configure and administer VMware Horizon 6™, including how to configure View Connection Server, create administrators, set up user authentication, configure policies, and manage VMware ThinApp™ applications in View Administrator. This document also describes how to maintain and troubleshoot View components. Intended Audience This information is intended for anyone who wants to configure and administer VMware Horizon 6.
View Administration 8 VMware, Inc.
Using View Administrator 1 View Administrator is the Web interface through which you configure View Connection Server and manage your remote desktops and applications. For a comparison of the operations that you can perform with View Administrator, View cmdlets, and vdmadmin, see the View Integration document.
View Administration Log In to View Administrator To perform initial configuration tasks, you must log in to View Administrator. You access View Administrator by using a secure (SSL) connection. Prerequisites n Verify that View Connection Server is installed on a dedicated computer. n Verify that you are using a Web browser supported by View Administrator. For View Administrator requirements, see the View Installation document.
Chapter 1 Using View Administrator Table 1-1 describes a few additional features that can help you to use View Administrator. Table 1‑1. View Administrator Navigation and Display Features View Administrator Feature Description Navigating backward and forward in View Administrator pages Click your browser's Back button to go to the previously displayed View Administrator page. Click the Forward button to return to the current page.
View Administration Table 1‑1. View Administrator Navigation and Display Features (Continued) View Administrator Feature Description Selecting View objects and displaying View object details In View Administrator tables that list View objects, you can select an object or display object details. n To select an object, click anywhere in the object's row in the table. At the top of the page, menus and commands that manage the object become active.
Configuring View Connection Server 2 After you install and perform initial configuration of View Connection Server, you can add vCenter Server instances and View Composer services to your View deployment, set up roles to delegate administrator responsibilities, and schedule backups of your configuration data.
View Administration 2 Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to the account in the Active Directory container in which the linked-clone computer accounts are created or to which the linked-clone computer accounts are moved.
Chapter 2 Configuring View Connection Server n Verify that all View Connection Server instances in the replicated group trust the root CA certificate for the server certificate that is installed on the vCenter Server host. Check if the root CA certificate is in the Trusted Root Certification Authorities > Certificates folder in the Windows local computer certificate stores on the View Connection Server hosts. If it is not, import the root CA certificate into the Windows local computer certificate stores.
View Administration n If the vCenter Server instance is configured with a default certificate, you must first determine whether to accept the thumbprint of the existing certificate. See “Accept the Thumbprint of a Default SSL Certificate,” on page 22. If View uses multiple vCenter Server instances, repeat this procedure to add the other vCenter Server instances.
Chapter 2 Configuring View Connection Server 3 If you are using View Composer, select the location of the View Composer host. Option Description View Composer is installed on the same host as vCenter Server. a b Select View Composer co-installed with the vCenter Server. Make sure that the port number is the same as the port that you specified when you installed the VMware Horizon View Composer service on vCenter Server. The default port number is 18443.
View Administration 5 Click OK. 6 To add domain user accounts with privileges in other Active Directory domains in which you deploy linked-clone pools, repeat the preceding steps. 7 Click Next to display the Storage Settings page. What to do next Enable virtual machine disk space reclamation and configure View Storage Accelerator for View. Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines In vSphere 5.1 and later, you can enable the disk space reclamation feature for View.
Chapter 2 Configuring View Connection Server Procedure 1 2 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page. a Select View Configuration > Servers. b On the vCenter Servers tab, click Add. c Complete the vCenter Server Information, View Composer Settings, and View Composer Domains pages. On the Storage Settings page, make sure that Enable space reclamation is selected.
View Administration Prerequisites n Verify that your vCenter Server and ESXi hosts are version 5.0 or later. In an ESXi cluster, verify that all the hosts are version 5.0 or later. n Verify that the vCenter Server user was assigned the Host > Configuration > Advanced settings privilege in vCenter Server. See the topics in the View Installation document that describe View and View Composer privileges required for the vCenter Server user.
Chapter 2 Configuring View Connection Server Table 2‑1. Concurrent Operations Limits for vCenter Server and View Composer Setting Description Max concurrent vCenter provisioning operations Determines the maximum number of concurrent requests that View Connection Server can make to provision and delete full virtual machines in this vCenter Server instance. The default value is 20. This setting applies to full virtual machines only.
View Administration Logons, and therefore desktop power on operations, typically occur in a normally distributed manner over a certain time window. You can approximate the peak power-on rate by assuming that it occurs in the middle of the time window, during which about 40% of the power-on operations occur in 1/6th of the time window. For example, if users log on between 8:00 AM and 9:00 AM, the time window is one hour, and 40% of the logons occur in the 10 minutes between 8:25 AM and 8:35 AM.
Chapter 2 Configuring View Connection Server 3 Examine the certificate thumbprint that was configured for the vCenter Server or View Composer instance. a On the vCenter Server or View Composer host, start the MMC snap-in and open the Windows Certificate Store. b Navigate to the vCenter Server or View Composer certificate. c Click the Certificate Details tab to display the certificate thumbprint. Similarly, examine the certificate thumbprint for a SAML authenticator.
View Administration Procedure 1 Remove the linked-clone desktop pools that were created by View Composer. a In View Administrator, select Catalog > Desktop Pools. b Select a linked-clone desktop pool and click Delete. A dialog box warns that you will permanently delete the linked-clone desktop pool from View. If the linked-clone virtual machines are configured with persistent disks, you can detach or delete the persistent disks. c Click OK. The virtual machines are deleted from vCenter Server.
Chapter 2 Configuring View Connection Server Backing Up View Connection Server After you complete the initial configuration of View Connection Server, you should schedule regular backups of your View and View Composer configuration data. For information about backing up and restoring your View configuration, see “Backing Up and Restoring View Configuration Data,” on page 89.
View Administration The password must contain between 1 and 128 characters. Follow your organization's best practices for generating secure passwords. Procedure 1 In View Administrator, select View Configuration > Global Settings. 2 In the Security pane, click Change data recovery password. 3 Type and retype the new password. 4 (Optional) Type a password reminder. NOTE You can also change the data recovery password when you schedule your View configuration data to be backed up.
Chapter 2 Configuring View Connection Server Table 2‑2. General Global Settings for Client Sessions (Continued) Setting Description For clients that support applications. If the user stops using the keyboard and mouse, disconnect their applications and discard SSO credentials: Protects application sessions when there is no keyboard or mouse activity on the client device. If set to After ...
View Administration Table 2‑2. General Global Settings for Client Sessions (Continued) Setting Description Enable Windows Server desktops Determines whether you can select available Windows Server 2008 R2 and Windows Server 2012 R2 machines for use as desktops. When this setting is enabled, View Administrator displays all available Windows Server machines, including machines on which View server components are installed.
Chapter 2 Configuring View Connection Server Table 2‑3. Global Security Settings for Client Sessions and Connections (Continued) Setting Description Enhanced Security Status (Readonly) Read-only field that appears when Message security mode is changed from Enabled to Enhanced. Because the change is made in phases, this field shows the progress through the phases: n Waiting for Message Bus restart is the first phase.
View Administration Table 2‑4. Message Security Mode Options (Continued) Option Description Enabled Message security mode is enabled, using a combination of message signing and encryption. JMS messages are rejected if the signature is missing or invalid, or if a message was modified after it was signed. Some JMS messages are encrypted because they carry sensitive information such as user credentials.
Chapter 2 Configuring View Connection Server The additional options that you can use depend on the command option. This topic focuses on the options for message security mode. For the other options, which relate to Cloud Pod Architecture, see the Administering View Cloud Pod Architecture document. By default, the path to the vdmutil command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin. To avoid entering the path on the command line, add the path to your PATH environment variable.
View Administration Table 2‑6. vdmutil Command Options (Continued) Option Description --listMsgBusSecStatus Lists the message bus security status for all connection servers in the local pod. --listPendingMsgSecStatus List machines preventing a transition to or from Enhanced mode. Limited to 25 entries by default. --setMsgSecMode Sets the message security mode for the local pod. --verbose Enables verbose logging. You can add this option to any other option to obtain detailed command output.
Chapter 2 Configuring View Connection Server 3 Configure use of the secure tunnel. Option Description Enable the secure tunnel Select Use Secure Tunnel connection to machine. Disable the secure tunnel Deselect Use Secure Tunnel connection to machine. The secure tunnel is enabled by default. 4 Configure use of the PCoIP Secure Gateway.
View Administration 3 Configure use of the Blast Secure Gateway. Option Description Enable the Blast Secure Gateway Select Use Blast Secure Gateway for HTML access to machine Disable the Blast secure Gateway Deselect Use Blast Secure Gateway for HTML access to machine The Blast Secure Gateway is enabled by default. 4 Click OK to save your changes. Off-load SSL Connections to Intermediate Servers Horizon Client must use HTTPS to connect to View.
Chapter 2 Configuring View Connection Server If you do not deploy security servers, or if you have a mixed network environment with some security servers and some external-facing View Connection Server instances, External URLs are required for any View Connection Server instances that connect to the intermediate server. NOTE You cannot off-load SSL connections from a PCoIP Secure Gateway (PSG) or Blast Secure Gateway.
View Administration Example: locked.properties file This file allows non-SSL HTTP connections to a View server. The IP address of the View server's clientfacing network interface is 10.20.30.40. The server uses the default port 80 to listen for HTTP connections. The value http must be lower case. serverProtocol=http serverHostNonSSL=10.20.30.
Chapter 2 Configuring View Connection Server Procedure 1 2 In View Administrator, select View Configuration > Servers. Option Action View Connection Server instance Select the View Connection Server instance on the Connection Servers tab and click Edit. Security server Select the security server on the Security Servers tab and click Edit. Type the secure tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable host name and port number.
View Administration 3 Decide whether to participate in or withdraw from the program by selecting or deselecting the Send anonymous data to VMware checkbox. 4 (Optional) If you participate, you can select the geographic location, type of business, and number of employees in your organization. 5 Click OK. View LDAP Directory View LDAP is the data repository for all View configuration information.
Setting Up Authentication 3 View uses your existing Active Directory infrastructure for user and administrator authentication and management. For added security, you can integrate View with smart card authentication. You can also use biometric authentication or two-factor authentication solutions, such as RSA SecurID and RADIUS, to authenticate remote desktop and application users.
View Administration View is certified through the RSA SecurID Ready program and supports the full range of SecurID capabilities, including New PIN Mode, Next Token Code Mode, RSA Authentication Manager, and load balancing. n Logging in Using Two-Factor Authentication on page 40 When a user connects to a View Connection Server instance that has RSA SecurID authentication or RADIUS authentication enabled, a special login dialog box appears in Horizon Client.
Chapter 3 Setting Up Authentication n For RADIUS authentication, follow the vendor's configuration documentation. Make a note of the RADIUS server's host name or IP address, the port number on which it is listening for RADIUS authentication (usually 1812), the authentication type (PAP, CHAP, MS-CHAPv1, or MS-CHAPv2) and the shared secret. You will enter these values in View Administrator. You can enter values for a primary and a secondary RADIUS authenticator.
View Administration What to do next If you have a replicated group of View Connection Server instances and you want to also set up RADIUS authentication on them, you can re-use an existing RADIUS authenticator configuration. Troubleshooting RSA SecurID Access Denial Access is denied when Horizon Client connects with RSA SecurID authentication.
Chapter 3 Setting Up Authentication Using Smart Card Authentication You can configure a View Connection Server instance or security server so that users and administrators can authenticate by using smart cards. A smart card is a small plastic card that contains a computer chip. The chip, which is like a miniature computer, includes secure storage for data, including private keys and public key certificates.
View Administration Configure Smart Card Authentication on View Connection Server To configure smart card authentication, you must obtain a root certificate and add it to a server truststore file, modify View Connection Server configuration properties, and configure smart card authentication settings. Depending on your particular environment, you might need to perform additional steps.
Chapter 3 Setting Up Authentication Obtain the CA Certificate from Windows If you have a CA-signed user certificate or a smart card that contains one, and Windows trusts the root certificate, you can export the root certificate from Windows. If the issuer of the user certificate is an intermediate certificate authority, you can export that certificate. Procedure 1 If the user certificate is on a smart card, insert the smart card into the reader to add the user certificate to your personal store.
View Administration Procedure 1 On your View Connection Server or security server host, use the keytool utility to import the root certificate, intermediate certificate, or both into the server truststore file. For example: keytool -import -alias alias -file root_certificate -keystore truststorefile.key In this command, alias is a unique case-sensitive name for a new entry in the truststore file, root_certificate is the root or intermediate certificate that you obtained or exported, and truststorefile.
Chapter 3 Setting Up Authentication What to do next If you configured smart card authentication for a View Connection Server instance, configure smart card authentication settings in View Administrator. You do not need to configure smart card authentication settings for a security server. Settings that are configured on a View Connection Server instance are also applied to a paired security server.
View Administration 3 To configure smart card authentication for remote desktop and application users, perform these steps. a b On the Authentication tab, select a configuration option from the Smart card authentication for users drop-down menu in the View Authentication section. Option Action Not allowed Smart card authentication is disabled on the View Connection Server instance.
Chapter 3 Setting Up Authentication 6 Restart the View Connection Server service. You must restart the View Connection Server service for changes to smart card settings to take effect, with one exception. You can change smart card authentication settings between Optional and Required without having to restart the View Connection Server service. Currently logged in user and administrators are not affected by changes to smart card settings.
View Administration n Add the Root Certificate to Trusted Root Certification Authorities on page 51 If you use a certification authority (CA) to issue smart card login or domain controller certificates, you must add the root certificate to the Trusted Root Certification Authorities group policy in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA.
Chapter 3 Setting Up Authentication Add the Root Certificate to Trusted Root Certification Authorities If you use a certification authority (CA) to issue smart card login or domain controller certificates, you must add the root certificate to the Trusted Root Certification Authorities group policy in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Procedure 1 On the Active Directory server, navigate to the Group Policy Management plug-in.
View Administration 2 Expand the Computer Configuration section and open the policy for Windows Settings\Security Settings\Public Key. 3 Right-click Intermediate Certification Authorities and select Import. 4 Follow the prompts in the wizard to import the intermediate certificate (for example, intermediateCA.cer) and click OK. 5 Close the Group Policy window. All of the systems in the domain now have a copy of the intermediate certificate in their intermediate certification authority store.
Chapter 3 Setting Up Authentication n If smart card users use the PCoIP protocol to connect to single-session desktops, verify that the View Agent PCoIP Smartcard feature is installed on the single-user machines. The PCoIP Smartcard feature lets users log in to single-session desktops with smart cards using the PCoIP protocol. RDS hosts, which have the Remote Desktop Services role installed, support the PCoIP Smartcard feature automatically and you do not need to install the feature.
View Administration To delegate responsibility for authentication to Workspace Portal, you must create a SAML authenticator in View. A SAML authenticator contains the trust and metadata exchange between View and Workspace Portal. You associate a SAML authenticator with a View Connection Server instance.
Chapter 3 Setting Up Authentication 3 On the Authentication tab, select a setting from the Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator) drop-down menu to enable or disable the SAML authenticator. Option Description Disabled SAML authentication is disabled. You can launch remote desktops and applications only from Horizon Client. Allowed SAML authentication is enabled.
View Administration Change the Expiration Period for Service Provider Metadata If you do not change the expiration period, View Connection Server will stop accepting SAML assertions from the SAML authenticator, such as Access Point or a third-party identity provider, after 24 hours, and the metadata exchange must be repeated. Use this procedure to specify the number of days that can elapse before View Connection Server stops accepting SAML assertions from the identity provider.
Chapter 3 Setting Up Authentication n Logging in with CRL Checking on page 57 When you configure CRL checking, View constructs and reads a CRL to determine the revocation status of a user certificate. n Logging in with OCSP Certificate Revocation Checking on page 57 When you configure OCSP certificate revocation checking, View sends a request to an OCSP Responder to determine the revocation status of a specific user certificate.
View Administration 2 3 Add the enableRevocationChecking and crlLocation properties to the locked.properties file. a Set enableRevocationChecking to true to enable smart card certificate revocation checking. b Set crlLocation to the location of the CRL. The value can be a URL or a file path. Restart the View Connection Server service or security server service to make your changes take effect. Example: locked.
Chapter 3 Setting Up Authentication Smart Card Certificate Revocation Checking Properties You set values in the locked.properties file to enable and configure smart card certificate revocation checking. Table 3-1 lists the locked.properties file properties for certificate revocation checking. Table 3‑1. Properties for Smart Card Certificate Revocation Checking Property Description enableRevocationChecking Set this property to true to enable certificate revocation checking.
View Administration n On the client system, user credentials are encrypted and stored in a table in the Authentication Package, which is a component of Horizon Client. The credentials are added to the table when the user logs in and are removed from the table when the user logs out. The table resides in volatile memory. Administrators can use Horizon Client group policy settings to control the availability of the Log in as current user check box and to specify its default value.
Chapter 3 Setting Up Authentication 4 On the object CN=Common, OU=Global, OU=Properties, edit the pae-ClientConfig attribute and add the value clientCredentialCacheTimeout=. When clientCredentialCacheTimeout is not set or is set to 0, the feature is disabled. To enable this feature, you can set the number of minutes to retain the credential information, or set a value of -1, meaning that there is no timeout. NOTE The parameter name clientCredentialCacheTimeout is case-sensitive.
View Administration 62 VMware, Inc.
Configuring Role-Based Delegated Administration 4 One key management task in a View environment is to determine who can use View Administrator and what tasks those users are authorized to perform. With role-based delegated administration, you can selectively assign administrative rights by assigning administrator roles to specific Active Directory users and groups.
View Administration To create administrators, you select users and groups from your Active Directory users and groups and assign administrator roles. Administrators obtain privileges through their role assignments. You cannot assign privileges directly to administrators. An administrator that has multiple role assignments acquires the sum of all the privileges contained in those roles.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑1. Different Administrators for Different Access Groups Administrator Role Access Group view-domain.com\Admin1 Inventory Administrators /CorporateDesktops view-domain.com\Admin2 Inventory Administrators /DeveloperDesktops In this example, the administrator called Admin1 has the Inventory Administrators role on the access group called CorporateDesktops and the administrator called Admin2 has the Inventory Administrators role on the a
View Administration Table 4‑4. Permissions on the Folders Tab for MarketingDesktops Admin Role Inherited view-domain.com\Admin1 Inventory Administrators view-domain.com\Admin1 Administrators (Read only) Yes The first permission is the same as the first permission shown in Table 4-3. The second permission is inherited from the second permission shown in Table 4-3.
Chapter 4 Configuring Role-Based Delegated Administration n To assign a custom role to the administrator, create the custom role. See “Add a Custom Role,” on page 72. n To create an administrator that can manage specific desktop pools, create an access group and move the desktop pools to that access group. See “Manage and Review Access Groups,” on page 69. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Administrators and Groups tab, click Add User or Group.
View Administration n Delete a Permission on page 68 You can delete a permission that includes a specific administrator user or group, a specific role, or a specific access group. n Review Permissions on page 69 You can review the permissions that include a specific administrator or group, a specific role, or a specific access group. Add a Permission You can add a permission that includes a specific administrator user or group, a specific role, or a specific access group.
Chapter 4 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 Select the permission to delete. 3 Option Action Delete a permission that applies to a specific administrator or group Select the administrator or group on the Administrators and Groups tab. Delete a permission that applies to a specific role Select the role on the Roles tab.
View Administration n Review the vCenter Virtual Machines in an Access Group on page 71 You can see the vCenter virtual machines in a particular access group in View Administrator. A vCenter virtual machine inherits the access group from its pool. Add an Access Group You can delegate the administration of specific machines, desktop pools, or farms to different administrators by creating access groups. By default, desktop pools, application pools, and farms reside in the root access group.
Chapter 4 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Access Groups tab, select the access group and click Remove Access Group. 3 Click OK to remove the access group. Review the Desktop Pools, Application Pools, or Farms in an Access Group You can see the desktop pools, the application pools, or the farms in a particular access group in View Administrator.
View Administration Add a Custom Role If the predefined administrator roles do not meet your needs, you can combine specific privileges to create your own roles in View Administrator. Prerequisites Familiarize yourself with the administrator privileges that you can use to create custom roles. See “Predefined Roles and Privileges,” on page 73. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Roles tab, click Add Role.
Chapter 4 Configuring Role-Based Delegated Administration Predefined Roles and Privileges View Administrator includes predefined roles that you can assign to your administrator users and groups. You can also create your own administrator roles by combining selected privileges. n Predefined Administrator Roles on page 73 The predefined administrator roles combine all of the individual privileges required to perform common administration tasks. You cannot modify the predefined roles.
View Administration Table 4‑6. Predefined Roles in View Administrator Role User Capabilities Administrators Perform all administrator operations, including creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role can configure and manage a pod federation and manage remote pod sessions.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑6. Predefined Roles in View Administrator (Continued) Applies to an Access Group Role User Capabilities Local Administrators Perform all local administrator operations, except for creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role cannot perform operations on the Global Data Layer or manage sessions on remote pods.
View Administration Object-Specific Privileges Object-specific privileges control operations on specific types of inventory objects. Roles that contain objectspecific privileges can be applied to access groups. Table 4-8 describes the object-specific privileges. The predefined roles Administrators and Inventory Administrators contain all of these privileges. Table 4‑8. Object-Specific Privileges Privilege User Capabilities Object Enable Farms and Desktop Pools Enable and disable desktop pools.
Chapter 4 Configuring Role-Based Delegated Administration Required Privileges for Common Tasks Many common administration tasks require a coordinated set of privileges. Some operations require permission at the root access group in addition to access to the object that is being manipulated. Privileges for Managing Pools An administrator must have certain privileges to manage pools in View Administrator.
View Administration Table 4‑12. Persistent Disk Management Tasks and Privileges Task Required Privileges Detach a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the pool. Attach a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the machine. Edit a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the selected pool.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑14. Privileges for General Administration Tasks and Commands (Continued) Task Required Privileges Use the vdmadmin and vdmimport commands Must have the Administrators role on the root access group. Use the vdmexport command Must have the Administrators role or the Administrators (Read only) role on the root access group.
View Administration 80 VMware, Inc.
Configuring Policies in View Administrator and Active Directory 5 You can use View Administrator to set policies for client sessions. You can configure Active Directory group policy settings to control the behavior of View Connection Server, the PCoIP display protocol, and View logging and performance alarms. You can also configure Active Directory group policy settings to control the behavior of View Agent, Horizon Client for Windows, View Persona Management, and certain features.
View Administration n View Policies on page 83 You can configure View policies to affect all client sessions, or you can apply them to affect specific desktop pools or users. Configure Global Policy Settings You can configure global policies to control the behavior of all client sessions users. Prerequisites Familiarize yourself with the policy descriptions. See “View Policies,” on page 83. Procedure 1 In View Administrator, select Policies > Global Policies.
Chapter 5 Configuring Policies in View Administrator and Active Directory 5 Select one or more users from the list, click OK, and then click Next. The Add Individual Policy dialog box appears. 6 Configure the View policies and click Finish to save your changes. View Policies You can configure View policies to affect all client sessions, or you can apply them to affect specific desktop pools or users. Table 5-1 describes each View policy setting. Table 5‑1.
View Administration n The User Configuration policies set policies that apply to all users, regardless of the remote desktop or application they connect to. User Configuration policies override equivalent Computer Configuration policies. Microsoft Windows applies policies at desktop startup and when users log in. View ADM and ADMX Template Files The View ADM and ADMX template files provide group policy settings that let you control and optimize View components. Table 5‑2.
Chapter 5 Configuring Policies in View Administrator and Active Directory Table 5‑2. View ADM and ADMX Template Files (Continued) Template Name Template File Description Scanner Redirection vdm_agent_scanner.adm Contains policy settings related to scanning devices that are redirected for use in remote desktops and applications. See the Setting Up Desktop and Application Pools in View document. Serial Port Redirection vdm_agent_serialport.
View Administration Table 5‑4. View Common Configuration Template: Log Configuration Settings (Continued) Setting Properties Maximum debug log size in Megabytes Specifies the maximum size in megabytes that a debug log can reach before the log file is closed and a new log file is created. Log Directory Specifies the full path to the directory for log files. If the location is not writeable, the default location is used. For client log files, an extra directory with the client name is created.
Chapter 5 Configuring Policies in View Administrator and Active Directory Table 5‑5. View Common Configuration Template: Performance Alarm Settings (Continued) Setting Properties Process memory usage percentage to issue log info Specifies the threshold at which the memory usage of any individual process is logged. Process to check, comma separated name list allowing wild cards and exclusion Specifies a comma-separated list of queries that correspond to the name of one or more processes to be examined.
View Administration 88 VMware, Inc.
Maintaining View Components 6 To keep your View components available and running, you can perform a variety of maintenance tasks.
View Administration You can perform backups in several ways. n Schedule automatic backups by using the View configuration backup feature. n Initiate a backup immediately by using the Backup Now feature in View Administrator. n Manually export View LDAP data by using the vdmexport utility. This utility is provided with each instance of View Connection Server.
Chapter 6 Maintaining View Components View Configuration Backup Settings View can back up your View Connection Server and View Composer configuration data at regular intervals. In View Administrator, you can set the frequency and other aspects of the backup operations. Table 6‑1. View Configuration Backup Settings Setting Description Automatic backup frequency Every Hour. Backups take place every hour on the hour. Every 6 Hours. Backups take place at midnight, 6 am, noon, and 6 pm. Every 12 Hours.
View Administration 2 At the command prompt, type the vdmexport command and redirect the output to a file. For example: vdmexport > Myexport.LDF By default, the exported data is encrypted. You can specify the output file name as an argument to the -f option. For example: vdmexport -f Myexport.LDF You can export the data in plain text format (verbatim) by using the -v option. For example: vdmexport -f Myexport.
Chapter 6 Maintaining View Components If you backed up your View LDAP configuration by using View Administrator or the default vdmexport command, the exported LDIF file is encrypted. You must decrypt the LDIF file before you can import it. If the exported LDIF file is in plain text format, you do not have to decrypt the file. NOTE Do not import an LDIF file in cleansed format, which is plain text with passwords and other sensitive data removed.
View Administration 11 Log in to View Administrator and validate that the configuration is correct. 12 Start the View Composer instances. 13 Reinstall the replica server instances. 14 Start the security server instances. If there is a risk that the security servers have inconsistent configuration, they should also be uninstalled rather than stopped and then reinstalled at the end of the process.
Chapter 6 Maintaining View Components 2 On the computer where View Composer is installed, stop the VMware Horizon View Composer service. 3 Open a Windows command prompt and navigate to the SviConfig executable file. The file is located with the View Composer application. The default path is C:\Program Files (x86)\VMware\VMware View Composer\sviconfig.exe. 4 Run the SviConfig restoredata command.
View Administration Familiarize yourself with the SviConfig exportdata parameters: n DsnName - The DSN that is used to connect to the database. If it is not specified, DSN name, user name and password will be retrieved from server configuration file. n Username - The user name that is used to connect to the database. If this parameter is not specified, Windows authentication is used. n Password - The password for the user that connects to the database.
Chapter 6 Maintaining View Components Monitor View Components You can quickly survey the status of the View and vSphere components in your View deployment by using the View Administrator dashboard. View Administrator displays monitoring information about View Connection Server instances, the event database, security servers, View Composer services, datastores, vCenter Server instances, and domains. NOTE View cannot determine status information about Kerberos domains.
View Administration The Machines page displays all machines with the selected status. What to do next You can click a machine name to see details about the machine or click the View Administrator back arrow to return to the Dashboard page. Understanding View Services The operation of View Connection Server instances and security servers depends on several services that run on the system.
Chapter 6 Maintaining View Components Services on a View Connection Server Host The operation of View depends on several services that run on a View Connection Server host. Table 6‑4. View Connection Server Host Services Service Name Startup Type Description VMware Horizon 6 Blast Secure Gateway Automatic Provides secure HTML Access services. This service must be running if clients connect to View Connection Server through the HTML Access Secure Gateway.
View Administration Table 6‑5. Security Server Services (Continued) Service Name Startup Type Description VMware Horizon 6 PCoIP Secure Gateway Manual Provides PCoIP Secure Gateway services. This service must be running if clients connect to this security server through the PCoIP Secure Gateway. VMware Horizon 6 Security Gateway Component Manual Provides common gateway services. This service must always be running.
Chapter 6 Maintaining View Components For named users, View counts the number of unique users that have accessed the View environment. If a named user runs multiple single-user desktops, RDS desktops, and remote applications, the user is counted once. For named users, the Current column on the Product Licensing and Usage page displays the number of users since your View deployment was first configured or since you last reset the Named Users Count. The Highest column is not applicable to named users.
View Administration You can also use the vdmadmin command to update user and domain information. See “Updating Foreign Security Principals Using the -F Option,” on page 218. Prerequisites Verify that you can log in to View Administrator as an administrator with the Manage Global Configuration and Policies privilege. Procedure 1 In View Administrator, click Users and Groups. 2 Choose whether to update information for all users or an individual user.
Chapter 6 Maintaining View Components Guidelines for Migrating View Composer The steps you take to migrate the VMware Horizon View Composer service depend on whether you intend to preserve existing linked-clone virtual machines. To preserve the linked-clone virtual machines in your deployment, the VMware Horizon View Composer service that you install on the new virtual or physical machine must continue to use the existing View Composer database.
View Administration n Familiarize yourself with installing the VMware Horizon View Composer service. See "Installing View Composer" in the View Installation document. n Familiarize yourself with configuring an SSL certificate for View Composer. See "Configuring SSL Certificates for View Servers" in the View Installation document. n Familiarize yourself with configuring View Composer in View Administrator.
Chapter 6 Maintaining View Components Migrate View Composer Without Linked-Clone Virtual Machines If the current VMware Horizon View Composer service does not manage any linked-clone virtual machines, you can migrate View Composer to a new physical or virtual machine without migrating the RSA keys to the new machine. The migrated VMware Horizon View Composer service can connect to the original View Composer database, or you can prepare a new database for View Composer.
View Administration e In the Domains pane, click Verify Server Information and add or edit the View Composer domains as needed. f Click OK. Prepare a Microsoft .NET Framework for Migrating RSA Keys To use an existing View Composer database, you must migrate the RSA key container between machines. You migrate the RSA key container by using the ASP.NET IIS registration tool provided with the Microsoft .NET Framework. Prerequisites Download the .NET Framework and read about the ASP.
Chapter 6 Maintaining View Components 5 Type the aspnet_regiis command to migrate the RSA key pair data. aspnet_regiis -pi "SviKeyContainer" "path\keys.xml" -exp where path is the path to the exported file. The -exp option creates an exportable key pair. If a future migration is required, the keys can be exported from this machine and imported to another machine.
View Administration 3 4 For View Connection Server or security server, add the certificate Friendly name, vdm, to the new certificate that is replacing the previous certificate. a Right-click the new certificate and click Properties b On the General tab, in the Friendly name field, type vdm. c Click Apply and click OK. For a server certificate that is issued to View Composer, run the SviConfig ReplaceCertificate utility to bind the new certificate to the port used by View Composer.
Chapter 6 Maintaining View Components How VMware Ensures Your Privacy VMware is committed to protecting your privacy and takes several steps to ensure that no data collected by the customer experience improvement program (CEIP) includes sensitive information that could uniquely identify a particular customer or user. The program does not collect any information that can be used to identify you or contact you. No data that identifies your organization or users is collected.
View Administration Additional Information About the Customer Experience Improvement Program After you choose to participate in the CEIP, data is collected on the first View Connection Server instance that starts in a View deployment. Configuration data is collected on a weekly basis. Performance and usage data is collected on an hourly basis.
Chapter 6 Maintaining View Components Table 6‑6.
View Administration Table 6‑8.
Chapter 6 Maintaining View Components Table 6‑9.
View Administration Table 6‑10. Dynamic Usage Data Collected from View Connection Server (Continued) Is This Field Made Anonymous? Example Value Number of times application connections have been launched for a user who is entitled to n number of applications No List of integers Number of times n protocol (such as PCoIP) sessions have been in existence when a user launches another application.
Chapter 6 Maintaining View Components Table 6‑12.
View Administration Table 6‑12.
Chapter 6 Maintaining View Components Table 6‑12.
View Administration Table 6‑13.
Chapter 6 Maintaining View Components Table 6‑14.
View Administration Table 6‑18. ESX Node Information Description Identifier of the vCenter Server that manages a particular ESXi host, along with an identifier for the ESXi host Is This Field Made Anonymous? No Example Value 1234-ADEE-BECF-41AA-4950BCDAhost-14 Table 6‑19.
Chapter 6 Maintaining View Components Cloud Pod Architecture Information Collected by VMware If you join the customer experience improvement program, VMware collects data from certain Cloud Pod Architecture fields. Fields containing sensitive information are made anonymous. Table 6‑21.
View Administration Table 6‑22. Data Collected from Horizon Clients for the Customer Experience Improvement Program Is This Field Made Anonymous ? Example Value Company that produced the Horizon Client application No VMware Product name No VMware Horizon Client Client product version No (The format is x.x.x-yyyyyy, where x.x.x is the client version number and yyyyyy is the build number.
Chapter 6 Maintaining View Components Table 6‑22. Data Collected from Horizon Clients for the Customer Experience Improvement Program (Continued) Description Is This Field Made Anonymous ? MB of memory on the host system No Example Value Examples include the following: 4096 n unknown (for Windows Store) n Number of USB devices connected No 2 (USB device redirection is supported only for Linux, Windows, and Mac OS X clients.
View Administration Table 6‑23. Client Data Collected for the Customer Experience Improvement Program (Continued) Description Field name Is This Field Made Anonymous ? Native architecture of the browser No Example Value Examples include the following values: n Win32 n Win64 n MacIntel n Browser user agent string No Examples include the following values: n Mozilla/5.0 (Windows NT 6.1; WOW64) n AppleWebKit/703.00 (KHTML, like Gecko) n n n 124 iPad Chrome/3.0.
Managing Linked-Clone Desktop Virtual Machines 7 With View Composer, you can update linked-clone desktop virtual machines, reduce the size of their operating system data, and rebalance the linked-clone virtual machines among disk drives. You also can manage the View Composer persistent disks associated with linked clones.
View Administration 2 Select the desktop pool to refresh by double-clicking the pool ID in the left column. 3 Choose whether to refresh multiple virtual machines or a single virtual machine. Option Action To refresh all virtual machines in the desktop pool a b c d e To refresh a single virtual machine a b c 4 In View Administrator, select Catalog > Desktop Pools. Select the desktop pool to refresh by double-clicking the pool ID in the left column. On the Inventory tab, click Machines.
Chapter 7 Managing Linked-Clone Desktop Virtual Machines n A refresh preserves the unique computer information set up by QuickPrep or Sysprep. You do not need to rerun Sysprep after a refresh to restore the SID or the GUIDs of third-party software installed in the system drive. n After you recompose a linked clone, View takes a new snapshot of the linked clone's OS disk. Future refresh operations restore the OS data to that snapshot, not the one originally taken when the linked clone was first created.
View Administration Procedure 1 In vCenter Server, update the parent virtual machine for the recomposition. n Install OS patches or service packs, new applications, application updates, or make other changes in the parent virtual machine. n Alternatively, prepare another virtual machine to be selected as the new parent during the recomposition. 2 In vCenter Server, power off the updated or new parent virtual machine. 3 In vCenter Server, take a snapshot of the parent virtual machine.
Chapter 7 Managing Linked-Clone Desktop Virtual Machines Procedure 1 Choose whether to recompose the whole desktop pool or a single machine. Option Action To recompose all virtual machines in the desktop pool a b c d e To recompose selected virtual machines a b c 2 In View Administrator, select Catalog > Desktop Pools. Select the desktop pool to recompose by double-clicking the pool ID in the left column. On the Inventory tab, click Machines.
View Administration Desktop recompositions do not affect View Composer persistent disks. Apply these guidelines to recompositions: n You can recompose dedicated-assignment and floating-assignment desktop pools. n You can recompose a desktop pool on demand or as a scheduled event. You can schedule only one recomposition at a time for a given set of linked clones. Before you can schedule a new recomposition, you must cancel any previously scheduled task or wait until the previous operation is completed.
Chapter 7 Managing Linked-Clone Desktop Virtual Machines 2 Recompose the desktop pool again. View Composer creates a base image from the snapshot and recreates the linked-clone OS disks. View Composer persistent disks that contain user data and settings are preserved during the recomposition. Depending on the conditions of the incorrect recomposition, you might refresh or rebalance the linked clones instead of or in addition to recomposing them.
View Administration Procedure 1 Choose whether to rebalance the whole pool or a single virtual machine. Option Action To rebalance all virtual machines in the pool a b c d e To rebalance a single virtual machine a b c 2 In View Administrator, select Catalog > Desktop Pools. Select the pool to rebalance by double-clicking the pool ID in the left column. On the Inventory tab, click Machines. Use the Ctrl or Shift keys to select multiple all the machine IDs in the left column.
Chapter 7 Managing Linked-Clone Desktop Virtual Machines n If you edit a pool and change the host or cluster and the datastores on which linked clones are stored, you can only rebalance the linked clones if the newly selected host or cluster has full access to both the original and the new datastores. All hosts in the new cluster must have access to the original and new datastores.
View Administration An original persistent disk has a filename with a user-disk label: desktop_name-vdm-user-disk-D-ID.vmdk. An original disposable-data disk has a filename with a disposable label: desktop_name-vdm-disposable- ID.vmdk. After a rebalance operation moves a linked clone to a new datastore, vCenter Server uses a common filename syntax for both types of disks: desktop_name_n.vmdk.
Chapter 7 Managing Linked-Clone Desktop Virtual Machines 3 Choose where to store the persistent disk. Option Description Use current datastore Store the persistent disk on the datastore where it is currently located. Use the following datastore Select a new datastore on which to store the persistent disk. Click Browse, click the down arrow, and select a new datastore from the Choose a Datastore menu. You cannot select a local datastore to store a detached persistent disk.
View Administration What to do next Make sure that the user of the linked clone has sufficient privileges to use the attached secondary disk. For example, if the original user had certain access permissions on the persistent disk, and the persistent disk is attached as drive D on the new linked clone, the new user of the linked clone must have the original user's access permissions on drive D.
Chapter 7 Managing Linked-Clone Desktop Virtual Machines To move a detached persistent disk from non-Virtual SAN to Virtual SAN, you can recreate the disk on a virtual machine that is stored on a non-Virtual SAN datastore and rebalance the virtual machine's desktop pool to a Virtual SAN datastore. Procedure 1 In View Administrator, select Resources > Persistent Disks. 2 On the Detached tab, select the persistent disk and click Recreate Machine.
View Administration Delete a Detached View Composer Persistent Disk When you delete a detached persistent disk, you can remove the disk from View and leave it on the datastore or delete the disk from View and the datastore. Procedure 1 In View Administrator, select Resources > Persistent Disks. 2 On the Detached tab, select the persistent disk and click Delete. 3 Choose whether to delete the disk from the datastore or let it remain on the datastore after it is removed from View.
Managing Desktop Pools, Machines, and Sessions 8 In View Administrator, you can manage desktop pools, virtual machine-based desktops, physical machinebased desktops, desktop sessions, and application sessions.
View Administration Modifying Settings in an Existing Desktop Pool After you create a desktop pool, you can change certain configuration settings. Table 8‑1. Editable Settings in an Existing Desktop Pool 140 Configuration Tab Description General Edit desktop pool-naming options and storage policy management settings. Storage policy management settings determine whether to use a Virtual SAN datastore. If you do not use Virtual SAN, you can select separate datastores for replica and OS disks.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑1. Editable Settings in an Existing Desktop Pool (Continued) Configuration Tab Description Advanced Storage > Use native NFS snapshots (VAAI) If you select or deselect Use native NFS snapshots (VAAI), the new setting only affects virtual machines that are created after the settings are changed. You can change existing virtual machines to become native NFS snapshot clones by recomposing and, if needed, rebalancing the desktop pool.
View Administration Change the Size of an Automated Pool Provisioned by a Naming Pattern When you provision an automated desktop pool by using a naming pattern, you can increase or decrease the size of the pool by changing the maximum number of machines. Prerequisites n Verify that you provisioned the desktop pool by using a naming pattern. If you specify machine names manually, see “Add Machines to an Automated Pool Provisioned by a List of Names,” on page 142.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Procedure 1 Create a text file that contains the list of additional machine names. If you intend to add only a few machines, you can type the machine names directly in the Add Desktop Pool wizard. You do not have to create a separate text file. 2 In View Administrator, select Catalog > Desktop Pools. 3 Select the desktop pool to be expanded. 4 Click Edit. 5 Click the Provisioning Settings tab. 6 Click Add Machines.
View Administration Disable or Enable Provisioning in an Automated Desktop Pool When you disable provisioning in an automated desktop pool, View stops provisioning new virtual machines for the pool. After you disable provisioning, you can enable provisioning again. Before you change a desktop pool's configuration, you can disable provisioning to ensure that no new machines are created with the old configuration.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑3. Adobe Flash Quality Settings Quality Setting Description Do not control Quality is determined by Web page settings. Low This setting results in the most bandwidth savings. Medium This setting results in moderate bandwidth savings. High This setting results in the least bandwidth savings. If no maximum level of quality is specified, the system defaults to a value of Low.
View Administration 3 Choose how to delete the desktop pool. Pool Options Automated desktop pool of linked clones without persistent disks. No available options. View deletes all virtual machines from disk. Users' sessions to their remote desktops are terminated. Automated desktop pool of linked clones with persistent disks. Choose whether to detach or delete the persistent disks when the linkedclone virtual machines are deleted.
Chapter 8 Managing Desktop Pools, Machines, and Sessions You can also use the vdmadmin command to assign machines to users. See “Assigning Dedicated Machines Using the -L Option,” on page 222. Prerequisites n Verify that the remote desktop virtual machine belongs to a dedicated-assignment pool. In View Administrator, the desktop pool assignment appears in the Desktop Pool column the Machines page.
View Administration 5 Repeat Step 2 through Step 4 for all virtual machines that you want to customize. 6 Select the customized machines and select Exit Maintenance Mode from the More Commands dropdown menu. The modified virtual-machine desktops are available to users. Monitor Virtual-Machine Desktop Status You can quickly survey the status of virtual-machine desktops in your View deployment by using the View Administrator dashboard.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑5. Status of Virtual Machines That Are Managed by vCenter Server (Continued) Status Description Startup View Agent has started on the virtual machine, but other required services such as the display protocol are still starting. For example, View Agent cannot establish an RDP connection with client computers until RDP has finished starting. The View Agent startup period allows other processes such as protocol services to start up as well.
View Administration While a machine is in a particular state, it can be subject to further conditions. View Administrator displays these conditions as suffixes to the machine state. For example, View Administrator might display the Customizing (missing) state. Table 8-6 shows these additional conditions. Table 8‑6. Machine Status Conditions Condition Description Missing The virtual machine is missing in vCenter Server.
Chapter 8 Managing Desktop Pools, Machines, and Sessions 4 Choose how to delete the virtual-machine desktop. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
View Administration Add an Unmanaged Machine to a Manual Pool You can increase the size of a manual desktop pool by adding unmanaged machines to the pool. Prerequisites Verify that View Agent is installed on the unmanaged machine. For information about preparing an unmanaged machine, see "Install View Agent on an Unmanaged Machine" in the Setting up Desktop and Application Pools in View document. Procedure 1 In View Administrator, select Catalog > Desktop Pools.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Prerequisites Verify that the registered machines that you want to remove are not being used in any desktop pool. Procedure 1 In View Administrator, select View Configuration > Registered Machines. 2 Click the Others tab. 3 Select one or more machines and click Remove. You can select only machines that are not being used by a desktop pool. 4 Click OK to confirm.
View Administration Table 8‑7. Status of Unmanaged Machines (Continued) Status Description Unknown The machine is in an unknown state. Available The desktop-source computer is powered on and the desktop is ready for a connection. In a dedicated pool, the desktop is assigned to a user. The desktop starts when the user logs in. Connected The desktop is in a session and has a remote connection to a Horizon Client device.
Chapter 8 Managing Desktop Pools, Machines, and Sessions When you export a View Administrator table, it is saved as a comma-separated value (CSV) file. This feature exports the entire table, not individual pages. Procedure 1 In View Administrator, display the table you want to export. For example, click Resources > Machines to display the machines table. 2 Click the export icon in the upper right corner of the table. When you point to the icon, the Export table contents tooltip appears.
View Administration 156 VMware, Inc.
Managing Application Pools, Farms, and RDS Hosts 9 In View Administrator, you can perform management operations such as configuring or deleting desktop pools, farms, or RDS hosts.
View Administration Delete an Application Pool When you delete an application pool, users can no longer launch the application in the pool. You can delete an application pool even if users are currently accessing the application. After the users close the application, they can no longer access the application. Procedure 1 In View Administrator, select Catalog > Application Pools. 2 Select one or more application pools and click Delete. 3 Click OK to confirm.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Disable or Enable a Farm When you disable a farm, users can no longer launch RDS desktops or applications from the RDS desktop pools and the application pools that are associated with the farm. Users can continue to use RDS desktops and applications that are currently open. You can disable a farm if you plan to do maintenance on the RDS hosts in the farm or on the RDS desktop and application pools that are associated with the farm.
View Administration Selecting the Stop at first error option does not affect customization. If a customization error occurs on a linked clone, other clones continue to be provisioned and customized. n Verify that provisioning is enabled. When provisioning is disabled, View stops the machines from being customized after they are recomposed. n If your deployment includes replicated View Connection Server instances, verify that all instances are the same version.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Managing RDS Hosts You can manage RDS hosts that you set up manually and RDS hosts that are created automatically when you add an automated farm. When you manually set up an RDS host, it automatically registers with View Connection Server. You cannot manually register an RDS host with View Connection Server. See "Setting Up Remote Desktop Session Hosts" in the Setting Up Desktop and Application Pools in View document.
View Administration Remove an RDS Host from a Farm You can remove an RDS host from a manual farm to reduce the scale of the farm, to perform maintenance on the RDS host, or for other reasons. As a best practice, disable the RDS host and ensure that users are logged off from active sessions before you remove a host from a farm. If users have application or desktop sessions on hosts that you remove, the sessions remain active, but View no longer keeps track of them.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts 6 Click OK. If you enable the RDS host, a check mark appears in the Enabled column, and Available appears in the Status column. If you disable the RDS host, the Enabled column is empty and Disabled appears in the Status column. Monitor RDS Hosts You can monitor the status and view the properties of RDS hosts in View Administrator. Procedure u In View Administrator, navigate to the page that displays the properties that you want to view.
View Administration Table 9‑1. Status of an RDS Host (Continued) Status Description Disabled Process of disabling the RDS host is complete. Validating Occurs after View Connection Server first becomes aware of the RDS host, typically after View Connection Server is started or restarted, and before the first successful communication with View Agent on the RDS host. Typically, this state is transient. This state is not the same as the Agent unreachable state, which indicates a communication problem.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Configuring Load Balancing for RDS Hosts By default, View Connection Server uses the current session count and limit to balance the placement of new application sessions on RDS hosts. You can override this default behavior and control the placement of new application sessions by writing and configuring load balancing scripts. A load balancing script returns a load value.
View Administration Writing a Load Balancing Script for an RDS Host You can write a load balancing script to generate a load value based on any RDS host metric that you want to use for load balancing. You can also write a simple load balancing script that returns a fixed load value. Your load balancing script must return a single number from 0 to 3. For descriptions of the valid load values, see “Load Values and Mapped Load Preferences,” on page 165.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Enable the VMware Horizon View Script Host Service on an RDS Host You must enable the VMware Horizon View Script Host service on an RDS host before you configure a load balancing script. The VMware Horizon View Script Host service is disabled by default. Procedure 1 Log in to the RDS host as an administrator. 2 Start Server Manager. 3 Select Tools > Services and navigate to the VMware Horizon View Script Host service.
View Administration 7 Right-click the entry for the new string value you created and select Modify. 8 In the Value data text box, type the command line that invokes your load balancing script and click OK. Type the full path to your load balancing script. For example: cscript.exe "C:\Program Files\VMware\VMware View Agent\scripts\cpuutilisation.vbs" 9 Restart the VMware Horizon View Agent service on the RDS host to make your changes take effect.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts 2 3 4 5 RDS Host Load Preference 3 HIGH 4 MED 5 BLOCK 6 LOW View sorts the RDS hosts into three buckets according to load preference. View discards RDS host 5 because View Agent reported a load preference of BLOCK.
View Administration Example 2: Existing User Session This example illustrates how session placement might occur for a farm that contains six RDS hosts when a user session currently exists on one of the RDS hosts. An RDS host that contains a session in which a user has previously run an application is always reused for the same application. 1 2 3 4 A user session already exists on RDS host 3. RDS host 3 has a load preference of MED.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts View Connection Server sends the anti-affinity rule to View Agent on an RDS host. If any applications running on the RDS host have process names that match the application matching pattern, View Agent counts the current number of instances of those applications and compares the number to the maximum count. If the maximum count is exceeded, View Connection Server skips that RDS host when it selects an RDS host to run new sessions of the application.
View Administration 172 VMware, Inc.
Managing ThinApp Applications in View Administrator 10 You can use View Administrator to distribute and manage applications packaged with VMware ThinApp. Managing ThinApp applications in View Administrator involves capturing and storing application packages, adding ThinApp applications to View Administrator, and assigning ThinApp applications to machines and desktop pools. You must have a license to use the ThinApp management feature in View Administrator.
View Administration n Make sure that a disjoint namespace does not prevent domain member computers from accessing the network share that hosts the MSI packages. A disjoint namespace occurs when an Active Directory domain name is different from the DNS namespace that is used by machines in that domain. See VMware Knowledge Base (KB) article 1023309 for more information. n To run streamed ThinApp applications on remote desktops, users must have access to the network share that hosts the MSI packages.
Chapter 10 Managing ThinApp Applications in View Administrator Procedure 1 Start the ThinApp Setup Capture wizard and follow the prompts in the wizard. 2 When the ThinApp Setup Capture wizard prompts you for a project location, select Build MSI package. 3 If you plan to stream the application to remote desktops, set the MSIStreaming property to 1 in the package.ini file.
View Administration Procedure 1 In View Administrator, select View Configuration > ThinApp Configuration and click Add Repository. 2 Type a display name for the application repository in the Display name text box. 3 Type the path to the Windows network share that hosts your application packages in the Share path text box. The network share path must be in the form \\ServerComputerName\ShareName where ServerComputerName is the DNS name of the server computer. Do not specify an IP address.
Chapter 10 Managing ThinApp Applications in View Administrator Creating ThinApp templates is optional. NOTE If you add an application to a ThinApp template after assigning the template to a machine or desktop pool, View Administrator does not automatically assign the new application to the machine or desktop pool. If you remove an application from a ThinApp template that was previously assigned to a machine or desktop pool, the application remains assigned to the machine or desktop pool.
View Administration n Assign a ThinApp Application to Multiple Desktop Pools on page 180 You can assign a particular ThinApp application to one or more desktop pools. n Assign Multiple ThinApp Applications to a Desktop Pool on page 180 You can assign one more ThinApp applications to a particular desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator 2 Select Assign Machines from the Add Assignment drop-down menu. The machines that the ThinApp application is not already assigned to appear in the table. 3 Option Action Find a specific machine Type the name of the machine in the Find text box and click Find. Find all of the machines that follow the same naming convention Type a partial machine name in the Find text box and click Find.
View Administration View Administrator begins installing the ThinApp applications a few minutes later. After the installation is finished, the applications are available to all of the users of the remote desktop that is hosted by the virtual machine. Assign a ThinApp Application to Multiple Desktop Pools You can assign a particular ThinApp application to one or more desktop pools.
Chapter 10 Managing ThinApp Applications in View Administrator Procedure 1 In View Administrator, select Catalog > Desktop Pools and double-click the pool ID. 2 On the Inventory tab, click ThinApps and then click Add Assignment. The ThinApp applications that are not already assigned to the pool appear in the table. 3 To find a particular application, type the name of the ThinApp application in the Find text box and click Find. 4 Select a ThinApp application to assign to the pool and click Add.
View Administration 5 Select an installation type and click OK. Option Action Streaming Installs a shortcut to the application on the machine. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application. Full Installs the full application on the machine's local file system. Some ThinApp applications do not support both installation types.
Chapter 10 Managing ThinApp Applications in View Administrator Table 10‑1. ThinApp Application Installation Status Status Description Assigned The ThinApp application is assigned to the machine. Install Error An error occurred when View Administrator attempted to install the ThinApp application. Uninstall Error An error occurred when View Administrator attempted to uninstall the ThinApp application. Installed The ThinApp application is installed.
View Administration n Modify or Delete a ThinApp Template on page 186 You can add and remove applications from a ThinApp template. You can also delete a ThinApp template. n Remove an Application Repository on page 186 You can remove an application repository from View Administrator. Remove a ThinApp Application Assignment from Multiple Machines You can remove an assignment to a particular ThinApp application from one or more machines.
Chapter 10 Managing ThinApp Applications in View Administrator Remove a ThinApp Application Assignment from Multiple Desktop Pools You can remove an assignment to a particular ThinApp application from one or more desktop pools. Prerequisites Notify the users of the remote desktops in the pools that you intend to remove the application. Procedure 1 In View Administrator, select Catalog > ThinApps and double-click the name of the ThinApp application.
View Administration Modify or Delete a ThinApp Template You can add and remove applications from a ThinApp template. You can also delete a ThinApp template. If you add an application to a ThinApp template after assigning the template to a machine or desktop pool, View Administrator does not automatically assign the new application to the machine or desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator Cause The View Connection Server host cannot access the network share that hosts the application repository. The network share path that you typed in the Share path text box might be incorrect, the network share that hosts the application repository is in a domain that is not accessible from the View Connection Server host, or the network share permissions have not been set up properly.
View Administration Solution If the template contains a ThinApp application that is already assigned to the machine or desktop pool, create a new template that does not contain the application or edit the existing template and remove the application. Assign the new or modified template to the machine or desktop pool. To change the installation type of a ThinApp application, you must remove the existing application assignment from the machine or desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator View Agent log files are located on the machine in drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs for Windows XP systems and drive:\ProgramData\VMware\VDM\logs for Windows 7 systems. View Connection Server log files are located on the View Connection Server host in the drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs directory. Solution 1 In View Administrator, select Catalog > ThinApps.
View Administration Procedure 1 Download the ThinApp software from http://www.vmware.com/products/thinapp and install it on a clean computer. View supports ThinApp version 4.6 and later. 2 Use the ThinApp Setup Capture wizard to capture and package your applications in MSI format.
Setting Up Clients in Kiosk Mode 11 You can set up unattended clients that can obtain access to their desktops from View. A client in kiosk mode is a thin client or a lock-down PC that runs Horizon Client to connect to a View Connection Server instance and launch a remote session. End users do not typically need to log in to access the client device, although the remote desktop might require them to provide authentication information for some applications.
View Administration n Administrators, Inventory Administrators, or an equivalent role to use View Administrator to entitle users or groups to remote desktops. n Administrators or an equivalent role to run the vdmadmin command. Procedure 1 Prepare Active Directory and View for Clients in Kiosk Mode on page 192 You must configure Active Directory to accept the accounts that you create to authenticate client devices.
Chapter 11 Setting Up Clients in Kiosk Mode 3 Configure the guest operating system so that the clients are not locked when they are left unattended. View suppresses the pre-login message for clients that connect in kiosk mode. If you require an event to unlock the screen and display a message, you can configure a suitable application on the guest operating system. 4 In View Administrator, create the desktop pool that the clients will use and entitle the group to this pool.
View Administration Option Description -noexpirepassword Specifies that passwords on client accounts do not expire. -nogroup Clears the setting for the default group. -ou DN Specifies the distinguished name of the default organizational unit to which client accounts are added. For example: OU=kiosk-ou,DC=myorg,DC=com NOTE You cannot use the command to change the configuration of an organizational unit. The command updates the default values for clients in the View Connection Server group.
Chapter 11 Setting Up Clients in Kiosk Mode Add Accounts for Clients in Kiosk Mode You can use the vdmadmin command to add accounts for clients to the configuration of a View Connection Server group. After you add a client, it is available for use with a View Connection Server instance on which you have enabled authentication of clients. You can also update the configuration of clients, or remove their accounts from the system.
View Administration The command creates a user account in Active Directory for the client in the specified domain and group (if any). Example: Adding Accounts for Clients Add an account for a client specified by its MAC address to the MYORG domain, using the default settings for the group kc-grp. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp Add an account for a client specified by its MAC address to the MYORG domain, using an automatically generated password.
Chapter 11 Setting Up Clients in Kiosk Mode 2 If the remote desktop is provided by a Microsoft RDS host, log in to the RDS host and add the user account to the Remote Desktop Users group. For example, say that on the View server, you entitle the user account custom-11 to a session-based View desktop on an RDS host.
View Administration Password Generated: false Client Authentication Connection Servers ======================================== Common Name : CONSVR1 Client Authentication Enabled : false Password Required : false Common Name : CONSVR2 Client Authentication Enabled : true Password Required : false What to do next Verify that the clients can connect to their remote desktops.
Chapter 11 Setting Up Clients in Kiosk Mode Procedure u To connect to a remote session, type the appropriate command for your platform. Option Description Windows Enter C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe -unattended [-serverURL connection_server] [-userName user_name] [-password password] Linux -password password Specifies the password for the client's account. If you defined a password for the account, you must specify this password.
View Administration Run Horizon Client on a Linux client using an assigned name and password. vmware-view -unattended -s 145.124.24.100 --once -u custom-Terminal21 -p "Secret1!" 200 VMware, Inc.
Troubleshooting View 12 You can use a variety of procedures for diagnosing and fixing problems that you might encounter when using View. You can use troubleshooting procedures to investigate the causes of such problems and attempt to correct them yourself, or you can obtain assistance from VMware Technical Support. For information about troubleshooting desktops and desktop pools, see the Setting Up Desktop and Application Pools in View document.
View Administration Events Provides links to the Events screen filtered for error events and for warning events. System Health Provides links to the Dashboard screen, which displays summaries of the status of View components, vSphere components, domains, desktops, and datastore usage. The system health dashboard displays a numbered link against each item. This value indicates the number of items that the linked report provides details about.
Chapter 12 Troubleshooting View Collecting Diagnostic Information for View You can collect diagnostic information to help VMware Technical Support diagnose and resolve issues with View. You can collect diagnostic information for various components of View. How you collect this information varies depending on the View component.
View Administration 2 Open a command prompt and run the command to generate the DCT bundle. Option Action On View Connection Server, using vdmadmin To specify the names of the output bundle file, desktop pool, and machine, use the -outfile, -d, and -m options with the vdmadmin command. vdmadmin -A [-b authentication_arguments] -getDCT -outfile local_file -d desktop -m machine On the remote desktop Change directories to c:\Program Files\VMware\VMware View\Agent\DCT and run the following command: suppo
Chapter 12 Troubleshooting View Collect Diagnostic Information for View Composer Using the Support Script You can use the View Composer support script to collect configuration data and generate log files for View Composer. This information helps VMware customer support diagnose any issues that arise with View Composer. Prerequisites Log in to the computer on which View Composer is installed.
View Administration 3 When you have collected enough information about the behavior of View Connection Server, select Start > All Programs > VMware > Generate View Connection Server Log Bundle. The support tool writes the log files to a folder called vdm-sdct on the desktop of the View Connection Server instance. 4 File a support request on the Support page of the VMware Web site and attach the output files.
Chapter 12 Troubleshooting View Option Description 7 Selects debug logging for virtual channels (View Agent and Horizon Client only). 8 Selects trace logging for virtual channels (View Agent and Horizon Client only). The script writes the zipped log files to the folder vdm-sdct on the desktop. 3 You can find the View Composer guest agent logs in the C:\Program Files\Common Files\VMware\View Composer Guest Agent svi-ga-support directory.
View Administration Solution If you intend to keep the security server in your View environment, take these steps: 1 In View Administrator, select View Configuration > Servers. 2 On the Security Servers tab, select a security server, select Prepare for Upgrade or Reinstallation from the More Commands drop-down menu, and click OK.
Chapter 12 Troubleshooting View 5 Configure the proxy settings. For example, at the netsh winhttp> prompt, type import proxy source=ie. The proxy settings are imported to the View Connection Server computer. 6 Verify the proxy settings by typing show proxy. 7 Restart the VMware Horizon View Connection Server service. 8 On the View Administrator dashboard, verify that the security server or View Connection Server icon is green.
View Administration 210 VMware, Inc.
Using the vdmadmin Command 13 You can use the vdmadmin command line interface to perform a variety of administration tasks on a View Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from within the View Administrator user interface or to perform administration tasks that need to run automatically from scripts. For a comparison of the operations that are possible in View Administrator, View cmdlets, and vdmadmin, see the View Integration document.
View Administration n Assigning Dedicated Machines Using the -L Option on page 222 You can use the vdmadmin command with the -L option to assign machines from a dedicated pool to users. n Displaying Information About Machines Using the -M Option on page 223 You can use the vdmadmin command with the -M option to display information about the configuration of virtual machines or physical computers.
Chapter 13 Using the vdmadmin Command vdmadmin Command Usage The syntax of the vdmadmin command controls its operation. Use the following form of the vdmadmin command from a Windows command prompt. vdmadmin command_option [additional_option argument] ... The additional options that you can use depend on the command option. By default, the path to the vdmadmin command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin.
View Administration Table 13‑1. Options for Selecting Output Format Option Description -csv Formats the output as comma-separated values. -n Display the output using ASCII (UTF-8) characters. This is the default character set for comma-separated values and plain text output. -w Display the output using Unicode (UTF-16) characters. This is the default character set for XML output. -xml Formats the output as XML.
Chapter 13 Using the vdmadmin Command Table 13‑2. Vdmadmin Command Options (Continued) Option Description -V Unlocks or locks virtual machines. See “Unlocking or Locking Virtual Machines Using the -V Option,” on page 239. -X Detects and resolves duplicated LDAP entries on replicated View Connection Server instances. See “Detecting and Resolving LDAP Entry Collisions Using the -X Option,” on page 240.
View Administration Table 13‑3. Options for Configuring Logging in View Agent (Continued) Option Description -outfile local_file Specifies the name of the local file in which to save a DCT bundle or a copy of a log file. -setloglevel level Sets the logging level of View Agent. debug Logs error, warning, and debugging events. normal Logs error and warning events. trace Logs error, warning, informational, and debugging events.
Chapter 13 Using the vdmadmin Command Usage Notes A View Agent reports the discovered IP address of the machine on which it is running to the View Connection Server instance. In secure configurations where the View Connection Server instance cannot trust the value that the View Agent reports, you can override the value provided by the View Agent and specify the IP address that the managed machine should be using.
View Administration If you do not specify a name for the group, the command returns the GUID of the group to which the local View Connection Server instance belongs. You can use the GUID to verify whether a View Connection Server instance is a member of the same View Connection Server group as another View Connection Server instance. For a description of how to use SCOM with View, see the View Integration document. Options The -c option specifies the name of the View Connection Server group.
Chapter 13 Using the vdmadmin Command Listing and Displaying Health Monitors Using the ‑H Option You can use the vdmadmin command -H to list the existing health monitors, to monitor instances for View components, and to display the details of a specific health monitor or monitor instance.
View Administration Display the health of a specified vCenter monitor instance. vdmadmin -H -monitorid VCMonitor -instanceid 4aec2c99-4879-96b2-de408064d035 -xml Listing and Displaying Reports of View Operation Using the ‑I Option You can use the vdmadmin command with the -I option to list the available reports of View operation and to display the results of running one of these reports.
Chapter 13 Using the vdmadmin Command Generating View Event Log Messages in Syslog Format Using the ‑I Option You can use the vdmadmin command with the -I option to record View event messages in Syslog format in event log files. Many third-party analytics products require flat-file Syslog data as input for their analytics operations.
View Administration Examples Disable generating View events in Syslog format. vdmadmin -I -eventSyslog -disable Direct Syslog output of View events to the local system only. vdmadmin -I -eventSyslog -enable -localOnly Direct Syslog output of View events to a specified path. vdmadmin -I -eventSyslog -enable -path path Direct Syslog output of View events to a specified path that requires access by an authorized domain user. vdmadmin -I -eventSyslog -enable -path \\logserver\share\ViewEvents -user mydomain
Chapter 13 Using the vdmadmin Command Table 13‑9. Options for Assigning Dedicated Desktops Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine that hosts the remote desktop. -r Removes an assignment to a specified user, or all assignments to a specified machine. -u domain\user Specifies the login name and domain of the user. Examples Assign the machine machine2 in the desktop pool dtpool1 to the user Jo in the CORP domain.
View Administration n URL of the vCenter Server (if applicable). Options Table 13-10 shows the options that you can use to specify the machine whose details you want to display. Table 13‑10. Options for Displaying Information About Machines Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -u domain\user Specifies the login name and domain of the user.
Chapter 13 Using the vdmadmin Command n Verify that a blackout period is not in effect. See "Set Blackout Times for ESXi Operations on Remote Desktops" in the Setting Up Desktop and Application Pools in View document. Options Table 13‑11. Options for Reclaiming Disk Space on Virtual Machines Option Description -d desktop Specifies the name of the desktop pool. -m machine Specifies the name of the virtual machine. -MarkForSpaceReclamation Marks the virtual machine for disk space reclamation.
View Administration Table 13‑12. Options for Configuring Domain Filters Option Description -add Adds a domain to a list. -domain domain Specifies the domain to be filtered. You must specify domains by their NetBIOS names and not by their DNS names. -domains Specifies a domain filter operation. -exclude Specifies an operation on a exclusion list. -include Specifies an operation on an inclusion list.
Chapter 13 Using the vdmadmin Command Broker Settings: CONSVR-2 Include: Exclude: Search : View limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View excludes the YOURDOM domain from the results of the domain search on CONSVR-1. Display the domain filters in XML using ASCII characters.
View Administration Table 13‑13. Types of Domain List Domain List Type Description Search exclusion list Specifies the domains that View can traverse during an automated search. The search ignores domains that are included in the search exclusion list, and does not attempt to locate domains that the excluded domain trusts. You cannot exclude the primary domain from the search. Exclusion list Specifies the domains that View excludes from the results of a domain search.
Chapter 13 Using the vdmadmin Command Display the currently active domains after including the YOURDOM and DEPTX domains. C:\ vdmadmin -N -domains -list -active Domain Information (CONSVR) =========================== Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Domain: DEPTX DNS:deptx.mycorp.com View applies the include list to the results of a domain search.
View Administration Domain: Domain: Domain: Domain: YOURDOM DNS:yourdom.mycorp.com DEPTX DNS:deptx.mycorp.com DEPTY DNS:depty.mycorp.com DEPTZ DNS:deptz.mycorp.com Extend the search exclusion list to exclude the DEPTX domain and all its trusted domains from the domain search for all View Connection Server instances in a group. Also, exclude the YOURDOM domain from being available on CONSVR-1.
Chapter 13 Using the vdmadmin Command Displaying the Machines and Policies of Unentitled Users Using the ‑O and ‑P Options You can use the vdmadmin command with the -O and -P options to display the virtual machines and policies that are assigned to users who are no longer entitled to use the system.
View Administration Display virtual machines that are assigned to unentitled users, grouped by user, in XML format using ASCII characters. vdmadmin -O -lu -xml -n Apply your own stylesheet C:\tmp\unentitled-users.xsl and redirect the output to the file uu-output.html. vdmadmin -O -lu -xml -xsltpath "C:\tmp\unentitled-users.xsl" > uu-output.html Display the user policies that are associated with unentitled users’ virtual machinse, grouped by desktop, in XML format using Unicode characters.
Chapter 13 Using the vdmadmin Command You can define alternate prefixes to "custom-" in the pae-ClientAuthPrefix multi-valued attribute under cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int in ADAM on a View Connection Server instance. Avoid using these prefixes with ordinary user accounts. If you do not specify a name for a client, View generates a name from the MAC address that you specify for the client device.
View Administration Table 13‑16. Options for Configuring Clients in Kiosk Mode (Continued) Option Description -force Disables the confirmation prompt when removing the account for a client in kiosk mode. -genpassword Generates a password for the client's account. This is the default behavior if you do not specify either -password or -genpassword. -getdefaults Gets the default values that are used for adding client accounts.
Chapter 13 Using the vdmadmin Command Add an account for a client specified by its MAC address to the MYORG domain, and use the default settings for the group kc-grp. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp Add an account for a client specified by its MAC address to the MYORG domain, and use an automatically generated password.
View Administration ======================================== Common Name : CONSVR1 Client Authentication Enabled : false Password Required : false Common Name : CONSVR2 Client Authentication Enabled : true Password Required : false Displaying the First User of a Machine Using the ‑R Option You can use the vdmadmin command with the -R option to find out the initial assignment of a managed virtual machine.
Chapter 13 Using the vdmadmin Command You can also use the vdmadmin command with the -S option to remove a security server from your View environment. You do not have to use this option if you intend to upgrade or reinstall a security server without removing it permanently. To make the removal permanent, perform these tasks: 1 Uninstall the View Connection Server instance or security server from the Windows Server computer by running the View Connection Server installer.
View Administration Options Table 13‑17. Options for Providing Secondary Credentials Option Description -add Adds a secondary credential for the owner account. A Windows logon is performed to verify that the specified credentials are valid. A foreign security principal (FSP) is created for the user in View LDAP. -update Updates a secondary credential for the owner account. A Windows logon is performed to verify that the updated credentials are valid.
Chapter 13 Using the vdmadmin Command n ThinApp assignments. n Administrator roles including the administrative rights of a user and the folders in which they have those rights. Options The -u option specifies the name and domain of the user. Examples Display information about the user Jo in the CORP domain in XML using ASCII characters. vdmadmin -U -u CORP\Jo -n -xml Unlocking or Locking Virtual Machines Using the ‑V Option You can use the vdmadmin command with the -V option to unlock or lock virtua
View Administration Examples Unlock the virtual machines machine 1 and machine2 in desktop pool dtpool3. vdmadmin -V -e -d dtpool3 -m machine1 -m machine2 Lock the virtual machine machine3 in desktop pool dtpool3. vdmadmin -V -p -d dtpool3 -m machine3 Detecting and Resolving LDAP Entry Collisions Using the -X Option You can use the vdmadmin command with the -X option to detect and resolve colliding LDAP entries on replicated View Connection Server instances in a group.
Index A access groups changing, for a desktop pool or a farm 70 creating 64, 65, 70 managing 69 organizing desktops and pools 64 removing 70 reviewing desktop pools, application pools, or farms 71 reviewing vCenter virtual machines 71 root 64 Active Directory preparing for clients in kiosk mode 192 preparing for smart card authentication 49 updating Foreign Security Principals of users 218 updating general user information 101 ADM template files View components 83 View Common Configuration 85 View Server C
View Administration automated desktop pools adding machines manually 142 changing the pool size 142 B backing up configuration backup settings 91 scheduling backups 90 View configuration data 89 View Connection Server 25 biometric authentication, configuring 61 Blast Secure Gateway service 99 C CBRC, configuring for vCenter Server 19 certificate revocation checking enabling 56 troubleshooting for security server 208 certificates accept the thumbprint 22 updating on View Connection Server 107 certutil com
Index diagnostic information collecting 203 collecting for View Composer 205 collecting using the support tool 205 using support scripts 206 direct connections, configuring 32 Direct Interaction privilege 75 disjoint namespaces 173 domain filters configuring 227 displaying 225 example of excluding domains 229 example of including domains 228 domains enumerating trusted 85 filter lists 225 secondary credentials 237 E Enable Farms and Desktop Pools privilege 76 enableOCSP property 58, 59 enableRevocationChe
View Administration 244 L M LDAP entries, detecting and resolving collisions 240 LDAP repository backing up 91 importing 92 licenses adding to View 100 monitoring usage 100 resetting 101 linked-clone desktop management, managing persistent disks 134 linked-clone desktop virtual machine management, understanding 125 linked-clone machine management refresh operation guidelines 126 refreshing 125 linked-clone virtual machine management detaching persistent disks 134 disk filenames after a rebalance 133 man
Index N NET Framework, migrating RSA key container 106 O OCSP certificate revocation checking configuring 58 logging in 57 ocspCRLFailover property 59 ocspSendNonce property 59 ocspSigningCert 59 ocspSigningCert property 58 ocspURL property 58, 59 orphaned machinse, displaying 231 OS disks, machine refresh 125, 126 OUs, creating for kiosk mode clients 192 output formats, vdmadmin command 213 overriding IP addresses for View Agent 216 P passwords 60 pcoip.
View Administration importing to a server truststore file 45 obtaining 44 root access group 64 RSA Agent host node secret, resetting 42 RSA key container migrating to View Composer 106 using NET Framework 106 RSA SecurID authentication configuring 39 enabling 40 logging in 40 troubleshooting 42 S SAML 54 SAML 2.0 Authentication 53 SAML 2.
Index ThinApp Setup Capture wizard 174 thumbprint, accept for a default certificate 22 trusted domains, enumerating 85 Trusted Root Certification Authorities policy 51 trustKeyfile property 46 trustStoretype property 46 two-factor authentication 39, 42 U unassigning users, dedicated-assignment pools 147 unentitled users, displaying machines 231 Unix systems, using with View Administrator 12 Unknown username or bad password 196, 232 unlocking, machines 239 unmanaged machines adding to a pool 152 managing 1
View Administration recreating a virtual machine with a detached persistent disk 136 refreshing machines 125 understanding desktop recomposition 127 understanding machine refresh operations 126 understanding virtual machine recomposition 129 View Connection Server backing up configuration data 25, 89 collecting diagnostic information 206 configuring 13 configuring direct connections 32 disabling 36 editing the external URL 36 exporting configuration data 91 removing entry from configuration 236 restoring c