View Administration VMware Horizon 6 Version 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
View Administration You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents View Administration 7 1 Using View Administrator 9 View Administrator and View Connection Server 9 Log In to View Administrator 9 Tips for Using the View Administrator Interface 10 Troubleshooting the Text Display in View Administrator 12 2 Configuring View Connection Server 13 Configuring vCenter Server and View Composer 13 Backing Up View Connection Server 25 Configuring Settings for Client Sessions 25 Disable or Enable View Connection Server 36 Edit the External URLs 36 Join or Withdraw fr
View Administration 6 Maintaining View Components 85 Backing Up and Restoring View Configuration Data 85 Monitor View Components 93 Monitor Machine Status 93 Understanding View Services 94 Change the Product License Key 96 Monitor Concurrent Connections to View and Reset Historical Usage Data 96 Update General User Information from Active Directory 97 Migrate View Composer to Another Machine 97 Update the Certificates on a View Connection Server Instance, Security Server, or View Composer Information Coll
Contents Troubleshooting Smart Card Certificate Revocation Checking Further Troubleshooting Information 195 195 13 Using the vdmadmin Command 197 vdmadmin Command Usage 199 Configuring Logging in View Agent Using the -A Option 201 Overriding IP Addresses Using the -A Option 202 Setting the Name of a View Connection Server Group Using the -C Option 203 Updating Foreign Security Principals Using the -F Option 204 Listing and Displaying Health Monitors Using the -H Option 204 Listing and Displaying Report
View Administration 6 VMware, Inc.
View Administration View Administration describes how to configure and administer VMware Horizon 6™, including how to configure View Connection Server, create administrators, set up user authentication, configure policies, and manage VMware ThinApp™ applications in View Administrator. This document also describes how to maintain and troubleshoot View components. Intended Audience This information is intended for anyone who wants to configure and administer VMware Horizon 6.
View Administration 8 VMware, Inc.
Using View Administrator 1 View Administrator is the Web interface through which you configure View Connection Server and manage your remote desktops and applications. For a comparison of the operations that you can perform with View Administrator, View cmdlets, and vdmadmin, see the View Integration document.
View Administration Procedure 1 Open your Web browser and enter the following URL, where server is the host name of the View Connection Server instance. https://server/admin NOTE You can use the IP address if you have to access a View Connection Server instance when the host name is not resolvable. However, the host that you contact will not match the SSL certificate that is configured for the View Connection Server instance, resulting in blocked access or access with reduced security.
Chapter 1 Using View Administrator Table 1‑1. View Administrator Navigation and Display Features View Administrator Feature Description Navigating backward and forward in View Administrator pages Click your browser's Back button to go to the previously displayed View Administrator page. Click the Forward button to return to the current page. If you click the browser's Back button while you are using a View Administrator wizard or dialog box, you return to the main View Administrator page.
View Administration Table 1‑1. View Administrator Navigation and Display Features (Continued) View Administrator Feature Description Selecting View objects and displaying View object details In View Administrator tables that list View objects, you can select an object or display object details. n To select an object, click anywhere in the object's row in the table. At the top of the page, menus and commands that manage the object become active.
Configuring View Connection Server 2 After you install and perform initial configuration of View Connection Server, you can add vCenter Server instances and View Composer services to your View deployment, set up roles to delegate administrator responsibilities, and schedule backups of your configuration data.
View Administration 2 Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to the account in the Active Directory container in which the linked-clone computer accounts are created or to which the linked-clone computer accounts are moved.
Chapter 2 Configuring View Connection Server n Verify that all View Connection Server instances in the replicated group trust the root CA certificate for the server certificate that is installed on the vCenter Server host. Check if the root CA certificate is in the Trusted Root Certification Authorities > Certificates folder in the Windows local computer certificate stores on the View Connection Server hosts. If it is not, import the root CA certificate into the Windows local computer certificate stores.
View Administration n If the vCenter Server instance is configured with a default certificate, you must first determine whether to accept the thumbprint of the existing certificate. See “Accept the Thumbprint of a Default SSL Certificate,” on page 22. If View uses multiple vCenter Server instances, repeat this procedure to add the other vCenter Server instances.
Chapter 2 Configuring View Connection Server 3 If you are using View Composer, select the location of the View Composer host. Option Description View Composer is installed on the same host as vCenter Server. a b Select View Composer co-installed with the vCenter Server. Make sure that the port number is the same as the port that you specified when you installed the VMware Horizon View Composer service on vCenter Server. The default port number is 18443.
View Administration 5 Click OK. 6 To add domain user accounts with privileges in other Active Directory domains in which you deploy linked-clone pools, repeat the preceding steps. 7 Click Next to display the Storage Settings page. What to do next Enable virtual machine disk space reclamation and configure View Storage Accelerator for View. Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines In vSphere 5.1 and later, you can enable the disk space reclamation feature for View.
Chapter 2 Configuring View Connection Server Procedure 1 2 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page. a Select View Configuration > Servers. b On the vCenter Servers tab, click Add. c Complete the vCenter Server Information, View Composer Settings, and View Composer Domains pages. On the Storage Settings page, make sure that Enable space reclamation is selected.
View Administration n Verify that the vCenter Server user was assigned the Global > Act as vCenter Server privilege in vCenter Server. See the topics in the View Installation document that describe View and View Composer privileges required for the vCenter Server user. Procedure 1 2 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage Settings page. a Select View Configuration > Servers. b On the vCenter Servers tab, click Add.
Chapter 2 Configuring View Connection Server Table 2‑1. Concurrent Operations Limits for vCenter Server and View Composer Setting Description Max concurrent vCenter provisioning operations Determines the maximum number of concurrent requests that View Connection Server can make to provision and delete full virtual machines in this vCenter Server instance. The default value is 20. This setting applies to full virtual machines only.
View Administration Logons, and therefore desktop power on operations, typically occur in a normally distributed manner over a certain time window. You can approximate the peak power-on rate by assuming that it occurs in the middle of the time window, during which about 40% of the power-on operations occur in 1/6th of the time window. For example, if users log on between 8:00 AM and 9:00 AM, the time window is one hour, and 40% of the logons occur in the 10 minutes between 8:25 AM and 8:35 AM.
Chapter 2 Configuring View Connection Server 3 Examine the certificate thumbprint that was configured for the vCenter Server or View Composer instance. a On the vCenter Server or View Composer host, start the MMC snap-in and open the Windows Certificate Store. b Navigate to the vCenter Server or View Composer certificate. c Click the Certificate Details tab to display the certificate thumbprint. Similarly, examine the certificate thumbprint for a SAML authenticator.
View Administration Procedure 1 Remove the linked-clone desktop pools that were created by View Composer. a In View Administrator, select Catalog > Desktop Pools. b Select a linked-clone desktop pool and click Delete. A dialog box warns that you will permanently delete the linked-clone desktop pool from View. If the linked-clone virtual machines are configured with persistent disks, you can detach or delete the persistent disks. c Click OK. The virtual machines are deleted from vCenter Server.
Chapter 2 Configuring View Connection Server Backing Up View Connection Server After you complete the initial configuration of View Connection Server, you should schedule regular backups of your View and View Composer configuration data. For information about backing up and restoring your View configuration, see “Backing Up and Restoring View Configuration Data,” on page 85.
View Administration The password must contain between 1 and 128 characters. Follow your organization's best practices for generating secure passwords. Procedure 1 In View Administrator, select View Configuration > Global Settings. 2 In the Security pane, click Change data recovery password. 3 Type and retype the new password. 4 (Optional) Type a password reminder. NOTE You can also change the data recovery password when you schedule your View configuration data to be backed up.
Chapter 2 Configuring View Connection Server Table 2‑2. General Global Settings for Client Sessions (Continued) Setting Description For clients that support applications. If the user stops using the keyboard and mouse, disconnect their applications and discard SSO credentials: Protects application sessions when there is no keyboard or mouse activity on the client device. If set to After ...
View Administration Table 2‑2. General Global Settings for Client Sessions (Continued) Setting Description Enable Windows Server desktops Determines whether you can select available Windows Server 2008 R2 and Windows Server 2012 R2 machines for use as desktops. When this setting is enabled, View Administrator displays all available Windows Server machines, including machines on which View server components are installed.
Chapter 2 Configuring View Connection Server Table 2‑3. Global Security Settings for Client Sessions and Connections (Continued) Setting Description Enhanced Security Status (Readonly) Read-only field that appears when Message security mode is changed from Enabled to Enhanced. Because the change is made in phases, this field shows the progress through the phases: n Waiting for Message Bus restart is the first phase.
View Administration Table 2‑4. Message Security Mode Options (Continued) Option Description Enabled Message security mode is enabled, using a combination of message signing and encryption. JMS messages are rejected if the signature is missing or invalid, or if a message was modified after it was signed. Some JMS messages are encrypted because they carry sensitive information such as user credentials.
Chapter 2 Configuring View Connection Server The additional options that you can use depend on the command option. This topic focuses on the options for message security mode. For the other options, which relate to Cloud Pod Architecture, see the Administering View Cloud Pod Architecture document. By default, the path to the vdmutil command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin. To avoid entering the path on the command line, add the path to your PATH environment variable.
View Administration Table 2‑6. vdmutil Command Options (Continued) Option Description --listMsgBusSecStatus Lists the message bus security status for all connection servers in the local pod. --listPendingMsgSecStatus List machines preventing a transition to or from Enhanced mode. Limited to 25 entries by default. --setMsgSecMode Sets the message security mode for the local pod. --verbose Enables verbose logging. You can add this option to any other option to obtain detailed command output.
Chapter 2 Configuring View Connection Server 4 Configure use of the PCoIP Secure Gateway. Option Description Enable the PCoIP Secure Gateway Select Use PCoIP Secure Gateway for PCoIP connections to machine Disable the PCoIP secure Gateway Deselect Use PCoIP Secure Gateway for PCoIP connections to machine The PCoIP Secure Gateway is disabled by default. 5 Click OK to save your changes.
View Administration Open the Port Used by HTML Access on Security Servers When you install the HTML Access component during a View Connection Server installation, the installer creates and enables a Windows Firewall rule to open the port that is used by HTML Access for client connections. However, on security servers, you must manually enable the rule in Windows Firewall to allow communication to the port. By default, HTML Access uses TCP port 8443 for client connections to the Blast Secure Gateway.
Chapter 2 Configuring View Connection Server If you deploy security servers, external URLs are required for the security servers but not for the View Connection Server instances that are paired with the security servers. If you do not deploy security servers, or if you have a mixed network environment with some security servers and some external-facing View Connection Server instances, External URLs are required for any View Connection Server instances that connect to the intermediate server.
View Administration Example: locked.properties file This file allows non-SSL HTTP connections to a View server. The IP address of the View server's clientfacing network interface is 10.20.30.40. The server uses the default port 80 to listen for HTTP connections. The value http must be lower case. serverProtocol=http serverHostNonSSL=10.20.30.
Chapter 2 Configuring View Connection Server Procedure 1 2 In View Administrator, select View Configuration > Servers. Option Action View Connection Server instance Select the View Connection Server instance on the Connection Servers tab and click Edit. Security server Select the security server on the Security Servers tab and click Edit. Type the secure tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable host name and port number.
View Administration 3 Decide whether to participate in or withdraw from the program by selecting or deselecting the Send anonymous data to VMware checkbox. 4 (Optional) If you participate, you can select the geographic location, type of business, and number of employees in your organization. 5 Click OK. View LDAP Directory View LDAP is the data repository for all View configuration information.
Setting Up Authentication 3 View uses your existing Active Directory infrastructure for user and administrator authentication and management. For added security, you can integrate View with smart card authentication. You can also use two-factor authentication solutions, such as RSA SecurID and RADIUS, to authenticate remote desktop and application users.
View Administration View is certified through the RSA SecurID Ready program and supports the full range of SecurID capabilities, including New PIN Mode, Next Token Code Mode, RSA Authentication Manager, and load balancing. n Logging in Using Two-Factor Authentication on page 40 When a user connects to a View Connection Server instance that has RSA SecurID authentication or RADIUS authentication enabled, a special login dialog box appears in Horizon Client.
Chapter 3 Setting Up Authentication n For RADIUS authentication, follow the vendor's configuration documentation. Make a note of the RADIUS server's host name or IP address, the port number on which it is listening for RADIUS authentication (usually 1812), the authentication type (PAP, CHAP, MS-CHAPv1, or MS-CHAPv2) and the shared secret. You will enter these values in View Administrator. You can enter values for a primary and a secondary RADIUS authenticator.
View Administration What to do next If you have a replicated group of View Connection Server instances and you want to also set up RADIUS authentication on them, you can re-use an existing RADIUS authenticator configuration. Troubleshooting RSA SecurID Access Denial Access is denied when Horizon Client connects with RSA SecurID authentication.
Chapter 3 Setting Up Authentication Using Smart Card Authentication You can configure a View Connection Server instance or security server so that users and administrators can authenticate by using smart cards. A smart card is a small plastic card that contains a computer chip. The chip, which is like a miniature computer, includes secure storage for data, including private keys and public key certificates.
View Administration 2 Obtain the Root Certificate from Windows on page 44 If you have a CA-signed user certificate or a smart card that contains one, and Windows trusts the root certificate, you can export the root certificate from Windows. 3 Add the Root Certificate to a Server Truststore File on page 45 You must add root certificates to a server truststore file for all users and administrators that you trust.
Chapter 3 Setting Up Authentication 4 On the Personal tab, select the certificate you want to use and click View. If the user certificate does not appear on the list, click Import to manually import it from a file. After the certificate is imported, you can select it from the list. 5 On the Certification Path tab, select the certificate at the top of the tree and click View Certificate.
View Administration Modify View Connection Server Configuration Properties To enable smart card authentication, you must modify View Connection Server configuration properties on your View Connection Server or security server host. Prerequisites Add the root certificates for all trusted users to a server truststore file. Procedure 1 Create or edit the locked.properties file in SSL gateway configuration folder on the View Connection Server or security server host. For example: install_directory\VMware\VMwa
Chapter 3 Setting Up Authentication 3 To configure smart card authentication for remote desktop and application users, perform these steps. a b On the Authentication tab, select a configuration option from the Smart card authentication for users drop-down menu in the View Authentication section. Option Action Not allowed Smart card authentication is disabled on the View Connection Server instance.
View Administration 6 Restart the View Connection Server service. You must restart the View Connection Server service for changes to smart card settings to take effect, with one exception. You can change smart card authentication settings between Optional and Required without having to restart the View Connection Server service. Currently logged in user and administrators are not affected by changes to smart card settings.
Chapter 3 Setting Up Authentication Procedure 1 On your Active Directory server, start the ADSI Edit utility. 2 In the left pane, expand the domain the user is located in and double-click CN=Users. 3 In the right pane, right-click the user and then click Properties. 4 Double-click the userPrincipalName attribute and type the SAN value of the trusted CA certificate. 5 Click OK to save the attribute setting.
View Administration What to do next If an intermediate certification authority (CA) issues your smart card login or domain controller certificates, add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. See “Add an Intermediate Certificate to Intermediate Certification Authorities,” on page 50.
Chapter 3 Setting Up Authentication n In the locked.properties file on the View Connection Server or security server host, verify that the useCertAuth property is set to true and is spelled correctly. The locked.properties file is located in install_directory\VMware\VMware View\Server\sslgateway\conf. The useCertAuth property is commonly misspelled as userCertAuth.
View Administration Workspace Portal Manager sends the SAML artifact to the Horizon client through Workspace Portal, which in turn sends the artifact to the View Connection Server instance. The View Connection Server instance uses the SAML artifact to retrieve the SAML assertion from Workspace Portal Manager through Workspace Portal.
Chapter 3 Setting Up Authentication 3 On the Authentication tab, select a setting from the Delegation of authentication to VMware Horizon (SAML 2.0 Authenticator) drop-down menu to enable or disable the SAML authenticator. Option Description Disabled SAML authentication is disabled. You can launch remote desktops and applications only from Horizon Client. Allowed SAML authentication is enabled. You can launch remote desktops and applications from both Horizon Client and Workspace Portal.
View Administration You can configure certificate revocation checking on a View Connection Server instance or on a security server. When a View Connection Server instance is paired with a security server, you configure certificate revocation checking on the security server. The CA must be accessible from the View Connection Server or security server host. You can configure both CRL and OCSP on the same View Connection Server instance or security server.
Chapter 3 Setting Up Authentication Configure CRL Checking When you configure CRL checking, View reads a CRL to determine the revocation status of a smart card user certificate. Prerequisites Familiarize yourself with the locked.properties file properties for CRL checking. See “Smart Card Certificate Revocation Checking Properties,” on page 56. Procedure 1 Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection Server or security server host.
View Administration 3 Restart the View Connection Server service or security server service to make your changes take effect. Example: locked.properties File The file shown enables smart card authentication and smart card certificate revocation checking, configures both CRL and OCSP certificate revocation checking, specifies the OCSP Responder location, and identifies the file that contains the OCSP signing certificate. trustKeyfile=lonqa.
Chapter 3 Setting Up Authentication Using the Log In as Current User Feature Available with WindowsBased Horizon Client With Horizon Client for Windows, when users select the Log in as current user check box, the credentials that they provided when logging in to the client system are used to authenticate to the View Connection Server instance and to the remote desktop. No further user authentication is required.
View Administration Prerequisites See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows operating system version. Procedure 1 Start the ADSI Edit utility on your View Connection Server host. 2 In the Connection Settings dialog box, select or connect to DC=vdi,DC=vmware,DC=int. 3 In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the View Connection Server host followed by port 389.
Configuring Role-Based Delegated Administration 4 One key management task in a View environment is to determine who can use View Administrator and what tasks those users are authorized to perform. With role-based delegated administration, you can selectively assign administrative rights by assigning administrator roles to specific Active Directory users and groups.
View Administration To create administrators, you select users and groups from your Active Directory users and groups and assign administrator roles. Administrators obtain privileges through their role assignments. You cannot assign privileges directly to administrators. An administrator that has multiple role assignments acquires the sum of all the privileges contained in those roles.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑1. Different Administrators for Different Access Groups Administrator Role Access Group view-domain.com\Admin1 Inventory Administrators /CorporateDesktops view-domain.com\Admin2 Inventory Administrators /DeveloperDesktops In this example, the administrator called Admin1 has the Inventory Administrators role on the access group called CorporateDesktops and the administrator called Admin2 has the Inventory Administrators role on the a
View Administration Table 4‑4. Permissions on the Folders Tab for MarketingDesktops Admin Role Inherited view-domain.com\Admin1 Inventory Administrators view-domain.com\Admin1 Administrators (Read only) Yes The first permission is the same as the first permission shown in Table 4-3. The second permission is inherited from the second permission shown in Table 4-3.
Chapter 4 Configuring Role-Based Delegated Administration n To assign a custom role to the administrator, create the custom role. See “Add a Custom Role,” on page 68. n To create an administrator that can manage specific desktop pools, create an access group and move the desktop pools to that access group. See “Manage and Review Access Groups,” on page 65. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Administrators and Groups tab, click Add User or Group.
View Administration n Delete a Permission on page 64 You can delete a permission that includes a specific administrator user or group, a specific role, or a specific access group. n Review Permissions on page 65 You can review the permissions that include a specific administrator or group, a specific role, or a specific access group. Add a Permission You can add a permission that includes a specific administrator user or group, a specific role, or a specific access group.
Chapter 4 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 Select the permission to delete. 3 Option Action Delete a permission that applies to a specific administrator or group Select the administrator or group on the Administrators and Groups tab. Delete a permission that applies to a specific role Select the role on the Roles tab.
View Administration n Review the vCenter Virtual Machines in an Access Group on page 67 You can see the vCenter virtual machines in a particular access group in View Administrator. A vCenter virtual machine inherits the access group from its pool. Add an Access Group You can delegate the administration of specific machines, desktop pools, or farms to different administrators by creating access groups. By default, desktop pools, application pools, and farms reside in the root access group.
Chapter 4 Configuring Role-Based Delegated Administration Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Access Groups tab, select the access group and click Remove Access Group. 3 Click OK to remove the access group. Review the Desktop Pools, Application Pools, or Farms in an Access Group You can see the desktop pools, the application pools, or the farms in a particular access group in View Administrator.
View Administration Add a Custom Role If the predefined administrator roles do not meet your needs, you can combine specific privileges to create your own roles in View Administrator. Prerequisites Familiarize yourself with the administrator privileges that you can use to create custom roles. See “Predefined Roles and Privileges,” on page 69. Procedure 1 In View Administrator, select View Configuration > Administrators. 2 On the Roles tab, click Add Role.
Chapter 4 Configuring Role-Based Delegated Administration Predefined Roles and Privileges View Administrator includes predefined roles that you can assign to your administrator users and groups. You can also create your own administrator roles by combining selected privileges. n Predefined Administrator Roles on page 69 The predefined administrator roles combine all of the individual privileges required to perform common administration tasks. You cannot modify the predefined roles.
View Administration Table 4‑6. Predefined Roles in View Administrator Role User Capabilities Administrators Perform all administrator operations, including creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role can configure and manage a pod federation and manage remote pod sessions.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑6. Predefined Roles in View Administrator (Continued) Applies to an Access Group Role User Capabilities Local Administrators Perform all local administrator operations, except for creating additional administrator users and groups. In a Cloud Pod Architecture environment, administrators that have this role cannot perform operations on the Global Data Layer or manage sessions on remote pods.
View Administration Object-Specific Privileges Object-specific privileges control operations on specific types of inventory objects. Roles that contain objectspecific privileges can be applied to access groups. Table 4-8 describes the object-specific privileges. The predefined roles Administrators and Inventory Administrators contain all of these privileges. Table 4‑8. Object-Specific Privileges Privilege User Capabilities Object Enable Farms and Desktop Pools Enable and disable desktop pools.
Chapter 4 Configuring Role-Based Delegated Administration Required Privileges for Common Tasks Many common administration tasks require a coordinated set of privileges. Some operations require permission at the root access group in addition to access to the object that is being manipulated. Privileges for Managing Pools An administrator must have certain privileges to manage pools in View Administrator.
View Administration Table 4‑12. Persistent Disk Management Tasks and Privileges Task Required Privileges Detach a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the pool. Attach a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the machine. Edit a disk Manage Persistent Disks on the disk and Manage Farms and Desktop and Application Pools on the selected pool.
Chapter 4 Configuring Role-Based Delegated Administration Table 4‑14. Privileges for General Administration Tasks and Commands (Continued) Task Required Privileges Use the vdmadmin and vdmimport commands Must have the Administrators role on the root access group. Use the vdmexport command Must have the Administrators role or the Administrators (Read only) role on the root access group.
View Administration 76 VMware, Inc.
Configuring Policies in View Administrator and Active Directory 5 You can use View Administrator to set policies for client sessions. You can configure Active Directory group policy settings to control the behavior of View Connection Server, the PCoIP display protocol, and View logging and performance alarms. You can also configure Active Directory group policy settings to control the behavior of View Agent, Horizon Client for Windows, View Persona Management, and certain features.
View Administration n View Policies on page 79 You can configure View policies to affect all client sessions, or you can apply them to affect specific desktop pools or users. Configure Global Policy Settings You can configure global policies to control the behavior of all client sessions users. Prerequisites Familiarize yourself with the policy descriptions. See “View Policies,” on page 79. Procedure 1 In View Administrator, select Policies > Global Policies.
Chapter 5 Configuring Policies in View Administrator and Active Directory 5 Select one or more users from the list, click OK, and then click Next. The Add Individual Policy dialog box appears. 6 Configure the View policies and click Finish to save your changes. View Policies You can configure View policies to affect all client sessions, or you can apply them to affect specific desktop pools or users. Table 5-1 describes each View policy setting. Table 5‑1.
View Administration n The User Configuration policies set policies that apply to all users, regardless of the remote desktop or application they connect to. User Configuration policies override equivalent Computer Configuration policies. Microsoft Windows applies policies at desktop startup and when users log in. View ADM and ADMX Template Files The View ADM and ADMX template files provide group policy settings that let you control and optimize View components. Table 5‑2.
Chapter 5 Configuring Policies in View Administrator and Active Directory Table 5‑2. View ADM and ADMX Template Files (Continued) Template Name Template File Description Real-Time Audio-Video Configuration vdm_agent_rtav.adm Contains policy settings related to webcams that are used with the Real-Time Audio-Video feature. See the Setting Up Desktop and Application Pools in View document. Scanner Redirection vdm_agent_scanner.
View Administration Table 5‑4. View Common Configuration Template: Log Configuration Settings (Continued) Setting Properties Maximum debug log size in Megabytes Specifies the maximum size in megabytes that a debug log can reach before the log file is closed and a new log file is created. Log Directory Specifies the full path to the directory for log files. If the location is not writeable, the default location is used. For client log files, an extra directory with the client name is created.
Chapter 5 Configuring Policies in View Administrator and Active Directory Table 5‑5. View Common Configuration Template: Performance Alarm Settings (Continued) Setting Properties Process memory usage percentage to issue log info Specifies the threshold at which the memory usage of any individual process is logged. Process to check, comma separated name list allowing wild cards and exclusion Specifies a comma-separated list of queries that correspond to the name of one or more processes to be examined.
View Administration 84 VMware, Inc.
Maintaining View Components 6 To keep your View components available and running, you can perform a variety of maintenance tasks.
View Administration You can perform backups in several ways. n Schedule automatic backups by using the View configuration backup feature. n Initiate a backup immediately by using the Backup Now feature in View Administrator. n Manually export View LDAP data by using the vdmexport utility. This utility is provided with each instance of View Connection Server.
Chapter 6 Maintaining View Components View Configuration Backup Settings View can back up your View Connection Server and View Composer configuration data at regular intervals. In View Administrator, you can set the frequency and other aspects of the backup operations. Table 6‑1. View Configuration Backup Settings Setting Description Automatic backup frequency Every Hour. Backups take place every hour on the hour. Every 6 Hours. Backups take place at midnight, 6 am, noon, and 6 pm. Every 12 Hours.
View Administration 2 At the command prompt, type the vdmexport command and redirect the output to a file. For example: vdmexport > Myexport.LDF By default, the exported data is encrypted. You can specify the output file name as an argument to the -f option. For example: vdmexport -f Myexport.LDF You can export the data in plain text format (verbatim) by using the -v option. For example: vdmexport -f Myexport.
Chapter 6 Maintaining View Components If you backed up your View LDAP configuration by using View Administrator or the default vdmexport command, the exported LDIF file is encrypted. You must decrypt the LDIF file before you can import it. If the exported LDIF file is in plain text format, you do not have to decrypt the file. NOTE Do not import an LDIF file in cleansed format, which is plain text with passwords and other sensitive data removed.
View Administration 11 Log in to View Administrator and validate that the configuration is correct. 12 Start the View Composer instances. 13 Reinstall the replica server instances. 14 Start the security server instances. If there is a risk that the security servers have inconsistent configuration, they should also be uninstalled rather than stopped and then reinstalled at the end of the process.
Chapter 6 Maintaining View Components 2 On the computer where View Composer is installed, stop the VMware Horizon View Composer service. 3 Open a Windows command prompt and navigate to the SviConfig executable file. The file is located with the View Composer application. The default path is C:\Program Files (x86)\VMware\VMware View Composer\sviconfig.exe. 4 Run the SviConfig restoredata command.
View Administration Familiarize yourself with the SviConfig exportdata parameters: n DsnName - The DSN that is used to connect to the database. If it is not specified, DSN name, user name and password will be retrieved from server configuration file. n Username - The user name that is used to connect to the database. If this parameter is not specified, Windows authentication is used. n Password - The password for the user that connects to the database.
Chapter 6 Maintaining View Components Monitor View Components You can quickly survey the status of the View and vSphere components in your View deployment by using the View Administrator dashboard. View Administrator displays monitoring information about View Connection Server instances, the event database, security servers, View Composer services, datastores, vCenter Server instances, and domains. NOTE View cannot determine status information about Kerberos domains.
View Administration The Machines page displays all machines with the selected status. What to do next You can click a machine name to see details about the machine or click the View Administrator back arrow to return to the Dashboard page. Understanding View Services The operation of View Connection Server instances and security servers depends on several services that run on the system.
Chapter 6 Maintaining View Components Services on a View Connection Server Host The operation of View depends on several services that run on a View Connection Server host. Table 6‑4. View Connection Server Host Services Service Name Startup Type Description VMware Horizon View Blast Secure Gateway Automatic Provides secure HTML Access services. This service must be running if clients connect to View Connection Server through the HTML Access Secure Gateway.
View Administration Table 6‑5. Security Server Services (Continued) Service Name Startup Type Description VMware Horizon View PCoIP Secure Gateway Manual Provides PCoIP Secure Gateway services. This service must be running if clients connect to this security server through the PCoIP Secure Gateway. VMware Horizon View Security Gateway Component Manual Provides common gateway services. This service must always be running.
Chapter 6 Maintaining View Components The Highest column on the Product Licensing and Usage page displays the highest number of concurrent desktop sessions and remote application users since your View deployment was first configured or since the Reset Highest setting was last selected. An administrator with the Manage Global Configuration and Policies privilege can select the Reset Highest setting. To restrict access to the Reset Highest setting, give this privilege to designated administrators only.
View Administration n Migrate View Composer with an Existing Database on page 99 When you migrate View Composer to another physical or virtual machine, if you intend to preserve your current linked-clone virtual machines, the new VMware Horizon View Composer service must continue to use the existing View Composer database.
Chapter 6 Maintaining View Components Migrate View Composer with an Existing Database When you migrate View Composer to another physical or virtual machine, if you intend to preserve your current linked-clone virtual machines, the new VMware Horizon View Composer service must continue to use the existing View Composer database.
View Administration If you migrated the database, the DSN and data source information must point to the new location of the database. Whether or not you migrated the database, the new VMware Horizon View Composer service must have access to the original database information about the linked clones. 6 Configure an SSL server certificate for View Composer on the new machine.
Chapter 6 Maintaining View Components c In the View Composer Server Settings pane, click Edit. d Select Do not use View Composer and click OK. 2 Uninstall the VMware Horizon View Composer service from the current machine. 3 Install the VMware Horizon View Composer service on the new machine. During the installation, configure View Composer to connect to the DSN of the original or new View Composer database. 4 Configure an SSL server certificate for View Composer on the new machine.
View Administration Migrate the RSA Key Container to the New View Composer Service To use an existing View Composer database, you must migrate the RSA key container from the source physical or virtual machine on which the existing VMware Horizon View Composer service resides to the machine on which you want to install the new VMware Horizon View Composer service. You must perform this procedure before you install the new VMware Horizon View Composer service. Prerequisites Verify that the Microsoft .
Chapter 6 Maintaining View Components Update the Certificates on a View Connection Server Instance, Security Server, or View Composer When you receive updated server SSL certificates or intermediate certificates, you import the certificates into the Windows local computer certificate store on each View Connection Server, security server, or View Composer host. Typically, server certificates expire after 12 months. Root and intermediate certificates expire after 5 or 10 years.
View Administration c Type the SviConfig ReplaceCertificate command. For example: sviconfig -operation=ReplaceCertificate -delete=false The utility displays a numbered list of SSL certificates that are available in the Windows local computer certificate store. d To select a certificate, type the number of the certificate and press Enter.
Chapter 6 Maintaining View Components 3 The encrypted, anonymized information is transmitted to VMware using HTTPS. You can review the complete list of fields from which data is collected, including which fields are made anonymous. See “Global View Data Collected by VMware,” on page 106 and the related topics that follow. Preview Data Collected by the Customer Experience Improvement Program You can preview the data that VMware would receive before the data is encrypted and transmitted.
View Administration If your View Connection Server instances are blocked by a firewall from accessing the Internet, you can still use the CEIP. When the CEIP is enabled, your View Connection Server instances periodically attempt to connect using HTTPS to the data collection URL at https://ceip.vmware.com.
Chapter 6 Maintaining View Components Table 6‑7. Global Status Information Description Is This Field Made Anonymous? Example Value View servers can contact the domain controller. No True or false The DNS of the Active Directory domain Yes None The domain is an NT4-style domain.
View Administration Table 6‑8.
Chapter 6 Maintaining View Components Table 6‑10.
View Administration Table 6‑11. Security Server Information (Continued) Description Is This Field Made Anonymous? Example Value IPsec is active No True or false The secure gateway is down No True or false The current number of sessions No Integer The URL of the secure gateway Yes None The security server version number No 6.0.0 Desktop Pool Data Collected by VMware If you join the customer experience improvement program, VMware collects data from certain desktop pool fields.
Chapter 6 Maintaining View Components Table 6‑12.
View Administration Table 6‑12.
Chapter 6 Maintaining View Components Table 6‑12. Configuration Information Collected from Desktop Pools (Continued) Description Is This Field Made Anonymous? Example Value Mirage server is enabled No True or false URL of the Mirage server, including port number Yes None Machine Data Collected by VMware If you join the customer experience improvement program, VMware collects data from View and vCenter Server fields that describe virtual machines.
View Administration Table 6‑13. Machine Data Collected from View (Continued) Description Is This Field Made Anonymous? Example Value Number of times View tried to power off the machine No Integer Status of CBRC (View Storage Accelerator) No Off, Current, Out of date, or Error Time of the latest CBRC refresh No Date Time of the latest CBRC error No Integer Time of the latest incomplete attempt to configure CBRC No Integer The version of View Agent installed on the machine No 6.0.
Chapter 6 Maintaining View Components Table 6‑16.
View Administration ThinApp Data Collected by VMware If you join the customer experience improvement program, VMware collects data from certain ThinApp fields. Fields containing sensitive information are made anonymous. Table 6‑20.
Chapter 6 Maintaining View Components Table 6‑21.
View Administration Table 6‑22. Data Collected from Horizon Clients for the Customer Experience Improvement Program (Continued) Description Is This Field Made Anonymous ? Host operating system kernel No Example Value Examples include the following: Windows 6.1.7601 SP1 n Darwin Kernel Version 11.0.0: Sun Apr 8 21:52:26 PDT 2012; root:xnu-1878.11.10~1/RELEASE_ARM_S5L8945X n Darwin 11.4.2 n Linux 2.6.
Chapter 6 Maintaining View Components Table 6‑22.
View Administration Table 6‑23. Client Data Collected for the Customer Experience Improvement Program (Continued) Description Field name Is This Field Made Anonymous ? Browser's core implementation No Example Value Examples include the following values: n Chrome n Safari n Firefox n Whether the browser is running on a handheld device 120 No MSIE (for Internet Explorer) true VMware, Inc.
Managing Linked-Clone Virtual Machines 7 With View Composer, you can update linked-clone virtual machines, reduce the size of their operating system data, and rebalance the linked-clone virtual machines among disk drives. You also can manage the View Composer persistent disks associated with linked clones.
View Administration 2 Select the desktop pool to refresh by double-clicking the pool ID in the left column. 3 Choose whether to refresh multiple virtual machines or a single virtual machine. Option Action To refresh all virtual machines in the desktop pool a b c d e To refresh a single virtual machine a b c 4 In View Administrator, select Catalog > Desktop Pools. Select the desktop pool to refresh by double-clicking the pool ID in the left column. On the Inventory tab, click Machines.
Chapter 7 Managing Linked-Clone Virtual Machines n A refresh preserves the unique computer information set up by QuickPrep or Sysprep. You do not need to rerun Sysprep after a refresh to restore the SID or the GUIDs of third-party software installed in the system drive. n After you recompose a linked clone, View takes a new snapshot of the linked clone's OS disk. Future refresh operations restore the OS data to that snapshot, not the one originally taken when the linked clone was first created.
View Administration Procedure 1 In vCenter Server, update the parent virtual machine for the recomposition. n Install OS patches or service packs, new applications, application updates, or make other changes in the parent virtual machine. n Alternatively, prepare another virtual machine to be selected as the new parent during the recomposition. 2 In vCenter Server, power off the updated or new parent virtual machine. 3 In vCenter Server, take a snapshot of the parent virtual machine.
Chapter 7 Managing Linked-Clone Virtual Machines Procedure 1 Choose whether to recompose the whole desktop pool or a single machine. Option Action To recompose all virtual machines in the desktop pool a b c d e To recompose selected virtual machines a b c 2 In View Administrator, select Catalog > Desktop Pools. Select the desktop pool to recompose by double-clicking the pool ID in the left column. On the Inventory tab, click Machines.
View Administration Desktop recompositions do not affect View Composer persistent disks. Apply these guidelines to recompositions: n You can recompose dedicated-assignment and floating-assignment desktop pools. n You can recompose a desktop pool on demand or as a scheduled event. You can schedule only one recomposition at a time for a given set of linked clones. Before you can schedule a new recomposition, you must cancel any previously scheduled task or wait until the previous operation is completed.
Chapter 7 Managing Linked-Clone Virtual Machines 2 Recompose the desktop pool again. View Composer creates a base image from the snapshot and recreates the linked-clone OS disks. View Composer persistent disks that contain user data and settings are preserved during the recomposition. Depending on the conditions of the incorrect recomposition, you might refresh or rebalance the linked clones instead of or in addition to recomposing them.
View Administration Procedure 1 Choose whether to rebalance the whole pool or a single virtual machine. Option Action To rebalance all virtual machines in the pool a b c d e To rebalance a single virtual machine a b c 2 In View Administrator, select Catalog > Desktop Pools. Select the pool to rebalance by double-clicking the pool ID in the left column. On the Inventory tab, click Machines. Use the Ctrl or Shift keys to select multiple all the machine IDs in the left column.
Chapter 7 Managing Linked-Clone Virtual Machines n If you edit a pool and change the host or cluster and the datastores on which linked clones are stored, you can only rebalance the linked clones if the newly selected host or cluster has full access to both the original and the new datastores. All hosts in the new cluster must have access to the original and new datastores. For example, you might create a linked-clone desktop pool on a standalone host and select a local datastore to store the clones.
View Administration An original persistent disk has a filename with a user-disk label: desktop_name-vdm-user-disk-D-ID.vmdk. An original disposable-data disk has a filename with a disposable label: desktop_name-vdm-disposable- ID.vmdk. After a rebalance operation moves a linked clone to a new datastore, vCenter Server uses a common filename syntax for both types of disks: desktop_name_n.vmdk.
Chapter 7 Managing Linked-Clone Virtual Machines 3 Choose where to store the persistent disk. Option Description Use current datastore Store the persistent disk on the datastore where it is currently located. Use the following datastore Select a new datastore on which to store the persistent disk. Click Browse, click the down arrow, and select a new datastore from the Choose a Datastore menu. You cannot select a local datastore to store a detached persistent disk.
View Administration What to do next Make sure that the user of the linked clone has sufficient privileges to use the attached secondary disk. For example, if the original user had certain access permissions on the persistent disk, and the persistent disk is attached as drive D on the new linked clone, the new user of the linked clone must have the original user's access permissions on drive D.
Chapter 7 Managing Linked-Clone Virtual Machines To move a detached persistent disk from non-Virtual SAN to Virtual SAN, you can recreate the disk on a virtual machine that is stored on a non-Virtual SAN datastore and rebalance the virtual machine's desktop pool to a Virtual SAN datastore. Procedure 1 In View Administrator, select Resources > Persistent Disks. 2 On the Detached tab, select the persistent disk and click Recreate Machine.
View Administration Delete a Detached View Composer Persistent Disk When you delete a detached persistent disk, you can remove the disk from View and leave it on the datastore or delete the disk from View and the datastore. Procedure 1 In View Administrator, select Resources > Persistent Disks. 2 On the Detached tab, select the persistent disk and click Delete. 3 Choose whether to delete the disk from the datastore or let it remain on the datastore after it is removed from View.
Managing Desktop Pools, Machines, and Sessions 8 In View Administrator, you can manage desktop pools, virtual machine-based desktops, physical machinebased desktops, desktop sessions, and application sessions.
View Administration Modifying Settings in an Existing Desktop Pool After you create a desktop pool, you can change certain configuration settings. Table 8‑1. Editable Settings in an Existing Desktop Pool 136 Configuration Tab Description General Edit desktop pool-naming options and storage policy management settings. Storage policy management settings determine whether to use a Virtual SAN datastore. If you do not use Virtual SAN, you can select separate datastores for replica and OS disks.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑1. Editable Settings in an Existing Desktop Pool (Continued) Configuration Tab Description Advanced Storage > Use native NFS snapshots (VAAI) If you select or deselect Use native NFS snapshots (VAAI), the new setting only affects virtual machines that are created after the settings are changed. You can change existing virtual machines to become native NFS snapshot clones by recomposing and, if needed, rebalancing the desktop pool.
View Administration Change the Size of an Automated Pool Provisioned by a Naming Pattern When you provision an automated desktop pool by using a naming pattern, you can increase or decrease the size of the pool by changing the maximum number of machines. Prerequisites n Verify that you provisioned the desktop pool by using a naming pattern. If you specify machine names manually, see “Add Machines to an Automated Pool Provisioned by a List of Names,” on page 138.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Procedure 1 Create a text file that contains the list of additional machine names. If you intend to add only a few machines, you can type the machine names directly in the Add Desktop Pool wizard. You do not have to create a separate text file. 2 In View Administrator, select Catalog > Desktop Pools. 3 Select the desktop pool to be expanded. 4 Click Edit. 5 Click the Provisioning Settings tab. 6 Click Add Machines.
View Administration Disable or Enable Provisioning in an Automated Desktop Pool When you disable provisioning in an automated desktop pool, View stops provisioning new virtual machines for the pool. After you disable provisioning, you can enable provisioning again. Before you change a desktop pool's configuration, you can disable provisioning to ensure that no new machines are created with the old configuration.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑3. Adobe Flash Quality Settings Quality Setting Description Do not control Quality is determined by Web page settings. Low This setting results in the most bandwidth savings. Medium This setting results in moderate bandwidth savings. High This setting results in the least bandwidth savings. If no maximum level of quality is specified, the system defaults to a value of Low.
View Administration 3 Choose how to delete the desktop pool. Pool Options Automated desktop pool of linked clones without persistent disks. No available options. View deletes all virtual machines from disk. Users' sessions to their remote desktops are terminated. Automated desktop pool of linked clones with persistent disks. Choose whether to detach or delete the persistent disks when the linkedclone virtual machines are deleted.
Chapter 8 Managing Desktop Pools, Machines, and Sessions You can also use the vdmadmin command to assign machines to users. See “Assigning Dedicated Machines Using the -L Option,” on page 207. Prerequisites n Verify that the remote desktop virtual machine belongs to a dedicated-assignment pool. In View Administrator, the desktop pool assignment appears in the Desktop Pool column the Machines page.
View Administration 5 Repeat Step 2 through Step 4 for all virtual machines that you want to customize. 6 Select the customized machines and select Exit Maintenance Mode from the More Commands dropdown menu. The modified virtual-machine desktops are available to users. Monitor Virtual-Machine Desktop Status You can quickly survey the status of virtual-machine desktops in your View deployment by using the View Administrator dashboard.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Table 8‑5. Status of Virtual Machines That Are Managed by vCenter Server (Continued) Status Description Startup View Agent has started on the virtual machine, but other required services such as the display protocol are still starting. For example, View Agent cannot establish an RDP connection with client computers until RDP has finished starting. The View Agent startup period allows other processes such as protocol services to start up as well.
View Administration While a machine is in a particular state, it can be subject to further conditions. View Administrator displays these conditions as suffixes to the machine state. For example, View Administrator might display the Customizing (missing) state. Table 8-6 shows these additional conditions. Table 8‑6. Machine Status Conditions Condition Description Missing The virtual machine is missing in vCenter Server.
Chapter 8 Managing Desktop Pools, Machines, and Sessions 4 Choose how to delete the virtual-machine desktop. Option Description Pool that contains full virtualmachine desktops Choose whether to keep or delete the virtual machines in vCenter Server. If you delete the virtual machines from disk, users in active sessions are disconnected from their desktops.
View Administration Add an Unmanaged Machine to a Manual Pool You can increase the size of a manual desktop pool by adding unmanaged machines to the pool. Prerequisites Verify that View Agent is installed on the unmanaged machine. For information about preparing an unmanaged machine, see "Install View Agent on an Unmanaged Machine" in the Setting up Desktop and Application Pools in View document. Procedure 1 In View Administrator, select Catalog > Desktop Pools.
Chapter 8 Managing Desktop Pools, Machines, and Sessions Prerequisites Verify that the registered machines that you want to remove are not being used in any desktop pool. Procedure 1 In View Administrator, select View Configuration > Registered Machines. 2 Click the Others tab. 3 Select one or more machines and click Remove. You can select only machines that are not being used by a desktop pool. 4 Click OK to confirm.
View Administration Table 8‑7. Status of Unmanaged Machines (Continued) Status Description Unknown The machine is in an unknown state. Available The desktop-source computer is powered on and the desktop is ready for a connection. In a dedicated pool, the desktop is assigned to a user. The desktop starts when the user logs in. Connected The desktop is in a session and has a remote connection to a Horizon Client device.
Chapter 8 Managing Desktop Pools, Machines, and Sessions When you export a View Administrator table, it is saved as a comma-separated value (CSV) file. This feature exports the entire table, not individual pages. Procedure 1 In View Administrator, display the table you want to export. For example, click Resources > Machines to display the machines table. 2 Click the export icon in the upper right corner of the table. When you point to the icon, the Export table contents tooltip appears.
View Administration 152 VMware, Inc.
Managing Application Pools, Farms, and RDS Hosts 9 In View Administrator, you can perform management operations such as configuring or deleting desktop pools, farms, or RDS hosts. This chapter includes the following topics: n “Managing Application Pools,” on page 153 n “Managing Farms,” on page 154 n “Managing RDS Hosts,” on page 155 Managing Application Pools You can add, edit, delete, or entitle application pools in View Administrator.
View Administration Procedure 1 In View Administrator, select Catalog > Application Pools. 2 Select one or more application pools and click Delete. 3 Click OK to confirm. Managing Farms In View Administrator, you can add, edit, delete, enable, and disable farms. To add a farm, see "Creating Farms" in the Setting Up Desktop and Application Pools in View document. For information on access groups, see Chapter 4, “Configuring Role-Based Delegated Administration,” on page 59.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Procedure 1 In View Administrator, select Resources > Farms. 2 Select one or more farms and click More Commands. 3 Click Enable or Disable. 4 Click OK to confirm. The status of the RDS desktop pools and application pools that are associated with the farm are now Unavailable. You can view the status of the pools by selecting Catalog > Desktop Pools or Catalog > Application Pools.
View Administration Remove an RDS Host from View You can remove an RDS host from View that you no longer plan to use. You can remove only RDS hosts that do not belong to a farm. Prerequisites Verify that the RDS host does not belong to a farm. Procedure 1 In View Administrator, select View Configuration > Registered Machines. 2 Select an RDS host and click Remove. 3 Click OK. After you remove an RDS host, to use it again, you must reinstall View Agent.
Chapter 9 Managing Application Pools, Farms, and RDS Hosts Property Description RDS Host Name of the RDS host. Farm Farm to which the RDS host belongs. Desktop Pool RDS desktop pool associated with the farm. Agent Version Version of ViewView Agent that runs on the RDS host. Sessions Number of client sessions. DNS Name DNS name of the RDS host. Type Version of Windows Server that runs on the RDS host. RDS Farm Farm to which the RDS host belongs.
View Administration Table 9‑1. Status of an RDS Host (Continued) Status Description Unknown RDS host is in an unknown state. Available RDS host is available. If the host is in a farm, and the farm is associated with an RDS or application pool, it will be used to deliver RDS desktops or applications to users.
Managing ThinApp Applications in View Administrator 10 You can use View Administrator to distribute and manage applications packaged with VMware ThinApp. Managing ThinApp applications in View Administrator involves capturing and storing application packages, adding ThinApp applications to View Administrator, and assigning ThinApp applications to machines and desktop pools. You must have a license to use the ThinApp management feature in View Administrator.
View Administration n Make sure that a disjoint namespace does not prevent domain member computers from accessing the network share that hosts the MSI packages. A disjoint namespace occurs when an Active Directory domain name is different from the DNS namespace that is used by machines in that domain. See VMware Knowledge Base (KB) article 1023309 for more information. n To run streamed ThinApp applications on remote desktops, users must have access to the network share that hosts the MSI packages.
Chapter 10 Managing ThinApp Applications in View Administrator Procedure 1 Start the ThinApp Setup Capture wizard and follow the prompts in the wizard. 2 When the ThinApp Setup Capture wizard prompts you for a project location, select Build MSI package. 3 If you plan to stream the application to remote desktops, set the MSIStreaming property to 1 in the package.ini file.
View Administration Procedure 1 In View Administrator, select View Configuration > ThinApp Configuration and click Add Repository. 2 Type a display name for the application repository in the Display name text box. 3 Type the path to the Windows network share that hosts your application packages in the Share path text box. The network share path must be in the form \\ServerComputerName\ShareName where ServerComputerName is the DNS name of the server computer. Do not specify an IP address.
Chapter 10 Managing ThinApp Applications in View Administrator Creating ThinApp templates is optional. NOTE If you add an application to a ThinApp template after assigning the template to a machine or desktop pool, View Administrator does not automatically assign the new application to the machine or desktop pool. If you remove an application from a ThinApp template that was previously assigned to a machine or desktop pool, the application remains assigned to the machine or desktop pool.
View Administration n Assign a ThinApp Application to Multiple Desktop Pools on page 166 You can assign a particular ThinApp application to one or more desktop pools. n Assign Multiple ThinApp Applications to a Desktop Pool on page 166 You can assign one more ThinApp applications to a particular desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator 2 Select Assign Machines from the Add Assignment drop-down menu. The machines that the ThinApp application is not already assigned to appear in the table. 3 Option Action Find a specific machine Type the name of the machine in the Find text box and click Find. Find all of the machines that follow the same naming convention Type a partial machine name in the Find text box and click Find.
View Administration View Administrator begins installing the ThinApp applications a few minutes later. After the installation is finished, the applications are available to all of the users of the remote desktop that is hosted by the virtual machine. Assign a ThinApp Application to Multiple Desktop Pools You can assign a particular ThinApp application to one or more desktop pools.
Chapter 10 Managing ThinApp Applications in View Administrator Procedure 1 In View Administrator, select Catalog > Desktop Pools and double-click the pool ID. 2 On the Inventory tab, click ThinApps and then click Add Assignment. The ThinApp applications that are not already assigned to the pool appear in the table. 3 To find a particular application, type the name of the ThinApp application in the Find text box and click Find. 4 Select a ThinApp application to assign to the pool and click Add.
View Administration 5 Select an installation type and click OK. Option Action Streaming Installs a shortcut to the application on the machine. The shortcut points to the application on the network share that hosts the repository. Users must have access to the network share to run the application. Full Installs the full application on the machine's local file system. Some ThinApp applications do not support both installation types.
Chapter 10 Managing ThinApp Applications in View Administrator Table 10‑1. ThinApp Application Installation Status Status Description Assigned The ThinApp application is assigned to the machine. Install Error An error occurred when View Administrator attempted to install the ThinApp application. Uninstall Error An error occurred when View Administrator attempted to uninstall the ThinApp application. Installed The ThinApp application is installed.
View Administration n Modify or Delete a ThinApp Template on page 172 You can add and remove applications from a ThinApp template. You can also delete a ThinApp template. n Remove an Application Repository on page 172 You can remove an application repository from View Administrator. Remove a ThinApp Application Assignment from Multiple Machines You can remove an assignment to a particular ThinApp application from one or more machines.
Chapter 10 Managing ThinApp Applications in View Administrator Remove a ThinApp Application Assignment from Multiple Desktop Pools You can remove an assignment to a particular ThinApp application from one or more desktop pools. Prerequisites Notify the users of the remote desktops in the pools that you intend to remove the application. Procedure 1 In View Administrator, select Catalog > ThinApps and double-click the name of the ThinApp application.
View Administration Modify or Delete a ThinApp Template You can add and remove applications from a ThinApp template. You can also delete a ThinApp template. If you add an application to a ThinApp template after assigning the template to a machine or desktop pool, View Administrator does not automatically assign the new application to the machine or desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator Cause The View Connection Server host cannot access the network share that hosts the application repository. The network share path that you typed in the Share path text box might be incorrect, the network share that hosts the application repository is in a domain that is not accessible from the View Connection Server host, or the network share permissions have not been set up properly.
View Administration Solution If the template contains a ThinApp application that is already assigned to the machine or desktop pool, create a new template that does not contain the application or edit the existing template and remove the application. Assign the new or modified template to the machine or desktop pool. To change the installation type of a ThinApp application, you must remove the existing application assignment from the machine or desktop pool.
Chapter 10 Managing ThinApp Applications in View Administrator View Agent log files are located on the machine in drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs for Windows XP systems and drive:\ProgramData\VMware\VDM\logs for Windows 7 systems. View Connection Server log files are located on the View Connection Server host in the drive:\Documents and Settings\All Users\Application Data\VMware\VDM\logs directory. Solution 1 In View Administrator, select Catalog > ThinApps.
View Administration Procedure 1 Download the ThinApp software from http://www.vmware.com/products/thinapp and install it on a clean computer. View supports ThinApp version 4.6 and later. 2 Use the ThinApp Setup Capture wizard to capture and package your applications in MSI format.
Setting Up Clients in Kiosk Mode 11 You can set up unattended clients that can obtain access to their desktops from View. A client in kiosk mode is a thin client or a lock-down PC that runs Horizon Client to connect to a View Connection Server instance and launch a remote session. End users do not typically need to log in to access the client device, although the remote desktop might require them to provide authentication information for some applications.
View Administration n Administrators, Inventory Administrators, or an equivalent role to use View Administrator to entitle users or groups to remote desktops. n Administrators or an equivalent role to run the vdmadmin command. Procedure 1 Prepare Active Directory and View for Clients in Kiosk Mode on page 178 You must configure Active Directory to accept the accounts that you create to authenticate client devices.
Chapter 11 Setting Up Clients in Kiosk Mode 3 Configure the guest operating system so that the clients are not locked when they are left unattended. View suppresses the pre-login message for clients that connect in kiosk mode. If you require an event to unlock the screen and display a message, you can configure a suitable application on the guest operating system. 4 In View Administrator, create the desktop pool that the clients will use and entitle the group to this pool.
View Administration Option Description -noexpirepassword Specifies that passwords on client accounts do not expire. -nogroup Clears the setting for the default group. -ou DN Specifies the distinguished name of the default organizational unit to which client accounts are added. For example: OU=kiosk-ou,DC=myorg,DC=com NOTE You cannot use the command to change the configuration of an organizational unit. The command updates the default values for clients in the View Connection Server group.
Chapter 11 Setting Up Clients in Kiosk Mode Add Accounts for Clients in Kiosk Mode You can use the vdmadmin command to add accounts for clients to the configuration of a View Connection Server group. After you add a client, it is available for use with a View Connection Server instance on which you have enabled authentication of clients. You can also update the configuration of clients, or remove their accounts from the system.
View Administration The command creates a user account in Active Directory for the client in the specified domain and group (if any). Example: Adding Accounts for Clients Add an account for a client specified by its MAC address to the MYORG domain, using the default settings for the group kc-grp. vdmadmin -Q -clientauth -add -domain MYORG -clientid 00:10:db:ee:76:80 -group kc-grp Add an account for a client specified by its MAC address to the MYORG domain, using an automatically generated password.
Chapter 11 Setting Up Clients in Kiosk Mode 2 If the remote desktop is provided by a Microsoft RDS host, log in to the RDS host and add the user account to the Remote Desktop Users group. For example, say that on the View server, you entitle the user account custom-11 to a session-based View desktop on an RDS host.
View Administration Password Generated: false Client Authentication Connection Servers ======================================== Common Name : CONSVR1 Client Authentication Enabled : false Password Required : false Common Name : CONSVR2 Client Authentication Enabled : true Password Required : false What to do next Verify that the clients can connect to their remote desktops.
Chapter 11 Setting Up Clients in Kiosk Mode Procedure u To connect to a remote session, type the appropriate command for your platform. Option Description Windows Enter C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe -unattended [-serverURL connection_server] [-userName user_name] [-password password] Linux -password password Specifies the password for the client's account. If you defined a password for the account, you must specify this password.
View Administration Run Horizon Client on a Linux client using an assigned name and password. vmware-view -unattended -s 145.124.24.100 --once -u custom-Terminal21 -p "Secret1!" 186 VMware, Inc.
Troubleshooting View 12 You can use a variety of procedures for diagnosing and fixing problems that you might encounter when using View. You can use troubleshooting procedures to investigate the causes of such problems and attempt to correct them yourself, or you can obtain assistance from VMware Technical Support. For information about troubleshooting desktops and desktop pools, see the Setting Up Desktop and Application Pools in View document.
View Administration Events Provides links to the Events screen filtered for error events and for warning events. System Health Provides links to the Dashboard screen, which displays summaries of the status of View components, vSphere components, domains, desktops, and datastore usage. The system health dashboard displays a numbered link against each item. This value indicates the number of items that the linked report provides details about.
Chapter 12 Troubleshooting View Collecting Diagnostic Information for View You can collect diagnostic information to help VMware Technical Support diagnose and resolve issues with View. You can collect diagnostic information for various components of View. How you collect this information varies depending on the View component.
View Administration 2 Open a command prompt and run the command to generate the DCT bundle. Option Action On View Connection Server, using vdmadmin To specify the names of the output bundle file, desktop pool, and machine, use the -outfile, -d, and -m options with the vdmadmin command. vdmadmin -A [-b authentication_arguments] -getDCT -outfile local_file -d desktop -m machine On the remote desktop Change directories to c:\Program Files\VMware\VMware View\Agent\DCT and run the following command: suppo
Chapter 12 Troubleshooting View Collect Diagnostic Information for View Composer Using the Support Script You can use the View Composer support script to collect configuration data and generate log files for View Composer. This information helps VMware customer support diagnose any issues that arise with View Composer. Prerequisites Log in to the computer on which View Composer is installed.
View Administration 3 When you have collected enough information about the behavior of View Connection Server, select Start > All Programs > VMware > Generate View Connection Server Log Bundle. The support tool writes the log files to a folder called vdm-sdct on the desktop of the View Connection Server instance. 4 File a support request on the Support page of the VMware Web site and attach the output files.
Chapter 12 Troubleshooting View Option Description 7 Selects debug logging for virtual channels (View Agent and Horizon Client only). 8 Selects trace logging for virtual channels (View Agent and Horizon Client only). The script writes the zipped log files to the folder vdm-sdct on the desktop. 3 You can find the View Composer guest agent logs in the C:\Program Files\Common Files\VMware\View Composer Guest Agent svi-ga-support directory.
View Administration Solution If you intend to keep the security server in your View environment, take these steps: 1 In View Administrator, select View Configuration > Servers. 2 On the Security Servers tab, select a security server, select Prepare for Upgrade or Reinstallation from the More Commands drop-down menu, and click OK.
Chapter 12 Troubleshooting View 5 Configure the proxy settings. For example, at the netsh winhttp> prompt, type import proxy source=ie. The proxy settings are imported to the View Connection Server computer. 6 Verify the proxy settings by typing show proxy. 7 Restart the VMware Horizon View Connection Server service. 8 On the View Administrator dashboard, verify that the security server or View Connection Server icon is green.
View Administration 196 VMware, Inc.
Using the vdmadmin Command 13 You can use the vdmadmin command line interface to perform a variety of administration tasks on a View Connection Server instance. You can use vdmadmin to perform administration tasks that are not possible from within the View Administrator user interface or to perform administration tasks that need to run automatically from scripts. For a comparison of the operations that are possible in View Administrator, View cmdlets, and vdmadmin, see the View Integration document.
View Administration n Assigning Dedicated Machines Using the -L Option on page 207 You can use the vdmadmin command with the -L option to assign machines from a dedicated pool to users. n Displaying Information About Machines Using the -M Option on page 209 You can use the vdmadmin command with the -M option to display information about the configuration of virtual machines or physical computers.
Chapter 13 Using the vdmadmin Command vdmadmin Command Usage The syntax of the vdmadmin command controls its operation. Use the following form of the vdmadmin command from a Windows command prompt. vdmadmin command_option [additional_option argument] ... The additional options that you can use depend on the command option. By default, the path to the vdmadmin command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin.
View Administration Table 13‑1. Options for Selecting Output Format (Continued) Option Description -w Display the output using Unicode (UTF-16) characters. This is the default character set for XML output. -xml Formats the output as XML. vdmadmin Command Options You use the command options of the vdmadmin command to specify the operation that you want it to perform. Table 13-2 shows the command options that you can use with the vdmadmin command to control and examine the operation of View.
Chapter 13 Using the vdmadmin Command Configuring Logging in View Agent Using the ‑A Option You can use the vdmadmin command with the -A option to configure logging by View Agent.
View Administration Examples Display the logging level of the Agent for the machine machine1 in the desktop pool dtpool2. vdmadmin -A -d dtpool2 -m machine1 -getloglevel Set the logging level of the View Agent for the machine machine1 in the desktop pool dtpool2 to debug. vdmadmin -A -d dtpool2 -m machine1 -setloglevel debug Display the list of View Agent log files for the machine machine1 in the desktop pool dtpool2.
Chapter 13 Using the vdmadmin Command Table 13‑4. Options for Overriding IP Addresses (Continued) Option Description -m machine Specifies the name of the machine in a desktop pool. -override Specifies an operation for overriding IP addresses. -r Removes an overridden IP address. Examples Override the IP address for the machine machine2 in the desktop pool dtpool2. vdmadmin -A -override -i 10.20.54.
View Administration Return the GUID of the group. vdmadmin -C Updating Foreign Security Principals Using the ‑F Option You can use the vdmadmin command with the -F option to update the foreign security principals (FSPs) of Windows users in Active Directory who are authorized to use a desktop. Syntax vdmadmin -F [-b authentication_arguments] [-u domain\user] Usage Notes If you trust domains outside of your local domains, you allow access by security principals in the external domains to the local domains
Chapter 13 Using the vdmadmin Command Table 13‑5. Health Monitors (Continued) Monitor Description SGMonitor Monitors the health of security gateway services and security servers. VCMonitor Monitors the health of vCenter servers. If a component has several instances, View creates a separate monitor instance to monitor each instance of the component. The command outputs all information about health monitors and monitor instances in XML format.
View Administration Options Table 13-7 shows the options that you can specify to list and display reports and views. Table 13‑7. Options for Listing and Displaying Reports and Views Option Description -enddate yyyy-MM-dd-HH:mm:ss Specifies a upper limit for the date of information to be displayed. -list Lists the available reports and views. -report report Specifies a report. -startdate yyyy-MM-dd-HH:mm:ss Specifies a lower limit for the date of information to be displayed.
Chapter 13 Using the vdmadmin Command Options You can disable or enable the eventSyslog option. You can direct the Syslog output to the local system only or to another location. Direct UDP connection to a Syslog server is supported with View 5.2 or later. See "Configure Event Logging for Syslog Servers" in the View Installation document. Table 13‑8. Options for Generating View Event Log Messages in Syslog Format Option Description -disable Disables Syslog logging. -e|-enable Enables Syslog logging.
View Administration Usage Notes View assigns machines to users when they first connect to a dedicated desktop pool. Under some circumstances, you might want to preassign machines to users. For example, you might want to prepare their system environments in advance of their initial connection. After a user connects to a remote desktop that View assigns from a dedicated pool, the virtual machine that hosts the desktop remains assigned to the user for the life span of the virtual machine.
Chapter 13 Using the vdmadmin Command Displaying Information About Machines Using the ‑M Option You can use the vdmadmin command with the -M option to display information about the configuration of virtual machines or physical computers. Syntax vdmadmin -M [-b authentication_arguments] [-m machine | [-u domain\user][-d desktop]] [-xml | -csv] [-w | -n] Usage Notes The command displays information about a remote desktop's underlying virtual machine or physical computer. n Display name of the machine.
View Administration Display information about the machine machine3 and format the output as comma-separated values. vdmadmin -M -m machine3 -csv Reclaiming Disk Space on Virtual Machines Using the ‑M Option You can use the vdmadmin command with the -M option to mark a linked-clone virtual machine for disk space reclamation.
Chapter 13 Using the vdmadmin Command Configuring Domain Filters Using the ‑N Option You can use the vdmadmin command with the -N option to control the domains that View makes available to end users.
View Administration Table 13‑12. Options for Configuring Domain Filters (Continued) Option Description -s connsvr Specifies that the operation applies to the domain filters on a View Connection Server instance. You can specify the View Connection Server instance by its name or IP address. If you do not specify this option, any change that you make to the search configuration applies to all View Connection Server instances in the group. -search Specifies an operation on a search exclusion list.
Chapter 13 Using the vdmadmin Command Primary Domain: MYDOM Domain: Domain: Domain: Domain: Domain: Domain: MYDOM DNS:mydom.mycorp.com YOURDOM DNS:yourdom.mycorp.com FARDOM DNS:fardom.mycorp.com DEPTX DNS:deptx.mycorp.com DEPTY DNS:depty.mycorp.com DEPTZ DNS:deptz.mycorp.com Display the available domains in XML using ASCII characters. vdmadmin -N -domains -list -active -xml -n Remove the domain NEARDOM from the exclusion list for a View Connection Server group.
View Administration 4 Inclusion list configured for the View Connection Server group View applies only the first list that it selects to the search results. If you specify a domain for inclusion, and its domain controller is not currently accessible, View does not include that domain in the list of active domains. You cannot exclude the primary domain to which a View Connection Server instance or security server belongs.
Chapter 13 Using the vdmadmin Command Example of Filtering to Exclude Domains You can use an inclusion list to specify the domains that View excludes from the results of a domain search. A group of two View Connection Server instances, CONSVR-1 and CONSVR-2, is joined to the primary MYDOM domain and has a trusted relationship with the YOURDOM domain. The YOURDOM domain has a trusted relationship with the DEPTX and FARDOM domains.
View Administration Cluster Settings Include: Exclude: Search : FARDOM DEPTX Broker Settings: CONSVR-1 Include: (*)Exclude: YOURDOM Search : Broker Settings: CONSVR-2 Include: Exclude: Search : View limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View excludes the YOURDOM domain from the results of the domain search on CONSVR-1.
Chapter 13 Using the vdmadmin Command Usage Notes If you revoke a user's entitlement to a persistent virtual machine or to a physical system, the associated remote desktop assignment is not automatically revoked. This condition might be acceptable if you have temporarily suspended a user’s account or if the user is on a sabbatical. When you reenable entitlement, the user can continue using the same virtual machine as previously.
View Administration Apply your own stylesheet C:\tmp\unentitled-policies.xsl and redirect the output to the file up- output.html. vdmadmin -P -ld -xml -xsltpath "C:\tmp\unentitled-policies.xsl" > up-output.html Configuring Clients in Kiosk Mode Using the ‑Q Option You can use the vdmadmin command with the -Q option to set defaults and create accounts for clients in kiosk mode, to enable authentication for these clients, and to display information about their configuration.
Chapter 13 Using the vdmadmin Command If you use the -group option to specify a group or you have previously set a default group, View adds the client's account to this group. You can specify the -nogroup option to prevent the account being added to any group. If you enable a View Connection Server instance to authenticate clients in kiosk mode, you can optionally specify that clients must provide a password. If you disable authentication, clients cannot connect to their remote desktops.
View Administration Table 13‑16. Options for Configuring Clients in Kiosk Mode (Continued) Option Description -nogroup When adding an account for a client, specifies that the client's account is not added to the default group. When setting the default values for clients, clears the setting for the default group. -ou DN Specifies the distinguished name of the organizational unit to which client accounts are added.
Chapter 13 Using the vdmadmin Command Remove the account for a kiosk client specified by its MAC address from the MYORG domain. vdmadmin -Q -clientauth -remove -domain MYORG -clientid 00:10:db:ee:54:12 Remove the accounts of all clients without prompting to confirm the removal. vdmadmin -Q -clientauth -removeall -force Enable authentication of clients for the View Connection Server instance csvr-2. Clients with automatically generated passwords can authenticate themselves without providing a password.
View Administration Displaying the First User of a Machine Using the ‑R Option You can use the vdmadmin command with the -R option to find out the initial assignment of a managed virtual machine. For example, in the event of the loss of LDAP data, you might need this information so that you can reassign virtual machines to users. NOTE The vdmadmin command with the -R option works only on virtual machines that are earlier than View Agent 5.1. On virtual machines that run View Agent 5.
Chapter 13 Using the vdmadmin Command 3 On another View Connection Server instance, use the vdmadmin command to remove the entry for the uninstalled View Connection Server instance or security server from the configuration. If you want to reinstall View on the removed systems without replicating the View configuration of the original group, restart all the View Connection Server hosts in the original group before performing the reinstallation.
View Administration Unlocking or Locking Virtual Machines Using the ‑V Option You can use the vdmadmin command with the -V option to unlock or lock virtual machines in the datacenter. Syntax vdmadmin -V [-b authentication_arguments] -e -d desktop -m machine [-m machine] ... vdmadmin -V [-b authentication_arguments] -e -vcdn vCenter_dn -vmpath inventory_path vdmadmin -V [-b authentication_arguments] -p -d desktop -m machine [-m machine] ...
Chapter 13 Using the vdmadmin Command Detecting and Resolving LDAP Entry Collisions Using the -X Option You can use the vdmadmin command with the -X option to detect and resolve colliding LDAP entries on replicated View Connection Server instances in a group. Syntax vdmadmin -X [-b authentication_arguments] -collisions [-resolve] Usage Notes If duplicate LDAP entries are created on two or more View Connection Server instances, this can cause problems with the integrity of LDAP data in View.
View Administration 226 VMware, Inc.
Index A access groups changing, for a desktop pool or a farm 66 creating 60, 61, 66 managing 65 organizing desktops and pools 60 removing 66 reviewing desktop pools, application pools, or farms 67 reviewing vCenter virtual machines 67 root 60 Active Directory preparing for clients in kiosk mode 178 preparing for smart card authentication 48 updating Foreign Security Principals of users 204 updating general user information 97 ADM template files View components 79 View Common Configuration 81 View Server Co
View Administration automated desktop pools adding machines manually 138 changing the pool size 138 B backing up configuration backup settings 87 scheduling backups 86 View configuration data 85 View Connection Server 25 Blast Secure Gateway service 95 C CBRC, configuring for vCenter Server 19 certificate revocation checking enabling 53 troubleshooting for security server 194 certificates accept the thumbprint 22 updating on View Connection Server 103 certutil command 49 client accounts, adding for kiosk
Index diagnostic information collecting 189 collecting for View Composer 191 collecting using the support tool 191 using support scripts 192 direct connections, configuring 32 Direct Interaction privilege 71 disjoint namespaces 159 domain filters configuring 213 displaying 211 example of excluding domains 215 example of including domains 214 domains enumerating trusted 81 filter lists 211 E Enable Farms and Desktop Pools privilege 72 enableOCSP property 55, 56 enableRevocationChecking property 55, 56 encr
View Administration L LDAP entries, detecting and resolving collisions 225 LDAP repository backing up 87 importing 88 licenses adding to View 96 monitoring usage 96 linked-clone desktop management, managing persistent disks 130 linked-clone machine management refresh operation guidelines 122 refreshing 121 linked-clone virtual machine management detaching persistent disks 130 disk filenames after a rebalance 129 managing persistent disks 130 migrating to another datastore 129 preparing a parent virtual mac
Index ocspSigningCert property 55 ocspURL property 55, 56 orphaned machinse, displaying 216 OS disks, machine refresh 121, 122 OUs, creating for kiosk mode clients 178 output formats, vdmadmin command 199 overriding IP addresses for View Agent 202 P passwords 57 pcoip.
View Administration S SAML 52 SAML 2.0 Authentication 51 SAML 2.
Index Unknown username or bad password 182, 218 unlocking, machines 224 unmanaged machines adding to a pool 148 managing 147 removing from a pool 148 updating linked-clone virtual machines correcting an unsuccessful recomposition 126 machine recomposition 123 UPNs, smart card users 48 useCertAuth property 46, 50 user authentication, configuring 39 user accounts, View Composer AD operations 13 userPrincipalName attribute 48 users displaying information about 223 updating general user information 97 V vCent
View Administration editing the external URL 36 exporting configuration data 87 removing entry from configuration 222 restoring configuration data 88 scheduling backups 86 services 94, 95 setting names of groups 203 View LDAP configuration data 38 View Connection Server configuration, server certificate 103 View LDAP, configuration data 38 View services, stopping and starting 94 ViewPM.
