VMware Horizon Community
Super6VCA
Expert
Expert

Two domains and Issues

Have UEM setup in my Primary domain and is working pretty well.  I need to set it up in my secondary domain (hospital side) and utilize some of UEM's power.  As i try to set it up I can get it to work somewhat but no logs are getting updated.  I can see teh desktop icons getting to the desktops adn i can see the applications that i have assigned but when i look at the log file to see what teh issues are, there are NO logs. All the users and groups have the appropriate rights adn i can manually log on to that server/share and add and delete files.  I can't quite figure out what is going on but none of my test users will work properly.  Is there something that i am missing in the setup??  All the appropriate users and groups have a access to the correct folders. (UEM_Profiles, Uem_config, and Uem_Redirected profiles.  Can someone give me a hint as to what i am doing wrong?  Any help is appreciated

Thank you, Perry
16 Replies
DEMdev
VMware Employee
VMware Employee

Hi Super6VCA,

Can you check under HKCU\Software\Policies\Immidio\Flex Profiles\Arguments if the LogFileName registry value exists? If so, does the logged-on user have write permissions in that location?

Reply
0 Kudos
Super6VCA
Expert
Expert

Things are pretty strange.  I have all the rights needed to that folder and it shows up in the HKCU but the files are blank.  I delete them and log in again adn it creates the flexengine adnd flexengine-async files but they are both empty.  Any thoughts?

Thank you, Perry
Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee

Maybe performing a FlexEngine.exe -UEMRefresh while is ProcMon running will shed some light on this?

Reply
0 Kudos
Super6VCA
Expert
Expert

What might be the command line.  Tried what you have here and it says invalid Switch.  ran Flexengine.exe /?  and not really clear on the command line and all options i tried don't work.  Any help is appreciated.  Thanks

Thank you, Perry
Reply
0 Kudos
DEMdev
VMware Employee
VMware Employee

Hi Super6VCA,

That FlexEngine.exe -UEMRefresh should work just fine, provided you run it from the installation folder (typically C:\Program Files\Immidio\Flex Profiles)

pastedImage_2.png

If that doesn't work for you, can you post a screenshot of the FlexEngine.exe /? dialog?

Reply
0 Kudos
Super6VCA
Expert
Expert

having all kinds of headaches with this two domain setup.  Here is the latest.  Tried running the refresh from the directory you ask.  Before i tried to put the whole path in the command line (which should have worked but didn't).  Now i get  a message that Config File Path must be configures in the GPO.  It is , so not sure why the message.  See both attachments.  Any help is surely appreciated.  Thanks again!

Thank you, Perry
Reply
0 Kudos
sjesse
Leadership
Leadership

I suggest running NOAD mode, I know I did once before, but I wanted to suggest it again. We had loads of problems getting our second domain working, but once the release NoAD Mode in 9.1 most of our problems went away.

Configuring User Environment Manager with the NoAD Mode

If you enable this and have the trust between two domains working that may prevent alot of your problems. If you want to test this you don't need to do much, you just place the NoAD.xml in your UEMConfig share and edit accordingly, and install the UEM agent in no ad mode. Any UEM agent in noad mode will ignore the GPOs and just use the configuration file.

DEMdev
VMware Employee
VMware Employee

Hi Super6VCA,

OK, that means that your GPO is not applying (correctly) to the systems in your second domain. I won't be much help in troubleshooting that, I'm afraid... I'm pretty sure that it's possible to get this to work, but its outside of the scope of UEM itself, and my AD and Group Policy knowledge is too limited for that.

sjesse​'s suggestion of using NoAD configuration instead might indeed be a good one, as you would not depend on Group Policy anymore.

Super6VCA
Expert
Expert

sjesse,

At this point i think i just might try that.  Been putting too much time into getting this setup and need to keep moving.  i will report back once i try it.  Thanks

Thank you, Perry
Reply
0 Kudos
Super6VCA
Expert
Expert

sjesse    

I was looking at the sample NoAD XML file and was curious if that is the entire file or just a portion of it.  I'm not much of a coder so was looking for a little push.  Thanks

Thank you, Perry
Reply
0 Kudos
sjesse
Leadership
Leadership

There are alot of options, I think most are explained in the sub pages under here

Configuring User Environment Manager with the NoAD Mode

I'll include mine that I've been updating since I started using no ad mode. Just replace <fileserver> with the name of the file server that stores the users profiledata, and also the share name assuming you used something different then whats here.

<?xml version="1.0" encoding="utf-8"?>

<userEnvironmentSettings>

    <setting type="noAD"

        ProfileArchivePath="\\<fileserver>\UEMProfileData$\%username%\Archives"

        LogFileName="\\<fileserver>\UEMProfileData$\%username%\Logs\FlexEngine.log"

        LogLevel="0"

        BackupPath="\\<fileserver>\UEMProfileData$\%username%\backups"

        BackupCount="7"

        BackupDaily="1"

        ConfigPathMissingAction="0"

        ArchivePathMissingAction="1"

        AppBlockingEventLog="1"

        CertificateSupport="1"

        EventLog="1"

        EventLogAsync="1"

        EventLogDirectFlexRefresh="1"

        EventLogUEMRefresh="1"

        MaximumLogFileSize="2048"

        RemoveLocalProfileAtLogoff="1"

    />

</userEnvironmentSettings>

DEMdev
VMware Employee
VMware Employee

NOTE: While most of the settings in sjesse's example are applicable in a wide variety of environments (although your mileage can always vary, of course), be careful with RemoveLocalProfileAtLogoff, as it's rather destructive 🙂

Reply
0 Kudos
sjesse
Leadership
Leadership

UEMdev​ thats if you use UEM on physical computers as well as virtual right? I've been using this in a pure virtual environment for the last year or so with no issues. Removing the local profile on logoff was added I think before instant clone rdsh servers, to make those more of a non persistent environment.

Reply
0 Kudos
Super6VCA
Expert
Expert

Thank you guys for all the info.  Let me tell you what my real issue is and maybe you can shed some more light.  Been running UEM in my primary domain for a bit now.  I have login speed issues  ion my other domain since we utilize Imprivata along with Citrix to connect to a cloud based EHR system.  If i login to master image speed is fine adn it only takes 15 seconds to get to my EHR in the cloud since there is a local profile.  So i thought i would try UEM in my second domain  because without it my logins take about 2 minutes (1:30 of that is the citrix and imprivata)  Getting to a desktop is pretty fast but i need to figure out how to speed up the other.  This is 100% virtual with Instant clone desktops but can't seem to get that time down and was hoping EUM would rectify that.  Any thoughts?

Thank you, Perry
Reply
0 Kudos
sjesse
Leadership
Leadership

I defer to UEMdev​ but removing the UEM GPOs could save you a few seconds since they apply at user logon if I remember. Outside of that UEM should always add some time, depending on the work it needs to do. Looking at my last logon, with doing folder redirection and importing uem archives, was around 8 seconds. Checking logon monitor I got around 47 seconds total, most of that was a shell logon time, which is a dumb kixstart  logon script that shows the number for our helpdesk and maps network drives. Not to get all Horizon in a  UEM forum, look at this if you haven't seen it

https://www.carlstalhood.com/vmware-horizon-7-master-virtual-desktop/

https://www.ituda.com/vmware-horizon-view-windows-10-golden-image-creation/

Acceptable Horizon Desktop Logon Time?

The two I used to get to the desktop quicker or at least show whats going is

Enable VerboseStatus

  • Open a command prompt
  • REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v verbosestatus /t REG_DWORD /d 1 /f

and adding this key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"DelayedDesktopSwitchTimeout"=dword:00000002

The two registry keys instead of saying welcome to windows and preparing your desktop shows each agent loading, more like how windows server do. The second one basically limits the time preparing your desktop is on the screen. This is how I found that logon script that gets pushed to users is wasting my logon time. At least with this when someone complains about logon time, I can come back saying we need to remove that script Smiley Happy

DEMdev
VMware Employee
VMware Employee

Hi Super6VCA,

I'm afraid I don't have much to offer when it comes to optimizing logon performance for Windows per se... Hopefully some of the others on the forum can add to sjesse's suggestions.

Using NoAD configuration instead of GPOs won't speed up UEM. NoAD is just a different way of configuring the UEM agent – it won't affect how fast it can perform its actions. How long does it take for UEM to complete its logon? Can you provide a log file?

Reply
0 Kudos