TechMassey's Posts

If you are running at least version 7.13, you can restrict client versions for Android. Specifying the latest version and earlier would solve the issue but would also block any legitimate use case as well.  It sounds like the issue is systemic. Resolving user behavior with technology is never an ideal scenario but it does make for an interesting puzzle.  As an alternate option, the client information such as Client Type, IP Address, Hostname, etc are stored in the 'HKCU\Volatile Environment Key'. If AD user accounts have restricted logon hours or you know the exact users to target. You could leverage command actions in the horizon agent ADMX or similar mechanism to disconnect them.  Once they connect from a preferred device, hostname, or subnet the auto disconnects would stop. 

That is unfortunate, the vSphere team won't at least provide an exported PNG graph of the cluster or virtual machine. The one item you can do is leverage perfmon for recording basic resource metrics on the VM.  It is also unfortunate the slightly older 2103 client did not help. The issue impacted both PCOIP and Blast in my recent experience.  On the timeout feature, I'm not familiar but as an alternate test you should be able to try a non-teradici device if allowed on a company workstation/laptop with the Horizon Client/HTML Access.  One last item, there are valuable logs located both on the connection server and VDI desktop. They are specified in this link and are great for correlating timestamps in the client logs.  VMware Horizon Client Log Locations - Location of Horizon (VDM) log files (1027744) (vmware.com)   One final item, I'm investigating additional symptoms around this issue occurring in the last 24 hours. It may be the same issue or a new variation, I'll post back here. 

That is interesting, based on that I tested deploying Chrome Enterprise.  First, I downloaded Chrome Enterprise stable: 99.0.4844.82 and I also tested Consumer Chrome Stable: 99.0.4844.82 Opening did not start the new tab but I could force it by going to 'chrome://flags/' in the URL field.  Opening 'chrome://flags/#chrome-whats-new-ui' I found I could disable the functionality.  Given that I couldn't duplicate the issue, there are three possibilities I can think of.  1. chrome://whats-new/ was set as a default tab or similar setting and DEM captured the setting.        a. Can you verify the issue occurs on the Gold Parent without DEM loading and that the default new tab behavior is default?  2. The setting is controlled via the flag mentioned above, you can save the Local State file located here: AppData\Local\Google\Chrome\User Data\Local State and have it overwritten on login by DEM since it is excluded in the policy.       b. I wouldn't recommend this as its not ocurring on fresh installs of Chrome indicating its captured by DEM or was somehow baked into the image.   

Based on the logs, you have two very nice 4k monitors ;).  Due to Log4J, many companies including my own had to rush to Horizon 2111. First issues we encountered were graphical in nature, typically due to older Horizon 5.x clients.  I agree that this isn't a networking issue, the PCOIP logs indicate no high RTT latency or packet loss. The behavior though can indicate the VM itself is freezing in vSphere, either due to a large VM CPU spike or constrained vSphere Cluster resources.  However, I actually faced this exact issue a few months ago. New versions of Horizon and the Horizon client just don't offer any love for multiple 4k monitors. In the logs, you will see multiple entries for "unsupported display types/resolution." Instead, uninstall Horizon Client 2111 and drop in 2103. Should be smooth going from there unless it is resource constraints in the datacenter. 

What your running into is Shared Computer Activation. DEM doesn't need to capture the license token from O365 as Outlook should be using integrated windows authentication to identify the user UPN and assigned O365 license.  However, in a non-persistent environment there a couple extra steps. Please review this Techzone Article, is does mention 'Horizon 7' but it applies to Horizon 8.  Best Practices for Delivering Microsoft Office 365 in VMware Horizon 7 | VMware

I no longer deploy Chrome but your likely facing a common challenge across all browsers. The new features tab is on all the browsers now and it can typically be disabled by the vendor supplied GPO ADMX template.  You are going to want to combine your DEM Chrome profile with the Google Enterprise GPO ADMX template. With the latest versions of DEM, you can embed this GPO into the GPO section of DEM. Then set the settings for the new tab feature, I haven't looked into it but its likely overwriting the previous homepage or adding a second tab to launch which is configurable in the ADMX.  

"It seems like we have to keep all snapshots forever until the pool is deleted." Worry not, that would make for a tricky situation at scale if Horizon worked that way.  Given the details and your environment not being a typical Horizon Deployment. I can see why it was challenging for VMware Support but I can clear this up for you.  Your facing three challenges 1. How Horizon interacts with snapshots An Instant Clone pool only uses one snapshot at a time except for an advanced feature recently released. Horizon will only assign one snapshot on a Gold Image at any time. You are free to add multiple, iterative snapshots, and keep them historically for fallback purposes. You can even clone off to a new VM and move it to cheaper or redundant storage.  2. Unable to manage/remove Gold Image snapshots If you remove a snapshot before publishing a new snapshot to the pool it can cause issues both in Horizon and vSphere. Which may be the source of the errors in the VM logs. Ensure that before removing an 'older snapshot' that a Horizon pool is not assigned to it.  However, a pool can be assigned a Gold Image with snapshot B and snapshot A can be safely removed.  3. Fundamentals of Snapshot Architecture in regards to disk usage You don't specify but I'm guessing you are cycling through snapshots in an effort to keep space usage low. Snapshots track changes that would normally be applied to the virtual disk.  if you take 5 snapshots and install a new app on each snapshot and it totals 20GB in snapshot usage. How much extra space are those snaps taking compared to just installing the 5 applications to the disk? At a high level, its roughly even with some overhead.  Here is another one, you create two pools. You have two identical Gold Images, you make 20 changes across 20 snapshots on the 1st Gold Image which adds 20GB of snapshot usage. On the second, you make 20 changes in one snapshot which adds 20GB of snapshot usage.  In the 1st pool, the Instant Clones were made from a Gold Image with 20 snapshots. How much larger are they than Pool 2 with one snapshot? They are virtually identical, the important item here is the changes you make. If 20GB were made over 20 snapshots or one snapshot, the increase in size will still be roughly the same because only 20GB of tracked changes were included.  To help in familiarizing yourself with Horizon's use of vSphere snapshots. Follow this workflow and everything should meet your requirements.  1. Power Down the Gold Image VM before taking any snapshots 2. Take Snapshot A and publish the new Gold Image with Snapshot A.  3. Without deleting Snapshot A, power on the VM.  4. Login and place a text file on the desktop of the local admin or a folder in C.  5. Power Down and take Snapshot B.  6. Publish Snapshot B to the pool.  Once this is verified, go back and try publishing again. You will have access to either Snapshot A or B. Horizon will even redeploy the same snapshot from scratch even if it is already assigned to the pool, if you desire. 

"unable to set guest customization status in vmx" That is an unusual error, it likely is related to the vCenter service account or possibly the Instant Clone domain account.  vCenter Service Account - Did you create a custom vsphere role or give a default role like 'Administrator'? Instant Clone domain account Power on the Parent Image Verify that the same portgroup as the pool is assigned.  From your computer, create an AD computer object  of the same name as the parent in the assigned OU in the pool. On the Parent Image, attempt to join to the domain using the Instant Clone domain account. 

Sorry to hear that, while a device may not be supported by Enterprise IT. An attempt should be made to duplicate the issue on a supported device to validate no systemic issues exist.  For Horizon graphical issues, it typically comes down to the Horizon Client version. Recently, the Log4J vulnerability forced all Horizon Enterprise customers to upgrade to the latest Horizon Release (2111) in December.  There have been many reports of graphical issues on users running 5.x or older Horizon clients. If you have administrative access to your Macbook, please download the latest release: Download VMware Horizon Clients - VMware Customer Connect

We ran into this as well after upgrading to 2111 for Log4J compliance back in December. It took a few weeks for the issue to become apparent as we have a multi-tenant environment with mixed Horizon Client versions.  Any endpoint running Horizon Client 5.x or older was impacted with the 8.4 agent. If we created a special pool running 8.1 agents, the issue no longer occurred. There wasn't a specific response from VMware other than running Horizon Clients 5.x or older is not support in Horizon 8.4 and may cause performance issues.  Make sure to check the Horizon Client version embedded on any thin or zero clients. That detail buried in the firmware of the devices was the key to isolating and resolving the issue. 

I do understand the reasoning and why it would be quite useful. I don't have a solution because this is a by design scenario. I can help explain why this isn't possible.    At a high level, Office 365 is owned by Microsoft. The entire O365 infrastructure is controlled by Microsoft for personal and business use. For that reason, one can simply go to www.outlook.com and attempt to sign in to their personal or work email.    In your scenario, you asking why can't users be redirected to WS1 if they attempt to access Office 365 online. The only method to do that, is to have Microsoft initiate the redirection which they will not do. This is not a Workspace One issue but a design functionality of O365.    In this case, I would recommend leveraging conditional access and using both solutions to deliver the desired security. 

Login performance issues take some drill down to identify the source(s).  Typical Sources Stale GPO - Legacy GPO pointing to old UNC paths, consume significant login time until they give up trying.  Printer GPO - Both deprecated and active Printer GPOs can add significant login time as well depending on various factors.  Profile Management - New profiles being created on login instead of leveraging profile management suites or mandatory profiles.    As you can see, quite a lot can affect those login times. Its best to review the system, application, printer, and GPO event logs to determine where the bottleneck(s) are. 

This is a perfectly valid question, you are not missing a step at all. Folder redirection is a beast just by itself and there can be multiple migration strategies depending on existing environment and target environment.  In this case, to help clarify, the referenced KB is suggesting that you point DEM to the existing folder redirection targets currently defined in the Persona Management GPO. After validating, you will be able to safely turn off the PM GPO successfully.   

Hey @VMwareN0ob,  I believe I found the root cause for the misbehaving registry value DisableThumbnails  [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] It didn't make any sense, all group policy settings for thumbnails are under the user configuration. However, the only way its regenerating is if its defined in group policy on the machine configuration. Yet, there is no listed policy setting.  Well, turns out you don't need a definition, the OSOT had updated the local machine policy file, C:\Windows\System32\GroupPolicy\Machine directly and dropped this in there:  Computer Software\Microsoft\Windows\CurrentVersion\Policies\Explorer DisableThumbnails DWORD:1 This is causing the registry key to continue regenerating. I'm attaching a screenshot, with the specific OSOT setting. You have two options, one is update the OSOT template and set value to 0. Second option is the below blog post, which walks through using lgpo.exe (MS Utility) to update the policy file.  How to individually modify and deploy local GPO settings (LGPO) - Brooks Peppin's Blog I did test out lgpo.exe but if you are in the position of just changing the OSOT template. I would go that route for simplicity. 

I can help shed light on this issue and the general workings of the OSOT Fling. The OSOT implements its settings in four specific areas.  OSOT Target Locations 1. Local Policy 2. HKLM - Reg for Local Machine 3. HKCU - Reg for Current User 4. HKCU (Default User Hive) First, note number 4. The OSOT does not simply enable local policy or create registry keys. It targets every location relevant to the setting. Add to the fact that changing the policy setting does not remove the entry in the default user hive and you have a reoccurring issue without obvious solution. The second and most crucial item is the OSOT never stops at simply targeting the specific policy setting to enable/disable. It targets the feature and any related settings to that feature. If you re-enabled the feature, it will often not be at full functionality. This is a thorough approach but makes reversing challenging.  In the case of the Thumbnails, enabling or deleting the disable reg key is not enough. Root cause is the Thumbnail feature can't function if it can't cache the created thumbnails to the thumbs.db. See image and updating the default user registry hive should keep the issue from reoccurring.   

I can help shed light on this issue and the general workings of the OSOT Fling. The OSOT implements its settings in four specific areas.  OSOT Target Locations 1. Local Policy 2. HKLM - Reg for Local Machine 3. HKCU - Reg for Current User 4. HKCU (Default User Hive) First, note number 4. The OSOT does not simply enable local policy or create registry keys. It targets every location relevant to the setting. Add to the fact that changing the policy setting does not remove the entry in the default user hive and you have a reoccurring issue without obvious solution. The second and most crucial item is the OSOT never stops at simply targeting the specific policy setting to enable/disable. It targets the feature and any related settings to that feature. If you re-enabled the feature, it will often not be at full functionality. This is a thorough approach but makes reversing challenging.  In the case of the Thumbnails, enabling or deleting the disable reg key is not enough. Root cause is the Thumbnail feature can't function if it can't cache the created thumbnails to the thumbs.db. See image and updating the default user registry hive should keep the issue from reoccurring.   

I can help shed light on this issue and the general workings of the OSOT Fling. The OSOT implements its settings in four specific areas.  OSOT Target Locations Local Policy HKLM - Reg for Local Machine HKCU - Reg for Current User HKCU (Default User Hive) First, note number 4. The OSOT does not simply enable local policy or create registry keys. It targets every location relevant to the setting. Add to the fact that changing the group policy setting does not remove the entry in the default user hive and you have a reoccurring issue without obvious solution. The second and most crucial item is the OSOT never stops at simply targeting the specific policy setting to enable/disable. It targets the feature and any related settings to that feature. If you re-enabled the feature, it will often not be at full functionality. This is a thorough approach but makes reversing challenging.  In the case of the Thumbnails, enabling or deleting the disable reg key is not enough. Root cause is the Thumbnail feature can't function if it can't cache the created thumbnails to the thumbs.db. See attachment for details and once removed from Default User Reg Hive, it will stop regenerating. 

Quite a few questions!  I won't be able to answer them in the full detail you need but I can help. Highly recommend reaching out to your VMware account manager or contact VMware Sales directly.  1) what is the license mechanism in VMware VDI for Microsoft OS (win10). Licensing in Horizon is based on named user or concurrent users. Very similar to how Microsoft RDS licensing works. OS Type does not matter and licensing for OS is up to customer.  2) Do we need RDS license in VMWare Horizon Linked Clone for 30. No, RDS licenses are only needed for RDSH Apps published through Horizon. Because RDSH Apps do not require a VDI desktop, they can be presented on any device. Linked Clones are currently deprecated and will be removed in the next Horizon release, please see Instant Clone documentation from VMware for details.  Horizon 8 General Availability Blog Post - Link Horizon 8 Deprecated Features - Link 3) VDI will be on Primary and DR site and are replicated from Primary site to DR site , incase Primary site down user will connect to DR site VDI , what is the best practices for VMware VDI Linked clone VMs to replicate at DR site . does replication work in VDI linked clone VM , what components do i need to replicate at DR site . This is a significant conversation, I recommend reading through Cloud Pod Architecture and Multi-Site Horizon Implementation at this Techzone link.  VMware Techzone: Horizon Multi-Site Architecture - Link 4) if Primary VDI site down , then how User will connect  to DR site VDI desktops, how thin client automatically connect to DR VDI environment .(Users are on different location ) See above reply on question three.