davebaker87's Posts

We've had a recurring issue with one of our appvols 4 2103 deployments. Periodically it will get stuck running through the system jobs - usually during Sync Computer.  Looking at the manager logs th... See more...
We've had a recurring issue with one of our appvols 4 2103 deployments. Periodically it will get stuck running through the system jobs - usually during Sync Computer.  Looking at the manager logs there's entries stating: 'Unable to find AD entry for computer domain\IT23253234$ with objectGUID XXXXX" It appears that template machines are being sync'd? We have a list of pending actions that can't complete because the refresh computer task has not completed. It's not clear how this happens either - we often clear out the pending tasks (via ruby console kill task cmd) and restart the appvol services and this will clear the problem.  Any ideas?
I can't find a native windows setting template to roam things like window placement location, snap sizes or when an app window is open and resized - how is this data stored and does anybody have tips... See more...
I can't find a native windows setting template to roam things like window placement location, snap sizes or when an app window is open and resized - how is this data stored and does anybody have tips on how we roam this?
We have an application that interfaces with IE to launch a html popup window (triggering iexplore.exe). I have configured privilege elevation to elevate the application itself and the iexplorer.exe p... See more...
We have an application that interfaces with IE to launch a html popup window (triggering iexplore.exe). I have configured privilege elevation to elevate the application itself and the iexplorer.exe process and elevate all child processes. However, there is an issue where the application does not work as expected and I think it's because the iexplore.exe process is being called by the parent application (despite 'include child processes'). I've tried using elevated task for the pareapp.exe and iexplore.exe also - no change. The only method that the application works is if the shortcut.lnk that points to the parent app is set to 'Run as administrator' - so it appears UAC is to blame - but I thought privilege elevation would ensure that the .exe that the lnk points to would run as admin?   This said, does anyone know what's broken here or how t elevate a .lnk shortcut/run as admin without UAC prompts. I want to avoid creating scheduled tasks/shims  where possible as this needs to be a 'clean' solution. Thanks in advance
Resolved this by disabling the thinprint services (TPAutoConnect and TPVCGateway) and disabling 'Let windows manage default printer' GPO setting.
HI Mat - did you find a workaround for this? I'm getting sporadic reports of default printer not being retained and the .xml file for it (in profile archive) is showing the correct default printer. H... See more...
HI Mat - did you find a workaround for this? I'm getting sporadic reports of default printer not being retained and the .xml file for it (in profile archive) is showing the correct default printer. However, I cannot determine if we have VIP enabled or not (I think we must do?). I'm using the standard Network Printers template in DEM 2106. Sounds like we need to upgrade to Horizon 8 and use the admx to fix this...
I hear you - I've now left site so the customer needs to implement trusted locations and turn off the conditional access policy that enforces hybrid ad join for all VM's. I cannot understand why they... See more...
I hear you - I've now left site so the customer needs to implement trusted locations and turn off the conditional access policy that enforces hybrid ad join for all VM's. I cannot understand why they enabled it in the first place... I've had to leave them with a half baked solution, oh well.
I spoke too soon on this - it turns out this is not working reliably at all when ran as a post-sync script - in larger pools (more than 100 VM's) I'm seeing them sit in a customizing state , then eit... See more...
I spoke too soon on this - it turns out this is not working reliably at all when ran as a post-sync script - in larger pools (more than 100 VM's) I'm seeing them sit in a customizing state , then either Error state (with no error output) or Error 'failed to execute post synchronization - waited 55 seconds'. I have adjusted the post sync script to the following: c:\windows\system32\dsregcmd.exe /join gpupdate /force It seems relatively stable in smaller pools and the machines rebuild (albeit a bit slower than before) - but it's causing all kinds of error/hung machines in our prod pools. I've changed the default ExecTimeout value on the master image from the default of 20 second, to 40 seconds, but this doesn't seem to have made much difference. I'm wondering if the .bat file needs to have a timeout of some sort, or perhaps as the other posts suggest there is a timing issue where the child vm doesn't have it's hostname or IP at the time post-sync is running (is this possible?)
Thank you so much dude - your input re. using post-sync script to perform the /join process has fixed it for me. Love these forums.. So here's the fix I've implemented on an instant clone pool: 1/ ... See more...
Thank you so much dude - your input re. using post-sync script to perform the /join process has fixed it for me. Love these forums.. So here's the fix I've implemented on an instant clone pool: 1/ Delete the Workplace-Join task that auto-joins the user to AAD. 2/ Create a .bat file with the following: cd c:\windows\system32\  dsregcmd.exe /leave sleep 10 dsregcmd /join 3/ Put the .bat file in master image and reference it as the post Synchronization script in the pool settings. With this in place, all the child VM's join azure and at each user logon a PRT token is issued correctly. I suspect you could expand on this and add a shutdown task to perform a dsregcmd /leave - but this isn't supported by microsoft and isn't necessary either. We have all our VM's living in azure from the point they are created in the pool and this seems to work fine. Again, thank you for taking the time to reply to me, you've saved me many hours of pain.
I see - so you shift the join process to the Post-Synchronization script , and presumably Post-Synchronization settings run after the child VM has been forked and it has a hostname? Maybe I need to l... See more...
I see - so you shift the join process to the Post-Synchronization script , and presumably Post-Synchronization settings run after the child VM has been forked and it has a hostname? Maybe I need to look into this. Do you use psexec to run the task as system or re-import the task?
Thanks for that - I have tried deleting the scheduled task (but not re-importing it?). Instead, I created my own Scheduled Task that runs dsregcmd.exe /join during Startup but it's not clear if this ... See more...
Thanks for that - I have tried deleting the scheduled task (but not re-importing it?). Instead, I created my own Scheduled Task that runs dsregcmd.exe /join during Startup but it's not clear if this is running or not. At what point in the logon sequence do you reimport/recreate the scheduled task, and what triggers do you configure for it?
Hi Did you ever figure out how to do this? I have the same problem here. Would be good to connect if so, please let me know.
Thanks for coming back to me - I have enabled debug logging (using FlexDebug.txt file) and checked  Flexengine.log and -asyn.log but the computer startup tasks are not listed there?
We're running a federated environment and need to hybrid AD join our instant clone machines. I've recently moved a customer to DEM (from Appsense). Appsense had the ability to run commands in the SYS... See more...
We're running a federated environment and need to hybrid AD join our instant clone machines. I've recently moved a customer to DEM (from Appsense). Appsense had the ability to run commands in the SYSTEM context and this worked perfectly for instant clones because it was possible to run dsregcmd /join twice , once at startup, and once at user logon. This was a desired state because each device ID was unique to the clone, and the user PRT was issued correctly.  I have seen many threads describing the problem where the clones are joined '70% of the time' or some fail - this is probably because the clones are joining, but are using the same device ID as the template account - and this eventually breaks something in azure... I am testing using DEM startup tasks to run dsregcmd and finding that , despite configuring the local gpo settings on the image (startup and shutdown scripts pointing to c:\program files\immidio\flex profiles\flexengine.exe and -startuptasks/-shutdowntasks) and setting a Startup task of: cmd.exe "/c dsregcmd.exe /join"  The template VM is being joined to azure, and not the child VM's.  Does anybody know if it's possible to view logging for a startup tasks in DEM? Also, has anybody else achieved hybrid AD join using DEM ?  
I'm delivering DEM at the moment and due the nature of the customers enterprise, we are using loopback processing (merge) to deliver the DEM user policies on specific pools of VDI machines. The GPO t... See more...
I'm delivering DEM at the moment and due the nature of the customers enterprise, we are using loopback processing (merge) to deliver the DEM user policies on specific pools of VDI machines. The GPO that contains all the DEM user policies + the loopback processing setting also has a WMI filter attached to it to target the pool child machines + the master image hostnames. I've done several deployments where I've created brand new pools (i.e. new computer AD objects being generated + new , empty OU with no other GPO's assigned, and just my DEM+loopback policy linked) - and it's worked a charm. I always ensure the master image is in the same OU as child vm's. However, I'm really stuck at the moment with one deployment where the machine is marked as 'True' by the WMI filter, but the policy is simply not applying. I've checked auth users is a member, the policy has state 'Enabled' (i.e. user and computer settings are enabled) and there's no weird delegation/scoping going on. GPresult shows the child vm's are valid for the WMI filter, and I can see the policy being read in the output of gpresult - however, none oft he settings are applying? I can see the forecast of all the other settings and their respective winning policy, but no sign of my uem ones? I then join the master image onto the domain and sign in with a domain account - and it works a charm? So why are the child VM's not working when I push the snap to a pool? I do remove the master from the domain and join to workgroup before takign a snap, but surely this should not yield the results i'm getting (have done this on other , working, pools). Is it likely that because I've 'reused' the computer objects on earlier 'different' images, somehoe the policy is not recognised?  
We're piloting DEM and as I'm tweaking the config I've had a few instances where I've had to wait 1 hour for the logon to finish because of some setting that has hung/failed to apply. I have enabled ... See more...
We're piloting DEM and as I'm tweaking the config I've had a few instances where I've had to wait 1 hour for the logon to finish because of some setting that has hung/failed to apply. I have enabled debug logging and discovered the issues and rectified them, but are there any settings that can be configured to avoid this 1 hour wait from occuring entirely? I'm afraid one of our other techies will break a config one day and bring the entire company down if people have to wait 1 hour... you get the picture! Cheers
Hi We have a set of desktop pools with scaling issues and I've noticed that , for these particular pools , there is no option in the Horizon Client to adjust the scaling or resolution. Other pools a... See more...
Hi We have a set of desktop pools with scaling issues and I've noticed that , for these particular pools , there is no option in the Horizon Client to adjust the scaling or resolution. Other pools appear to have these settings available to customize via the Horizon client. Googling suggests the Horizon agent may not have DPI Sync component installed, but this is present and (default) as far as I'm aware. Are there any other places I should check to confirm this? Currently we can't adjust scaling on the VDI desktops because of this (and because we have the display settings on the local OS locked).   TIA Dave
Hi We recently applied the 'VMware approved' Win 10 1909 OSOT template to our build. We have Adobe Reader DC in our build (latest release) and after applying OSOT, PDF preview does not work in Outlo... See more...
Hi We recently applied the 'VMware approved' Win 10 1909 OSOT template to our build. We have Adobe Reader DC in our build (latest release) and after applying OSOT, PDF preview does not work in Outlook. We have exhausted all of the typical fixes (enabling/disabling the handler, regsvr32 the pdfhandler.dll, reinstall of Office+Adobe, remove any profile management/HKCU keys that might be enabled, disabled any local settings for Protected View etc, set the FTA for PDF handling to be Adobe, removed any other PDF apps - cutepdf) - none of these types of fixes have worked. When we revert to a pre-OSOT snapshot, it works. Other document handlers (.xls, .doc etc) all work without a hitch. We have also tried setting CutePDF as the default FTA for PDF - and preview also fails for this -so it must be an OS-level settings that is causing this. Any ideas what could possibly be causing this, specifically for .PDF's?
Oh it's a mac , sorry,I'm short on ideas I'm afraid
So presumably your rdp client defaults to your primary monitor, so try making your right screen the primary in the windows OS, does the rdp session then swap too? I'd look at of there's any gpo c... See more...
So presumably your rdp client defaults to your primary monitor, so try making your right screen the primary in the windows OS, does the rdp session then swap too? I'd look at of there's any gpo controls you can use to change it. Though I imagine you've tried this ?
Hi, Not sure I fully understand your question - but if you check the settings within the Horizon client, you should see your monitor layout (2 side by side boxes, I presume) - and you can click ... See more...
Hi, Not sure I fully understand your question - but if you check the settings within the Horizon client, you should see your monitor layout (2 side by side boxes, I presume) - and you can click in the boxes (you'll see a tick) and the horizon client will then span the display to the monitor you specify.