garymansell's Posts

Finally fixed it myself - it was a Bitlocker to Go Policy in our Group Policy that write protects any remove-able media that gets put into our systems. My question is - why is the system dispo... See more...
Finally fixed it myself - it was a Bitlocker to Go Policy in our Group Policy that write protects any remove-able media that gets put into our systems. My question is - why is the system disposable disk seen as remove-able media (USB disk?) - its a normal VMDK disk?
I have bumped into a really weird issue here, in so much as after I reboot my composer clone View machines, I can no longer login via PCOIP (I can by RDP). When I reviewed the client VDM logs... See more...
I have bumped into a really weird issue here, in so much as after I reboot my composer clone View machines, I can no longer login via PCOIP (I can by RDP). When I reviewed the client VDM logs, I can see that the PCOIP Server cannot write the temporary SSL CA cert to the G:\TEMP folder (which is my SYSTEMDISPOSABLEDISK) and further investigation shows that the G: drive is write-protected. The G: drive is fine whilst the machine is being setup and the first time it is used, but as soon as the VM is restarted then the drive becomes read-only (even for local admin). I have checked diskpart and the read-only attribute does not seem to be set at either the disk/partition/volume level. I have tried using PSEXEC -s to test if I can write to the G: drive as the SYSTEM user (as well as local admin) but still no joy: mkdir : The media is write protected. The G: drive seems to be a normal VMDK disk as you would expect - not USB (and hence possibly blocked by policies). I don't think that it can be our Group Policy as if I move the freshly provisioned VM to the COMPUTERS OU (outside of our domain settings) and reboot it, the G: drive still becomes read-only. I have checked the VDM debug logs but can see nothing other than the PCOIP Server CERT issue. Does anyone have any suggestions for me here as to what could cause this or how I can debug it, cos I have spent 3 days mucking around with this now to no avail? Regards Gary
So I can run the Customization tool and reboot. Then I need to run Sysprep with Audit Mode selected. Then after it reboots into Audit mode, I need to run the Customization tool again and run t... See more...
So I can run the Customization tool and reboot. Then I need to run Sysprep with Audit Mode selected. Then after it reboots into Audit mode, I need to run the Customization tool again and run the Sysprep tab (with timezone and locale edited) Then after it reboots, run the Customization tool again and run the tasks in the finalize tab Then shut the machine down and capture the Master image. Is my understanding correct?
Raetke (and everyone who helped) - thanks you got me up and running, I really appreciate your assistance in this as I was proper stuck! It was the Sysprep command that sorted things out for me... See more...
Raetke (and everyone who helped) - thanks you got me up and running, I really appreciate your assistance in this as I was proper stuck! It was the Sysprep command that sorted things out for me... One last thing, I would like to be able to run the Sysprep from the VMWare OS Customisation fling tool, rather than run it manually, but the Tool says that it can't run because the machine is not in Audit mode (this was why I never ran it originally). Please can someone tell me how to boot the Master VM into Audit mode so that I can run the sysprep from the Customisation tool?
Hey Raetke, Thanks for your advice, it sounds hopeful that this may be where I am going wrong as I did not run Win10 1909 prior to re-building my 7.11 Horizon View system. I did try running... See more...
Hey Raetke, Thanks for your advice, it sounds hopeful that this may be where I am going wrong as I did not run Win10 1909 prior to re-building my 7.11 Horizon View system. I did try running a Sysprep / generalize before capturing the master VM image in a snapshot previously, but when the VDI clones boot, they boot into OOBE experience and don't get domain joined etc. Am I going wrong here somewhere with the Sysprep / customisation process before capturing the master VM snapshot, perhaps? Rgds Gary
Hi the agent was installed as local Admin with no other accounts on a freshly imaged Master VM from my CAD APPS MDT image that I use for phys CAD machines, hence no audit mode. The install med... See more...
Hi the agent was installed as local Admin with no other accounts on a freshly imaged Master VM from my CAD APPS MDT image that I use for phys CAD machines, hence no audit mode. The install media for the agent is VMware-Horizon-Agent-x86_64-7.11.0-15238678.exe - so this looks like the correct architecture. Rgds Gary
Thanks for getting back to me again. Unfortunately my VMware Support expired last month and the system is three years old now, so I doubt I can get it re-instated... That's why I am begging he... See more...
Thanks for getting back to me again. Unfortunately my VMware Support expired last month and the system is three years old now, so I doubt I can get it re-instated... That's why I am begging here I attach the viewcomposer logs, but don't know what i am looking for - can't see any errors pointing in an obvious direction, the service crashes almost immediately. Just to be clear - this is a VDI CAD System, so I have a load of CAD Apps installed to the Master image before Snapshotting for VDI. I have not done the sysprep/audit stage as I never did this before and things were fine at 7.7 previously - not sure how to do this either. Rgds Gary
Nice suggestion, but I ran the Optimiser Tool and also the finalising tab, but no dice... I am running latest updated Windows 10 Pro  x64 1909. Anyone else - I am really stuck? Rgds G... See more...
Nice suggestion, but I ran the Optimiser Tool and also the finalising tab, but no dice... I am running latest updated Windows 10 Pro  x64 1909. Anyone else - I am really stuck? Rgds Gary
Hi, I have just rebuilt my working Horizon View setup from 7.7 to version 7.11, clearing the SQLExpress databases on both the Composer and Connection servers (including Adam DB) before re-inst... See more...
Hi, I have just rebuilt my working Horizon View setup from 7.7 to version 7.11, clearing the SQLExpress databases on both the Composer and Connection servers (including Adam DB) before re-installing from 7.11 media. I can connect to the Master VM using a direct connect mode, but when I remove the direct agent software and configure to the Connection Server as a Dynamic Pool using Composer, the pool VM's all stick at Customising and timeout. If I connect to the console of the pool VM's, I can see that the "VMware Horizon View Composer Guest Agent Server" Windows service fails to start - which I presume is the problem. The Windows event log error relating to this is: Faulting application name: vmware-svi-ga.exe, version: 7.11 ,0.53043, time stamp: 0x5dd253c6 Faulting module name: ucrtbase.dll, version: 10.0.18362.387, time stamp: 0x6dbf7eae Exception code: 0xc0000409 Fault offset: 0x000gcaa2 Faulting process ID: 0x704 Faulting application start time: 0x01d5e01594184254 Faulting application path: C:\Program Files (x86)\Common Files\VMware\View Composer Guest Agent\vmware-svi-ga.exe Faulting module path: C:\Windows\System32\ucrtbase.dll Report ID. 250fc4ff-ca5c-48fd-a49e-c6923d773707 Faulting package full name: Faulting package-relative application ID: I have tried removing all Anti-Virus and disabled Windows defender in the registry, am now a bit stuck and could really do with some help or suggestions how to debug? Thanks in advance Gary
For security reasons we would like to remove all mention of our internal domains from the Horizon View Client login screen (ie the drop down menu on the login page). I have used the vdmadmin c... See more...
For security reasons we would like to remove all mention of our internal domains from the Horizon View Client login screen (ie the drop down menu on the login page). I have used the vdmadmin command to remove all domains (including the primary one which is the only domain our users would actually login from), but the single primary domain still appears in the list. We would prefer our users to have to login with a text string of <domain>\<username> or <username>@<domain> and to show no domain in the drop down box of the login screen. Is this possible, and if so, how do I achieve this? Thanks and Regards Gary
All sorted now - thanks everyone
That was it - I had completely missed the part where I had to configure the tunneling on the Access Point !!! Once I had done that and disabled the Tunneling and Secure Gateways on the interna... See more...
That was it - I had completely missed the part where I had to configure the tunneling on the Access Point !!! Once I had done that and disabled the Tunneling and Secure Gateways on the internal View Connection server, I was up and running At least I was until, I started tightening up all the firewall rules that I had been loosening and tweaking in order to try and get it working !!! I think I will be OK now, just need to tweak the rules to get it working securely again
OK, thanks both, I will give that a go
Hi thanks for getting back to me. I was under the impression that I needed to tunnel / use PSG to ensure that the traffic between the client on the Internet and the VM's on the internal LAN we... See more...
Hi thanks for getting back to me. I was under the impression that I needed to tunnel / use PSG to ensure that the traffic between the client on the Internet and the VM's on the internal LAN went via both the AP in the DMZ and the View Connection Server on the LAN? Otherwise there will need to be firewall rules to allow all the individual VM's (with dynamic IP's) access through the internal LAN/DMZ firewall interface, so that there is a path from the VM's to the AP and back out to the client on the Internet. Is this not the case? Am I missing something here, can you explain? Thanks Gary
Hi, I have a view connection server which we have been using internally that I now want to use externally as well - I would like workers to be able to re-connect to their workplace daytime ses... See more...
Hi, I have a view connection server which we have been using internally that I now want to use externally as well - I would like workers to be able to re-connect to their workplace daytime sessions from home and continue working. To this end I have setup an Access Point Server in our DMZ (with the rules to/from the Internet and LAN as per online docs) and can login from an Internet based client as a user OK, but when it tries to initiate the PCOIP session, I just get a black screen and then the connection terminates. Firewall Rules: Internet to the Access Point machine in DMZ (machine has a 192.x.x.x. address in the DMZ NAT'd to an external RIPE IP)           443 TCP & UDP           4172 TCP an UDP (UDP 4172 must be allowed outbound too) Access Point machine in the DMZ to internal LAN (view connection server stc-vmconn-01.stc.ricplc.com and view vm's are located on the LAN):           443 TCP to stc-vmconn-01.stc.ricplc.com           4172 TCP and UDP to stc-vmconn-01.stc.ricplc.com and UDP 4172 back           32111 TCP to stc-vmconn-01.stc.ricplc.com I am presuming that as I am using Access Point instead of a Security server - there is nothing to add in the Security Servers Tab on the view connection server, is that correct? As I am running through the Access Point server in the DMZ and don't want to add routes from all the horizon view agent VM's out to the Internet, I want to tunnel PCOIP via the View Connection server so that all conversations go via the AP and the View Connection server - I think I need to enable and set a PCOIP Secure Gateway <IP Address>:4172 on the View Connection Servers Tab of the Connection Server / Servers page - I am a little unsure as to which IP to set here. Should it be the external Internet IP address of the AP (in which case, it seems to break internal clients from being able to connect when they could before), or should I set it to the internal View Connection Server's IP (in which case internal clients work OK, but externals still get the black screen). When running a wireshark trace on the internal View Connection Server, I can see a couple of PCOIP (4172) packets going to/from the remote client on the Internet before the connection is droppped. If I look at the debug logs on the external client machine, I see this error, that might be the problem? 2017-02-08T16:13:54.702Z WARN  (0C44-026C) <NodeManagerWatcher> [vmware-view-usbd] SocketChannel: Unable to connect to 172.30.85.43:32111 Now, this is a machine on the Internet, so there is obviously going to be a problem accessing 172.30.85.43 (which is the VDI VM internal IP) as this is non-routable over the Internet - why am I seeing this? Any ideas what may be wrong here, cos I am stumped!! Rgds Gary