almostIT's Posts

No, I have yet to find better solutions.  Ultimately, we couldn't use this solution because it breaks all the other app stacks when a user signs into the machine.  It sucks, because we really need ... See more...
No, I have yet to find better solutions.  Ultimately, we couldn't use this solution because it breaks all the other app stacks when a user signs into the machine.  It sucks, because we really need it to do something as simple as NOT COPY EVERY SINGLE PART OF A PROFILE and we can't get it to work. 
I'm using DaaS - aka Horizon Cloud on premise.    
Of course, the "template" machines are not actual VM templates. I was referring to them incorrectly. They are VMs, turned on an in a prepared state, but not published. I never take snapshots of them... See more...
Of course, the "template" machines are not actual VM templates. I was referring to them incorrectly. They are VMs, turned on an in a prepared state, but not published. I never take snapshots of them either, and they work every time. I was under the impression, after watching a few VMware published videos, that it wasn't necessary to take snapshots for use with instant clones (anymore), due to changes in how they prepared and processed them. I could be wrong about that too. 
Can you elaborate on the state a VM template should be in when prepared for use in an instant-clone scenario? Should it be generalized and syspreped? 
To clarify, here is an example of someone with the same question, essentially. https://www.reddit.com/r/vmware/comments/f1xgun/horizon_osot_instant_clones_sysprep_or_cloneprep/ I have, for the sake... See more...
To clarify, here is an example of someone with the same question, essentially. https://www.reddit.com/r/vmware/comments/f1xgun/horizon_osot_instant_clones_sysprep_or_cloneprep/ I have, for the sake of testing, tried to leave my template in "audit mode", and while Horizon Cloud SEES the machine, when I try to do agent pairing, it shows a yellow alert box "VM is there...but it might have issues with the agent." Subsequent attempts to "publish" the template always fail.  I've also tried it in a generalized state, but still in OOBE, and that definitely does not work.  Basically, if I haven't fully generalized and syspreped the template, it never publishes and will not work. 
What state should a virtual machine "template" or "gold image" be in before publication to Horizon for use in an instant clone pool?  Specifically, should it be in a fully generalized/syspreped stat... See more...
What state should a virtual machine "template" or "gold image" be in before publication to Horizon for use in an instant clone pool?  Specifically, should it be in a fully generalized/syspreped state beforehand? The documentation is not clear on this.  I know my templates work when they are powered on, have the Horizon agent installed, names match both the desktop and VM name, it's on the proper network, I've run every part of OSOT, but is that the correct way of publishing the image?  I keep reading that part of the publication process is essentially doing some of the things I've already done, and that seems strange, unless I'm misunderstanding the publication process. Any advice would be appreciated.  Like I said, what I'm doing now works, but I'm not sure it's the proper or "best practice" way of doing things.   
I have messed around with Office 365 and DEM for over a year now.  Eventually I gave up and just assigned users App Volume writables (after having tested FSLogix). Save yourself the headaches and p... See more...
I have messed around with Office 365 and DEM for over a year now.  Eventually I gave up and just assigned users App Volume writables (after having tested FSLogix). Save yourself the headaches and performance issues, deploy and use App Volume writables with Office 365.  You can use DEM to apply Office 365 specific settings, but store all the office data on the writables. Trust me.   
Ugh, fixed the issue - at least for myself.  What happened was we had desktop shortcuts that referenced specific, non-domain, USER shares.  User's changed their passwords, the shares no longer work... See more...
Ugh, fixed the issue - at least for myself.  What happened was we had desktop shortcuts that referenced specific, non-domain, USER shares.  User's changed their passwords, the shares no longer worked, the desktop shortcuts could not be created because - they were set to run SYNCHRONOUSLY instead of ASYNCHRONOUSLY. Sigh.  That being said, if you have a similar issue - make sure you don't have a shortcut or some other configuration out there set to run synchronously that relies on specific network share to work (not just network access) - this includes LOGON SCRIPTS.  Good luck. 
I have this same issue, but only with a few users. It makes no sense. The logs show me nothing of value. The behavior is, "Please wait for the VMware DEM service". I've deleted their entire DEM profi... See more...
I have this same issue, but only with a few users. It makes no sense. The logs show me nothing of value. The behavior is, "Please wait for the VMware DEM service". I've deleted their entire DEM profile and it still happens. I've went through and disabled/inactivated any network related profile setting, just to rule out a "timeout" issue. Not sure what to make of it. I'm running the latest DEM versions as of today. 
After some Googling, it turns out this is not a recommended method for use with floating, non-persistent, desktops. Wish the current documentation would at least acknowledge something to that affect.... See more...
After some Googling, it turns out this is not a recommended method for use with floating, non-persistent, desktops. Wish the current documentation would at least acknowledge something to that affect.  Maybe, I don't know, not have that option available during the desktop provisioning process?  "It is recommended to use alternative approach instead of RunOnce with floating desktops to achieve the post provisioning automation." https://kb.vmware.com/s/article/87668 Great. 
I moved some files around.  C:\VMware\powershellscript.bat Added C:\VMware\executionscript.bat Set my run once script to C:\VMware\executionscript.bat, still does not work.  It doesn't even trigg... See more...
I moved some files around.  C:\VMware\powershellscript.bat Added C:\VMware\executionscript.bat Set my run once script to C:\VMware\executionscript.bat, still does not work.  It doesn't even trigger the batch file, because I'm logging it's actions and it's not initiating the script at all.  So, no idea what is going on. Clearly there must be more to this than what meets at least my eye. 
I've seen people with other version of Horizon struggle to get this right as well, and there doesn't seem to be a definitive solution, other than trial and error with placement of scripts, types of e... See more...
I've seen people with other version of Horizon struggle to get this right as well, and there doesn't seem to be a definitive solution, other than trial and error with placement of scripts, types of executables, and so on. Which, if you're using instant clones, testing this stuff takes forever, because of the image preparation times. It's a HUGE TIME SUCK, just to fiddle around with the location of a few files or settings.  See the "debug" log snippet below.  I have a Powershell script stored in c:\ProgramData\powershellscript.ps1 on the gold - instant clone - image. It's supposed to install an agent on the VM and in normal conditions the installation itself doesn't take more than 20 seconds. I've tested the script itself and I know it works when executed. The "Run Once Script" command I'm using is this:  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\ProgramData\powershellscript.ps1 (I've run this exact command in cmd.exe, just to see if it works, and it does)  The documentation for this feature only has one small paragraph of info with absolutely no details. Only to add a restart function "to the script", and a vague idea of the process involved with its execution.      2023-07-11T09:21:39.323-04:00 WARN (0C0C-0C70) <3184> [vmware-svi-ga] svmga::common::windows::registry::ExistingRegKey::ReadDwordValue(): CloneMachinePasswordChanged Does Not Exist 2023-07-11T09:21:39.323-04:00 WARN (0C0C-0C70) <3184> [vmware-svi-ga] svmga::common::windows::registry::ExistingRegKey::ReadDwordValue(): ChangeCloneMachinePassword Does Not Exist 2023-07-11T09:21:39.323-04:00 WARN (0C0C-0C70) <3184> [vmware-svi-ga] svmga::common::windows::registry::ExistingRegKey::ReadDwordValue(): CloneCustomizationCompleted Does Not Exist 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Customization::OkToCompleteCustomization(): Cloneprep Ready To Complete Customization 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Customization::OkToCompleteCustomization(): No flags set, completing customization 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Customization::CompleteCustomization(): Completing Clone Customization... 2023-07-11T09:21:39.323-04:00 WARN (0C0C-0C70) <3184> [vmware-svi-ga] svmga::common::windows::registry::ExistingRegKey::ReadDwordValue(): PostCustScriptSecured Does Not Exist 2023-07-11T09:21:39.323-04:00 ERROR (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Script::RunPostCustomizationScript(): Cannot Execute Post-Customization Script. It Was Not Secured 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Customization::SetCustomizationState(): Set guestinfo.clone.CustomizationState to error 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::util::NotifyViewAgent::MarkCustomizationFailed(): Set NotifyVdmStatusValue to CustomizationFailed(5) 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Cloneprep::CustomizeClone(): CompleteCustomization Failed 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Cloneprep::CustomizeClone(): Total Clone Customization Time: 20000ms 2023-07-11T09:21:39.323-04:00 WARN (0C0C-0C70) <3184> [vmware-svi-ga] svmga::common::windows::registry::ExistingRegKey::ReadDwordValue(): CloneCustomizationCompleted Does Not Exist 2023-07-11T09:21:39.323-04:00 DEBUG (0C0C-0C70) <3184> [vmware-svi-ga] svmga::core::windows::Customization::CustomizeVM(): Clone Customization Failed 2023-07-11T09:21:39.323-04:00 WARN (0C0C-0C70) <3184> [vmware-svi-ga] svmga::common::windows::registry::ExistingRegKey::ReadDwordValue(): PreShutdownScriptConfigured Does Not Exist  
@gbog Not the same problem I have, but I tested your method of switching on/off the SSL in the database and it works for providing access. 
FYI, almost 3 years later and this still doesn't work. 
Wow, it's been a LONG TIME since I've had temporary profile issues and that was on Windows 7 machines. Are these Windows 7 machines? Perhaps, if they're persistent desktops, the user's profile b... See more...
Wow, it's been a LONG TIME since I've had temporary profile issues and that was on Windows 7 machines. Are these Windows 7 machines? Perhaps, if they're persistent desktops, the user's profile became corrupt. It will need to be deleted. I'm not sure how the App Volume service itself could cause/create temporary profiles. Usually that has more to do with the login to the domain process. Unless they're writables? If they're writables, are you using defaults or custom templates? What version of App Volumes are you using?  
I finally got this to work - sort of - the way I want with the help of TWO DIFFERENT VMware techs.    I'll say this, their documentation with regard to Snapvol.cfg files is absolute garbage and doe... See more...
I finally got this to work - sort of - the way I want with the help of TWO DIFFERENT VMware techs.    I'll say this, their documentation with regard to Snapvol.cfg files is absolute garbage and does not do nearly enough to explain how they work, where they should be placed, or how to edit them properly. It's a wild goose chase, to be honest, to figure out a configuration that works - and I don't mean the file modification itself, I mean it's placement on the virtual machine as well.   To accomplish a situation where the writable EXCLUDES all the core Windows profile locations, like "Documents", "Downloads" and so on...DO EVERYTHING AS AN ADMIN   1. COPY the file "C:\Program Files (x86)\CloudVolumes\Agent\Config\Default\profile\Snapvol.cfg" to a NEW folder here, "C:\Program Files (x86)\CloudVolumes\Agent\Config\Custom" - you must CREATE the "Custom" folder at that location, then paste that specific aforementioned Snapvol.cfg to it as well. None of the other Snapvol.cfg files, as they are configured, will work for this scenario.   NOTE: the documentation insists you should be able to place a Snapvol.cfg file to "C:\Program Files (x86)\CloudVolumes\Agent\Custom\profile\", but this does not work, it just ignores the Snapvol.cfg in that location. ALSO, this configuration file, in this specific location, will apply to EVERY type of App Volume - I have not found a way to make this work ONLY for Writable profiles. I was happy just to have this sort of work.   The documentation does a poor job of pointing out WHICH Snapvol.cfg file to use for whatever purpose you're trying to accomplish, it doesn't help that for every type of volume, the configuration file is called "Snapvol.cfg".   One would think, after reading the documentation, you simply create a "Snapvol.cfg" file and add the exclusion lines you want - the documentation mentions this, but this is not the case at all. You have to copy the default Snapvol.cfg for the volume type you wish to edit, or add exclusions.   2. Edit the Snapvol.cfg you copied over from step one - as an ADMIN - you can copy it to another location temporarily if you don't want to edit it as an admin, it's easier that way, but you have to copy it back to that location AS AN ADMIN   2.a Create a commented area to describe the exclusions, like this... ##### # File exclusions #####   I did this just under the "File inclusions" line of the Snapvol.cfg.   2.b Add lines for each profile location you wish to exclude, like this....   exclude_uwv_file=\Users\%username%\Documents\\   See screenshots. They're helpful.   So, there's still a lot this doesn't do for me. Like I said, it applies to ALL volume types, which I don't want. Even though the document header says "type=writable" and "writable_type=profile", doesn't seem to matter. But it at least sort of accomplishes what I'm looking for. Hope that helps someone.
Just want you to know, you're not alone. The documentation, rules, guidelines, behind the "snapvol.cfg" configurations are HORRIBLE. Even the official documentation you reference, that I too have ref... See more...
Just want you to know, you're not alone. The documentation, rules, guidelines, behind the "snapvol.cfg" configurations are HORRIBLE. Even the official documentation you reference, that I too have referenced, does not make sense. I think, at the end of the day, it's just poorly written.  Unfortunately, the feeling I get is that App Volumes (writables and so on) were meant to be used only in their native form. In fact, I do not believe VMware "officially" supports the modification of snapvol.cfg files, which sucks because there are so many situations that call for exceptions to be made across our environment that the default collection of data is not acceptable. Which renders the "writeable" portion of App Volumes rather useless. The application requires additional development, to say the least, but it's just a matter of how important this product is to VMware as a whole. It's probably not a priority project for them. 
If I'm not mistaken, I reserved all the memory on the machine and that helped the issue.   Within vCenter (or ESXI, whatever you use), shutdown the VM first, then click "edit", expand the "Memory" m... See more...
If I'm not mistaken, I reserved all the memory on the machine and that helped the issue.   Within vCenter (or ESXI, whatever you use), shutdown the VM first, then click "edit", expand the "Memory" menu, under whatever you've allocated there should be a checkbox for "Reserve all guest memory" - mine is set at 8GB. I checked that and it hasn't been an issue since.  Good luck, if that doesn't work, try to upgrade App Volumes to a newer version. 
I see where you can export assignments from within a smart group, but no way to "import" them afterward.   
Are you using a 3rd party certificate for server authentication within your tunnel? If so, make sure this is your VPN profile:  Resources > Profiles > "Your profile for VPN" > VPN > "add version", m... See more...
Are you using a 3rd party certificate for server authentication within your tunnel? If so, make sure this is your VPN profile:  Resources > Profiles > "Your profile for VPN" > VPN > "add version", make sure that is in the XML config. I'm showing the entire config, but you can just paste the <ServerCertSN></ServerCertSN> line in there and omit the rest if it's already there (probably is).   <?xml version='1.0' encoding='utf-16'?> <CustomConfiguration> <ServerCertSN>*.yourdomain.com</ServerCertSN> </CustomConfiguration> IF you already have that setup in your VPN profile(s), just remember, every time you make a change to the tunnel configuration you have to "push" (aka "Add") a version of the profile so that all the devices can get the updates. If you have multiple organizational groups, you have to do this for each profile in those groups as well, assuming you've configured the tunnel at the root OG.  Good luck. I spent hundreds of hours trying to troubleshoot the issue above when I had it, because it's only mentioned in that one document (below) and nowhere else.  Source: https://techzone.vmware.com/api/checkuseraccess?referer=/sites/default/files/resource/deploying_vmware_workspace_one_tunnel_workspace_one_operational_tutorial_noindex.pdf Page 139