1 2 3 Previous Next 34 Replies Latest reply on May 3, 2018 2:11 PM by jmatz135

    Horizon Smart Policies not working

    VirtualRedneck Lurker

      Hello Everyone,

       

      I am trying to test out some of the Smart Policies in UEM 9.1 for a new requirement for the users. I am trying to implement the following.

       

      • Printing
      • Clipboard
      • Client Drive Redirection

       

      I did find an initial issue and have fixed that. (The Horizon Agent has been reinstalled with the mentioned features installed -- previously missing)

       

      Now, when I log in the only item that seems to work is the clipboard. I have turned up the logging to DEBUG so that I can see what is going on. I pulled the following out of the log file where it is saying my condition (IP Based) is passing the check and that it is applying the settings, but when I log in I do not see any of my printers from the local system on the VDI session, nor do I see the drives. I was able to copy something out of the session to my local machine.

       

      2016-12-21 17:41:11.094 [DEBUG] Conditions: Check for endpoint IP address = true

      2016-12-21 17:41:11.094 [DEBUG] Collected Horizon Smart Policies settings to apply for printing ('TestingLocalDrive.xml')

      2016-12-21 17:41:11.102 [DEBUG] Collected Horizon Smart Policies settings to apply for clipboard ('TestingLocalDrive.xml')

      2016-12-21 17:41:11.102 [DEBUG] Collected Horizon Smart Policies settings to apply for client drive redirection ('TestingLocalDrive.xml')

       

      Any help is appreciated on what might be causing the issue.

       

      thanks

      VR

        • 1. Re: Horizon Smart Policies not working
          Pim_van_de_Vis Expert
          VMware EmployeesvExpert

          What version of Horizon are you using? You need version 6.2 or newer if I'm not mistaken. Make sure the Horizon Agent and Client are also updated.

          And could it be that you still have 'old' GPO's to configure Horizon Redirection that could conflict?

          • 2. Re: Horizon Smart Policies not working
            Erossman Enthusiast

            Hi Guys,

             

            I did also some tests with Horizon Smart Policies and Horizon properties as a condition.

            We use the lastet version of UEM 9.1, Horizon 7.0.3 and a patched win7 x64.

             

            In general it works, that a user from a external location is restricted to use clipboard and client drive redirection.

            Internal users are allowed to use both. I also did tests what happened if I do a reconnect to an exisiting session and switched between internal horizon client and an external client.

            It doesn't work smootly all the time. I often had to close the horizon client and have to log on again. after that the smart policies are correct.

             

            And yes, I set a uem refresh trigger to update all the environment variable after a reconnect (independeant of ip change or something else).

             

            I also want diiferent conditions for a logon script which should check the horizon properties like "machine_name" or "remote_broker_ip_address".

            I know that is possible to use them.

             

             

             

             

            It looks like that uem is not able to check this condition during a windows user logon. Because this information is not yet avaiable there.

            If I do a reconnect to the same session again (so the trigger runs) I am able to run some other scripts with a horizon property condition. But same here, the horizon propertie are not all the time correct.

             

             

             

            Regards,

            VM-Master

            • 3. Re: Horizon Smart Policies not working
              jmatz135 Hot Shot

              You can actually use UEM smart policies to key on those settings at log on.  For instance if you want the smart policy to use the remote IP address regkey in a smart policy you would create a Horizon Smart Policy and use for the condition Horizon Client Property.  DO NOT use the Registry Key condition as that will fail when you login and only work during reconnection.  You NEED to use the Horizon Client Property condition.  In that condition there will be a dropdown with the 3 settings Client location, Launch tag(s) and Pool Name which obviously don't have the settings you want, but you can actually still use the settings you want.  Just type into the Property box Broker_Remote_IP_Address if you want to key on the remote IP address.  Basically take whatever regkey you want and remove the ViewClient_ part of it and put that in the property box.  So if the Value is ViewClient_Broker_DomainName it then is just

              Property:  Broker_DomainName

               

              From my testing this works every time as  long as UEM itself is working.  As a safeguard I have set it up so that if it does in fact fail to read the settings it will set to the more secure setting i.e. clipboard will not be available unless it properly reads the Broker_Remote_IP_Address property.

              • 4. Re: Horizon Smart Policies not working
                Aaron206 Novice

                I cant seem to get smart policies to apply on the initial logon, just reconnects.

                • 5. Re: Horizon Smart Policies not working
                  Erossman Enthusiast

                  It would be nice if we get an offical statement from vmware regarding this behavior.

                  I cannot trust the smart policies

                  • 6. Re: Horizon Smart Policies not working
                    DEMdev Master
                    VMware Employees

                    Hi Erossman,

                     

                    Can you provide a FlexEngine log file (at DEBUG log level) that illustrates what isn't working for you?

                    • 7. Re: Horizon Smart Policies not working
                      VDINinja311 Enthusiast

                      Our initial testing of Horizon Smart Policies worked great with a Windows 10 x64 1511 buildt on UEM9.1, Horizon 7.0.2. No issues with the detection and applying at both login and with the triggered task of re applying the policies at reconnect of session. At some point it stopped working and we are experiencing the same issue where the smart policies are not applying correctly at logon and only at reconnects. In the DEBUG logs it says it applies the correct policy (Disable USB redirection, clipboard, etc.) but during testing I am able to pass through a USB through the Horizon View Client. The only thing that would have changed in between our initial testing and now is we moved to a brand new Windows 10 x64 1607 Anniversary Update image.

                      • 8. Re: Horizon Smart Policies not working
                        DEMdev Master
                        VMware Employees

                        Hi VDINinja311,

                         

                        UEM 9.1 fully supports WIndows 10 v1607, and I think Horizon 7.0.2 does as well. Can you provide a FlexEngine log file at log level DEBUG?

                         

                        And, just as some general background information for anyone following this thread, UEM's Horizon Smart Policies feature is basically just a fancy name for "provide configuration settings for certain Horizon components" :-)

                        Not intended as "blame shifting" or anything like that, but after UEM has applied its Smart Policies settings, it's up to the corresponding Horizon components to pick up those settings and act on them. That also means (as was seemingly the issue in one of the earlier posts in this thread) that for instance setting Client drive redirection to Allow all through UEM Smart Policies does not magically give you client drive redirection – for the actual functionality we fully depend on that feature to be installed and enabled in the Horizon agent and client.

                        • 9. Re: Horizon Smart Policies not working
                          VDINinja311 Enthusiast

                          DEMdev I have uploaded the relevant DEBUG log file and some screenshots, only visible to you. Please note the comments on each file.

                          • 10. Re: Horizon Smart Policies not working
                            DEMdev Master
                            VMware Employees

                            Thank you for the log file and screenshots, VDINinja311.

                             

                            Looking at the FlexEngine log file, there is no difference between the Horizon Smart Policies settings that are applied during logon, and the settings that are applied during the UEM refresh. In both cases we see [INFO ] Applied Horizon Smart Policies settings, without any warnings or errors.

                             

                            I think the next step in troubleshooting this would be to review the Horizon-related logs for the components that take their config through Horizon Smart Policies. Unfortunately, I don't know where to find these logs, how to enable them, or how to interpret them – I only know about the UEM side of Horizon Smart Policies :-(

                            • 11. Re: Horizon Smart Policies not working
                              JonAmadori Novice

                              Hi,

                               

                              I realize I am a bit late here but I have this same issue with UEM 9.1 and my Horizon Smart Policies not applying correctly on initial login, but applying correctly on reconnects.  I opened a ticket with VMware and this was the workaround we came up with:

                               

                              1. On virtual desktop agent: HKLM\Software\VMware, Inc.\VMware VDM\Agent\USB\UemTimeouts                                DWORD set to 120 decimal
                              2. On Windows client: HKLM\SOFTWARE\WOW6432Node\VMware, Inc.\VMware VDM\Client\UemTimeout                   DWORD set to 120 decimal

                               

                              The tech I spoke with confirmed that this was a known issue and the fix would be pushed in a future update.  I am wondering if anyone has upgraded to UEM 9.2 and that resolved their issues with the Smart Policies not applying even though it was not listed in the release notes as a resolved issue.

                              1 person found this helpful
                              • 12. Re: Horizon Smart Policies not working
                                VDINinja311 Enthusiast

                                JonAmadori

                                 

                                Thanks for replying to the thread. I will attempt your workaround, but have a question with it. Do you have to do both registry changes or one or the other? I am definitely fine with modifying the registry on our VDI Master Images, but no way are we able to modify the registry of the end users devices.

                                 

                                We just upgraded last week to UEM 9.2 for the publisher based app white listing and I have just confirmed that the issue still exists in UEM 9.2. No change for us anyway.

                                 

                                Thanks,

                                Jeremy

                                • 13. Re: Horizon Smart Policies not working
                                  JonAmadori Novice

                                  VDINinja311

                                   

                                  I had to apply both of the registry keys to fix.  I tried just using each key on its own and the Smart Policies would still not apply on login. Thankfully we were already planning to deploy SCCM to better manage our physical fleet which can push out the registry setting via a script.  Not sure if you have access to something similar or could push the registry key via GPO?

                                   

                                  Thanks for the info on 9.2, I had a feeling that was the answer.

                                  • 14. Re: Horizon Smart Policies not working
                                    VDINinja311 Enthusiast

                                    JonAmadori

                                     

                                    We could do it to corporate devices easy, but not employee's computers

                                    1 2 3 Previous Next