I have a developer trying to create a utility to manage desktop sessions that are brokered by Horizon View, but is having some trouble with some PowerShell commands.

This line works:

Send-SessionDisconnect -Session_id (Get-RemoteSession -Username "{domain}\{username}").session_id

This one doesn't:

Send-SessionLogoff -Session_id (Get-RemoteSession -Username "{domain}\{username}").session_id

The latter results in an error as follows:

Send-SessionLogoff : PowershellService::SendSessionLogoff FAILED, error-Unable to log off session

({domain}\{username}()/2@....{snipped}...,ou=servers,dc=vdi,dc=vmware,dc=int.cn=ccds,ou=server

groups,dc=vdi,dc=int:CONSOLE:3389:DESKTOP):com.vmware.vdi.sessionclientapi.SessionNotActiveException

At line1:1 char:1

+ Send-SessionLogoff -Session_id (Get-RemoteSession -Username "{domain} ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo          : InvalidResult: (vmware.view.pow...ndSessionLogoff:SendSessionLogoff) [Send-SessionLogoff], Exception

+ FullyQualifiedErrorId : PowershellService::SendSessionLogoff FAILED,vmware.view.powershell.cmdlets.SendSessionLogoff

The test script is as follows (some detail redacted):

$password = ConvertTo-SecureString '{password}' -AsPLainText -Force

$cred = New-Object System.Management.Automation.PSCredential('{domain}\{domainadmin}' , $password)

$s = enter-PSSession -Computername '{ipaddress}' -Credential $cred

cd 'C:\Program Files\VMware\VMware View\Server\extras\PowerShell\'

.\add-snapin.ps1

Send-SessionLogoff -Session_id (Get-RemoteSession -Username "{domain}\{username}").session_id

Exit-PSSession

Any ideas what is going wrong?

Is it possible to enable ipad users to print directly to AirPrint printers from vdi desktop

So apparently in 7.8 maybe 7.7 they added the Help Desk Plugin for Horizon Agent as part of the Horizon View Agent install.  If you install the agent by hand you can go ahead and install this but if you use the command line to install it apparently does not install.  Does anybody know the command line switch for this component?  The Horizon View documentation for 7.8 does not have this component listed in the command line switches.

View Version 7.8

UAG 3.5

Horizon Client 4.10

Trying to configured UAG to be able to authenticate using RSA and Smart card when accessed from the internet.

I was able to get the connection server to do this. From inside my network, I can use the Horizon client to connect to the connection server and be prompted for PIV and RSA. I am able to logging successfully and launch my VDI.

From outside the network, trying to connect through the UAG, I get prompted for RSA, I entered the RSA code and then I get an error: "Smart Card or Certificate authentication is required".

Debug log shows:

2019-06-17T11:07:38.558-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [ServletRequestHandler] (SESSION:65be_***_c790) Processing request xx.xx.xx.xx/Request909

2019-06-17T11:07:38.559-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlRequestProcessor] (SESSION:65be_***_c790) read XML input

2019-06-17T11:07:38.559-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlRequestProcessor] (SESSION:65be_***_c790) added: set-locale

2019-06-17T11:07:38.559-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlRequestProcessor] (SESSION:65be_***_c790) added: configuration

2019-06-17T11:07:38.559-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlAuthFilter] (SESSION:65be_***_c790) Pre-Auth Processing: configuration

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [ProperoAuthFilter] (SESSION:65be_***_c790) Attempting to authenticate against SecurID

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [ProperoAuthFilter] (SESSION:65be_***_c790) Not authenticated, requesting login page for SecurID

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [AuthorizationFilter] (SESSION:65be_***_c790) paeCtx == null, forwarding to login page: /broker/xml

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [AuthorizationFilter] (SESSION:65be_***_c790) HTTP session ID old value: CB1B-***-3390, new value: 87BD-***-8018 for 65be_***_c790

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlServlet] (SESSION:65be_***_c790) Start processing: set-locale,configuration

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlServlet] (SESSION:65be_***_c790) Processing: set-locale

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlServlet] (SESSION:65be_***_c790) Finished processing: set-locale, Result: ok

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlServlet] (SESSION:65be_***_c790) Processing: configuration

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [AbstractProcessor] (SESSION:65be_***_c790) supportedFeaturesFromXml: [multiSessionApplicationLaunch, nameResolution, reauthentication, lastUserActivity, shadowSessions, workspaceOneMode, preLaunch]

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlServlet] (SESSION:65be_***_c790) Finished processing: configuration, Result: ok

2019-06-17T11:07:38.560-04:00 DEBUG (1460-08B4) <ajp-nio-8009-exec-3> [XmlServlet] (SESSION:65be_***_c790) End processing: set-locale,configuration

2019-06-17T11:07:47.155-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [ServletRequestHandler] (SESSION:65be_***_c790) Processing request UAGexternalIP/Request910

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlRequestProcessor] (SESSION:65be_***_c790) read XML input

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlRequestProcessor] (SESSION:65be_***_c790) added: submit-authentication

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlAuthFilter] (SESSION:65be_***_c790) Pre-Auth Processing: submit-authentication

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [ProcessorSubmitAuthentication] (SESSION:65be_***_c790) Setting auth request screen name: authType-securid-passcode=true

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [ProperoAuthFilter] (SESSION:65be_***_c790) Attempting to authenticate against SecurID

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [SecurIDAuthFilter3] (SESSION:65be_***_c790) SecurID authentication: user credentials supplied for user username

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [SecurIDAuthFilter3] (SESSION:65be_***_c790) SecurID authentication: new authentication session

2019-06-17T11:07:47.157-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [SecurIDAuthFilter3] (SESSION:65be_***_c790) Creating RSA SecurID user authentication session

2019-06-17T11:07:47.160-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [SecurIDAuthFilter3] (SESSION:65be_***_c790) SecurID authentication: authenticating user username

2019-06-17T11:07:49.212-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [SecurIDAuthFilter3] (SESSION:65be_***_c790) SecurID authentication: successful for user username

2019-06-17T11:07:49.213-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [SecurIDAuthFilter3] (SESSION:65be_***_c790) Cleaning up RSA SecurID user authentication session

2019-06-17T11:07:49.213-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [ProperoAuthFilter] (SESSION:65be_***_c790) Attempting to authenticate against gssapi

2019-06-17T11:07:49.213-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [ProperoAuthFilter] (SESSION:65be_***_c790) Attempting to authenticate against cert-auth

2019-06-17T11:07:49.213-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [CertificateAuthFilter] (SESSION:65be_***_c790) Client did not use Certificate Authentication, skipping or failing

2019-06-17T11:07:49.213-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [CertificateAuthFilter] (SESSION:65be_***_c790) Failing Certificate authentication, fatal error for REQUIRED mode

2019-06-17T11:07:49.213-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [CertificateAuthFilter] (SESSION:65be_***_c790) messageKey not set in HttpServletRequest

2019-06-17T11:07:49.214-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [EventLogger] (SESSION:65be_***_c790) Error_Event:[BROKER_USER_AUTHFAILED_GENERAL] "User null failed to authenticate": Node=connectionserver.domain.com, ClientIpAddress=xx.xx.xx.xx, Severity=AUDIT_FAIL, Time=Mon Jun 17 11:07:49 EDT 2019, Module=Broker, UserDisplayName=null, Source=com.vmware.vdi.broker.filters.CertificateAuthFilter, Acknowledged=true

2019-06-17T11:07:49.214-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [ProperoAuthFilter] (SESSION:65be_***_c790) Not authenticated, requesting login page for cert-auth

2019-06-17T11:07:49.214-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [AuthorizationFilter] (SESSION:65be_***_c790) paeCtx == null, forwarding to login page: /broker/xml

2019-06-17T11:07:49.214-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [AuthorizationFilter] (SESSION:65be_***_c790) HTTP session ID old value: 87BD-***-8018, new value: 9D4F-***-2700 for 65be_***_c790

2019-06-17T11:07:49.214-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlServlet] (SESSION:65be_***_c790) Start processing: submit-authentication

2019-06-17T11:07:49.214-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlServlet] (SESSION:65be_***_c790) Processing: submit-authentication

2019-06-17T11:07:49.214-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlServlet] (SESSION:65be_***_c790) Finished processing: submit-authentication, Result: error, Error Code: AUTHENTICATION_FAILED, Error Message: Authentication failure, User Message: Smart Card or Certificate authentication is required.

2019-06-17T11:07:49.215-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlServlet] (SESSION:65be_***_c790) Halting at: submit-authentication

2019-06-17T11:07:49.215-04:00 DEBUG (1460-09B0) <ajp-nio-8009-exec-6> [XmlServlet] (SESSION:65be_***_c790) End processing: submit-authentication

Any guidance will be helpful.

Thanks!

what is the process to svmotion horizon view vms to different datastores? do it from horizon admin console or vcenter?

Hello,

We have change our writable domain for Horizon VDI and vSphere environment. For example right now vCenter communicates with DC 192.168.1.5 we have to change to DC 192.168.1.6

Can you please advice.

Thank;s

For some reason unbeknownst to my team and I, our main clinical app (Cerner Millennium which is hosted remotely and accessed via Citrix) - crashes or closes when there is suddenly poor or no network connectivity (normally happens with roaming wireless ThinClients or PCs with VMware Horizon Client) on the Client of the guest VM.

I was under the impression the the local network connection has no bearing on the remote virtual OS/VM other than whether you're connected or disconnected to the session...

Does anyone know exactly how the local network connection is "connected" to the guest VM's network and if there's any settings to change the behavior of the guest VM's dependence on the local network connection?

It seems that Citrix is the only app that gets adversely affected by the local network dropouts.

Using view agent 6.2, horizon client 4.X, citrix web plugin.

Hi Everyone,

I need to create desktop pool of windows 10 with build 1803.

from this article VMware Knowledge Base  it seems that I need Horizon Agent with version 7.3.2 or newer.

My question is if connection server 7.0.2 can manage desktop clones with newer Horizon Agent version ?

is there any compatibility matrix for that ?

Hello,

So we have been experiencing this issue with remote users connecting to vdi
using the Dell 3040's clients. When they try to scan the scanning process goes
up to 90% and then it errors out. Sometimes it works just fine, sometimes it
scans one page and it errors out on the second page. We have enabled USB and
Scanner re-direction, installed the latest printer drivers and latest firmware
on the thin client. Also the users has to connect, disconnect and connect again
in order for the usb devices to be recognized. Has anyone seen this happen and
what was the resolution?

Tested the printer using the Horizon Client from a laptop and we experienced
the same issue when scanning, this kind of rules out the Thin Client.

Also thios is a remote user connecting over VPN.

This is a persistent desktop

Horizon View 7.4.0

UEM 9.3

AppVolume 2.13.3.12

AIO HP M476DW

Some of the errors:

Scanner communication cannot be established.....

Is there a way to prevent Session Timeout disconnects?

I found this KB (https://kb.vmware.com/s/article/2146424) but it doesn't tell me how to set a session to last indefinitely on a ZeroClient. is there a way?

Horizon 7.5

ZeroClient (Wyse 5030)

Thanks in advance.

We are having Horizon view 7 in our environment. Currently 55 VDI Machines are running with Windows 10 LTSB OS and Office 2013. OS and Office activation are pointed to KMS server.

All are linked clone machines with dedicated assignment and users will get the same desktop when relogin.

We are planning to deploy additional 50 more VDI machines with the same image. My question is that How the office 2013 licensing will work in VDI enviroment?

Do we need Office 2013 license for each desktop that we provisioned? ie, for additional 55 VDI, 55 more office license has to purchase?

Any CCU license available for Office 2013?

What is the best approach for Office 2013 licensing in VDI environment? If i create office 2013 thinapp will this help?

Appreciate your help.

Regards

Ansar

Hi,

I would like to know how office 2013/2016 licensing will work in Vmware Horizon 7 VDI enviroment.

As far i know MS office licenses are per device based license.

So if we create 100 VDI desktops with Office 2013 installed, we need to purchase 100 Office 2013 license?

Is there any subscription based license available for Office, same like OS Subscription?

Please help.

Regards

Ansar

I had create Chrome (V.75.0.3770.100) thinapp, but it gives an error "ThinApp has encountered an unexpected error. Click abort to closes the application, Retry to debug, or Continue to ignore the error. Support info:PID=6976, ts_stub.cpp@1357"

Abort | Retry | Ignore

what can i do for resolve this issue

Hi all,

I currently trying to deploy uag 3.6 in dmz zone but have no success. Appliance deployed with single eth nic which I can ping but I can't access admin screen it shows as unreachable.

All ports seems open but obviously something is missing.

Any help would be appreciated.

Thanks

Are there any "gotchas" when up grading an Horizon 7.0.3 system to 7.9? We have two connection servers, 1 composer and 1 security server.

Thanks,

Steve

Recently we upgrade Horizon View 7.2 to 7.5.2.

We got curios status which CDR status showed duplicated (default drive and network drive.)

anyone knows about this?

Sorry the title is a mouthful.

I'm trying to implement UAG setup, as currently we use VPN and its being decommissioned.  Currently we have 2 groups of users, one group is filtered via IP, and another group enforces MFA. All of this is handled via VPN.  I want to try and have the same setup through UAG.  My problem is I can't verify if you can have different configurations on multiple connection servers within the same pod, meaning connection01 does not have any 2FA, while connection02 is set to enforce.  This would mean I could point separate UAGs, to each connection server.  Is there a better way to do this?   If it matters, I'm looking at using Okta MFA with RADIUS (via this link Configure VMware Horizon View to Interoperate with Okta via RADIUS | Okta ) 

Thanks in advance for any help!

Ken

We're a Horizon 7.3.2 shop (soon to be Horizon 7.8), that is trying to move to Blast as our protocol standard. We utilize Wyse 5010/5070 terminals (ThinOS), and are deploying a Horizon 4.8 PKG to them. That's what enables Blast on them.

Our deployment site is about 1,000 terminals (we have 5,000 in total), that all started using Blast last week to connect to a Windows 10 linked clone pool. 'm a bit sensitive about hearing any random sporadic issues, as my first thought is "hmmm I wonder if it's because they are Blast now?", and I get a little OCD about it. I mainly started this thread to hear anything from people who have moved on to Blast, preferably but not exclusively with thin clients, and any experience/tips/suggestions you may have. We did NOTHING to modify the environment in anyway for Blast from the Horizon/AD/GPO side of things. We literally just said ok pools, you're Blast now and not PCoIP.

Are network is pretty robust. The onsite terminals connect to VMs in our data centers sub millisecond and only about 10 miles apart.

I plan on posting a similar question to Dell counterparts as well, since that would cover the ThinOS side of the equation.

Thanks in advance.

There are 2 OU's. In the OU with issue the virtual machines have Windows event log service(Disabled state) and the Horizon agent state(stopped state) are stopped. They can only be started by logging into the machines manually. In a test OU deployed with only default domain policies the machines have the Windows eventlog service in started state bu the Horizon Agent service is in stopped state. This can be rectified by either restarting the machines manually or through the Horizon UI. After being available state on the UI the vms with issue tend to be unstable with the availability status. Both machines(Machines with and without issue) are in agent unreachable status in the Horizon admin UI. Any solutions or known issues with 7.2 version.

Similar to my other thread, we are experiencing issues with a pool that otherwise seems perfectly fine.

While on the parent machine, logged in as the local admin, login times are very fast (10-20 seconds.) However, once I take a snapshot and compose the test pool, the login times spike to 400+ seconds.

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Logon Time: 412.38 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Logon Start To Hive Loaded Time: 366.37 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Logon Start To Classes Hive Loaded Time: 368.17 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Profile Sync Time: 0.00 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Windows Folder Redirection Apply Time: 0.00 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Shell Load Time: 39.38 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Total Logon Script Time: 0.00 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] User Policy Apply Time: 3 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Machine Policy Apply Time: 0 seconds

2018-10-09T09:53:48.461 INFO (09d4-07f0) [LogonMonitor::LogSummary] Group Policy Software Install Time: 1.14 seconds

I've tried removing startup items and disabled services, ran the Optimization Tool, cleanmgr, etc. 

Anyone else have this issue?

(We do not have UEM, or mandatory user profile.)