FFulde

Hi Carel, we have since found out it seems to be something related to our AV, it has some kind of component called Hitman Pro Alert which is an Exploit Mitigation Feature, we have logged a ticket with Sophos already and they are investigating. I will try opening a ticket with Omnissa aswell to see if they can maybe help resolve this. Thanks for taking the time to answer tho! Cheers Fabian

Thank you @Rob Ryan and @WFancher for the replies. I will continue working on this tomorrow. Just the behaviour seems odd enough for me that Scanner Redirection is making third party applications not open anymore. Or does Scanner Redirection somehow hook/inject into these to trigger this behaviour? Just trying to make it make sense :) Cheers Fabian

Hi everyone, I just got finished debugging this for like 10 hours. It seems that installing the "ScannerRedirection" Feature on Version 2503 on a VDI that has "Sophos Intercept X" (Endpoint Protection) installed just makes most of our applications not work anymore. They just don't open anymore, whenever this happens there is an event logged pointing to "hmpalert.dll" which is the subcomponent "HitmanPro Alert" of Sophos which checks for dll injection and ransomware protection. If I: Uninstall the Scanner Redirection Feature -> Works Uninstall Sophos -> Works Reroll to 2312 Agent with Scanner Redirection -> Also works The curious thing is, Sophos doesn't flag or log anything as blocked, is this a known issue with some AV vendors or do you have any recommendations on this? I'm really not sure where to go from here, obviously I'm also gonna open a ticket with Sophos tomorrow, for now we uninstalled the ScannerRedirection Feature, it's better than our users not being able to open programs.

We are also having the same problems on Intel based CPUs, once we install ScannerRedirection all of our Programs that use Edge WebView don't run anymore. We run Horizon On-Premise and I can't seem to find an Installer for the fixed Version, last one I can get is 2503. Is the Cloud installer fine to use on Prem aswell?

I think the best approach for us probably is to just give the 35 users dedicated desktops for now, maybe just try a proof of concept with an instant clone image that has all the software and app masking if I get around to doing that and just see how that works for some users. I'll look over the software again and see what I can add in the current base image without adding too much overhead maybe I can slim those numbers down even more. Dedicated Desktops keep us flexible enough for now and we need to keep the software distribution anyways for the ~30 desktops/laptops we need to keep for other reasons. Thank you both for the input it was really helpful! If anyone else stumbles across this later, feel free to tell me how you do it and why you do it that way, it's a really interesting topic and I like to learn new ways of thinking about these things. Greetings Fabian

Hi @Rick Redfern thanks for taking the time to answer! Thats a really cool idea with the staging pool, just out of curiosity roughly how many software is installed in your base image and how many applications do you deliver using App Volumes? Do you try to keep the base image as lean as possible or do you decide based on the number of people using the specific app?

Right now we have the legacy structure (~100 VDI Dedicated Desktops) that are primarily updated by WSUS and Software is patched via a software distribution software or by hand. These are Windows 10. As you can imagine these are going out of support and also have some years under their belt getting awfully slow by now and having these weird age problems Windows tends to have after running for some years. I currently have one pilot/POC Instant Clone Pool which is a Win11 23H2 with just the standard applications, around 10 users are working on there already without any problems and I'm trying to figure out where to go from here. I ran the numbers today and we have 105 users just using standard applications and 35 that have some extra software.

Hi Sean, thanks for the quick reply! I can give some pointers to our infrastructure if that helps ~ 150 Users in 10 departments Around 70% of them use standard applications (e.g. Office 2024 LTSC, DMS, Foxit Reader/Editor, KeePass, Phone Client) The other 30% use around 20 different more specific applications, a good chunk of these are started from a network drive and don't require an installation or are web based. There isn't really a lot of users using the same application maybe 3-5 at best I havn't identified any problems with any of these so far in my testing, I plan to use FSLogix App Masking to hide the applications based on AD Groups For Profiles we are planning to use DEM+FSLogix Containers with DEM capturing most settings in case the container ever goes corrupt, maybe we even cut out FSLogix Profile Containers later but right now this hits our logon times big times since the Clone has to create a local profile on every login (~ 90-120 Seconds) Another option would be to identify what we categorize as "standard applications" build one Instant clone pool for 70-80% of our users and the rest gets a persistent desktop I guess.

Hi everyone! I'm pretty new to the whole Instant Clone thing and could use some insight into how other people do it. I know there is probably not "the way" as everywhere in IT. Do you just have one golden image where all software is installed and everyone gets that image or do you split them? What are your reasons to spin up a second, third etc. golden image? (Software issues, different VM Hardware etc.?) How do you deal with spontaneous "We need to update this software ASAP calls from users"? I'm trying to decide between: making one golden image and just throwing everything in there and see how it goes two Images, one with just the basic applications which cover around 70% of our users and one "Everything else" Image three Images, with software per business branch We are on Horizon Standard, so App Volumes or Remote Applications are not an option at this moment. Grateful for any answers and insight you can give me to hopefully make my decision easier. Cheers Fabian

Hi Dave, thanks for the reply. Seems like I'm not the only one with the problem. Would be interesting to know if this got fixed in a newer version... maybe someone could clarify?

Hi Sean, sadly that didn't help, message is still there.

Hi everyone, I might be missing something super obvious here. I'm currenlty building a Pool for Automatic Dedicated VMs (Spawned from a VCenter Template). While testing there sometimes is a problem with provisioning, which is to be expected. However on Error I get the attached message. I then go ahead and reprovision the machine, everything works fine, problem is - the error never goes away, it's just stuck there until I recreate the pool. Is there some way to get rid of those messages without recreating the pool? Running: Horizon 2312 currently Cheers Fabian

Hi everyone, I have a really odd behaviour at the moment. I have a folder under "C:\Program Files\Test" in my capture machine for my RDS Farm. My Domain Admin User can access it just fine in there, in fact that same user copied the folder there. I then go on to use OSOT to seal the image (folder is still there) Shut down the machine, take a snapshot and deploy that to the farm. After deploying I log in with my Domain Admin User and the folder is missing, however I know it's there because I can't create a folder with the same name. I then go on to log in with a normal Domain User and all of a sudden the folders show up for the Domain Admin aswell. I already checked the permissions for the folder, other folders in "C:\Program Files" have the same permissions as this one. It seems to be something that's happening during the deployment process, does anyone have a idea to fix this? Cheers Fabian

As others have pointed out you can use the command line utility "iccleanup" - Open cmd as admin - cd "C:\Program Files\VMware\VMware View\Server\tools\bin" - iccleanup.cmd - iccleanup.cmd -vc X -uid [User e.g. [email protected]] -skipCertVeri - list [To see all your current Pools] - unprotect -I [Index e.g. 1] You can then delete the template and replica machines in vcenter

Thank you Rob, I forgot to mention we are running Horizon Version 2312 at the moment. I'll attach some screenshots, in the registry it shows the Smartcard Features as Absent for whatever reason. The other two screenshots show the features I'm installing it doesnt event list Smartcard as an option there, when I install the Agent on a Windows 10 Desktop for example, I see the Smartcard Feature as an option. (Sorry screenshots are German) I found this Link Horizon Agent Custom Setup Options (vmware.com) where it says the feature is only for Single User machines. Thats for Horizon 7 tho, so I'm not sure if that has changed in the meantime.