GravelRider

Hi there So here is my scenario I am trying to build a golden image for Horizon DaaS. There are known issues with OSOT so am leaving it out for simplicity. Create a VM, Run Updates, and sysprep /generalize /shutdown /unattend:c:\windows\system32\sysprep\unattend.xml My master shuts down and I clone it. I power the clone on as that is need for Horizon Daas. The sysprep procedure works according to logs. VM appears in DaaS. I convert to image This process fails "Windows Sysprep process failed to clean appx packages, please refer to Microsoft KB article #2769827" When I check the actual sysprep log, I see it complains about "Package Microsoft.Copilot_0.4.2.0_neutral_8wekyb3d8bbwe was installed for a user, but not provisioned for all users" I have reverted my master image and looked for this package but there is no trace of it. Any ideas as to why this error appears then? And why does the sysprep works outside of Horizon DaaS publishing? Cheers

Hi mate No dedicated desktop. I opened a SR with Omnissa and they said that there is a known issue with OSOT and advised to try last one released by VMware but that is causing issue too. Now even if I take OSOT out of the equation I seem to have issues but will create new post for this

Hi team Been having some struggles here. I was asked to build a master VM Windows 11 24H2 on Horizon DaaS (on-prem). I haven't really build a Windows 11 image before and definitely not in Horizon DaaS. I am slowly getting my head around Horizon DaaS but having issue with the image. I built the image as per optimization tool but there seems to be something wrong with OSOT (download latest version) It seems something goes wrong with the generalise and finalise process. Before the generalise process, I reboot and I can see the VM is in audit mode (as indicated by sysprep tool 3.14 box). I cancel the sysprep and start generalise. This seems to complete as expected but when I run finalise that finishes in a few seconds. I know this is not right. When I run finalise without generalise it takes a while as expected. It seems there may be an issue with generalise and that it is recommended not to be used? Is this correct? So instead I run finalise and do then do sysprep manually sysprep /oobe /generalize /shutdown When the VM is shutdown I take a clone and remove the vTPM Now the DaaS deployment itself, Does this rely on snapshots? After I cloned it I am not taking a snapshot and leave the VM powered on. When it is powered on though I see that it is asking to specify region in vcenter console. That does not seem right to me? Initially, The conversion of image fails with error "Agent - Sysprep validation failed. Sysprep local admin account credentials are not valid" That seemed to be caused by the fact that sysprep disables local admin account so I got around it by creating another admin account. The pool deploys but it is asking me to specify region again? So something still off with sysprep When I take another clone of the master and deploy it as instant clone , the image goes into transition and I can see all the cp templates being created but the transition does not seem to complete. So there is a lot going on and not sure where to take it from here. Thoughts?

Thanks Sean I will need to get a bit more detail around MFA internally. What I am still not clear on is how I would get one set of connection servers to work if external uses MFA and internal would not. It is my understanding that I need to enable "Delegation of authentication to VMware Horizon" I see settings are Disabled/Allowed/Required. I guess this setting would then be allowed so external connections use it but internal would ignore it? And without a TrueSSO setup included, I would always have to authenticate twice right when I'd come in externally (assuming SAML) Cheers

Thanks Sean The idea is that people connecting from off-site go to a specific URL (i.e remote.mydomain.com). When they connect they will need to be prompted for MFA, likely Azure. Once MFA is succesful, they should be able to connect desktop. Internal connections will go via on-site specific URL (i.e. internal.mydomain.com). Internal connections may need to use MFA (or maybe only some of them based on access policy) I am trying to determine the following, Is it advisable to use one set of connection servers for both external and internal connections. I know that this is a supportable configuration but not sure if it is when MFA comes in to play? I am assuming that Azure MFA will be used so it involves setting up the enterprise application. Is it possible/advisable to use a single enterprise application for both external and internal MFA requirements? External connections would go via a UAG but not planning to do that for internal connections, unless it simplifies the overall setup. Hope this makes sense. Cheers

Hi there I am wondering what a good approach would be do the following... Creating a VMware Horizon environment that accommodates both external users (who authenticate via Unified Access Gateway, or UAG) and internal users (who authenticate directly to Horizon without UAG), while implementing Multi-Factor Authentication (MFA). I'd use an external and internal URL for this. If possible, I would want to integrate the internal and external Horizon users with the same IdP that supports MFA. The IdP would be Azure based. Can I get away with one enterprise application? And would it be possible to use one set of connection servers for both the internal and external requests in this scenario? I know the same connection servers can be used for internal and external access but not sure if the MFA requirement would change that? Hope this makes sense. If someone can put me on right path that would be appreciated.

Hi there I am looking for some tools to profile GPU workloads running on a physical desktop. I am aware of GPUprofiler (Releases · JeremyMain/GPUProfiler (github.com) but are there alternatives?

Hi there I am getting this error on a pool after upgrading to 8.12. Whilst the workaround of enabling provisioning again and deleting VM in question gets it going again, I am not sure what the cause is or which IC utility would be the right one VC_FAULT_FATAL: The name already exists Instant Clone Creation Error (90426) (omnissa.com)

No enable host redirection option in 2111 it seems Have attached screenshot of the connection settings. In this environment there is one for internal, and another for external (behind UAG) No settings in locked.properties other than default.

Have attached Cheers

Hi team I am trying to upgrade from 2111 to 2312.1. Upgrading the connection server from 2111 to 2312.1 works initially. I can log in, see that it is version 231.2 and launch a desktop session. However, when I reboot the connection server it stops working. I cannot get to console. The services are all still running. The issue appears to be similar to this article, but solution does not seem to be applicable to me JAVA_TOOL_OPTIONS on a VMware Horizon Connection Server = Not Good (stevenbright.com) Any ideas what could be causing this?

Hi team I have to upgrade this environment which does not conform to best practices and it has been a bit of a headache. I am seeing some behavior that I do not understand. There are two connection servers. The primary server, con1 resolves to connect.mydomain.com. I access the admin console via connect.mydomain.com/admin Now there is supposedly no load-balancer. But when con1 is down/disabled and I go to con2.mydomain.com/admin it redirects to connect.mydomain.com/admin. What drives this behavior? I noticed that the config.properties file has a clientHost=connect.mydomain.com. Is that it or is there something else that drives it? Cheers

So I have not touched Horizon in nearly 3 years and have been tasked with upgrading an environment that I have no prior knowledge of. I am running into issues. It is a very messy setup. There are no load balancers or setup documentation. The idea is to go from 2111 to 2406.Currently this environment has one UAG and two CS. One CS is for internal purposes (Con1) and the other for external connections (Con2). The UAG has its connection URL pointed to con2.domain.local and its thumbprint points to the SHA1 of a wildcart cert *.company.com The CS both have the wildcard certificate loaded (vdm). Now somehow connecting is working fine under 2111. Not that I understand it because the wildcard cert has no knowledge of con2.domain.local. Is there some hidden setting somewhere that could translate anything? I follow the upgrade process. I can upgrade the CS to 2406. Once upgraded I can still connect to the desktops internally via CS (I did notice that it overwritten the branding back to default. Any tips on how to save the custom branding appreciated). Next I do the UAG. Deploy new one and import settings. Now this did not work and I believe that this is because of SHA1 setting not being supported. I configured it manually with same settings but changed it to SHA256. The certificate was already SHA256.And things don't work via UAG anymore. I believe it should not work because the connection url domain name does not match the wildcard. But I am stumped over how it works with 2111. What am I overlooking? I have not verified yet but could it be a setting in one of the properties files that got overwritten with the CS upgrade?From memory, I saw an error along the lines of "vmware horizon rejecting request unexpected host header". The Horizon settings in UAG are green but in CS admin portal it says unreachable.I hope this makes sense.