Jump to content

GravelRider

Members
  • Posts

    10
  • Joined

  • Last visited

GravelRider's Achievements

  1. Thanks Sean I will need to get a bit more detail around MFA internally. What I am still not clear on is how I would get one set of connection servers to work if external uses MFA and internal would not. It is my understanding that I need to enable "Delegation of authentication to VMware Horizon" I see settings are Disabled/Allowed/Required. I guess this setting would then be allowed so external connections use it but internal would ignore it? And without a TrueSSO setup included, I would always have to authenticate twice right when I'd come in externally (assuming SAML) Cheers
  2. Thanks Sean The idea is that people connecting from off-site go to a specific URL (i.e remote.mydomain.com). When they connect they will need to be prompted for MFA, likely Azure. Once MFA is succesful, they should be able to connect desktop. Internal connections will go via on-site specific URL (i.e. internal.mydomain.com). Internal connections may need to use MFA (or maybe only some of them based on access policy) I am trying to determine the following, Is it advisable to use one set of connection servers for both external and internal connections. I know that this is a supportable configuration but not sure if it is when MFA comes in to play? I am assuming that Azure MFA will be used so it involves setting up the enterprise application. Is it possible/advisable to use a single enterprise application for both external and internal MFA requirements? External connections would go via a UAG but not planning to do that for internal connections, unless it simplifies the overall setup. Hope this makes sense. Cheers
  3. Hi there I am wondering what a good approach would be do the following... Creating a VMware Horizon environment that accommodates both external users (who authenticate via Unified Access Gateway, or UAG) and internal users (who authenticate directly to Horizon without UAG), while implementing Multi-Factor Authentication (MFA). I'd use an external and internal URL for this. If possible, I would want to integrate the internal and external Horizon users with the same IdP that supports MFA. The IdP would be Azure based. Can I get away with one enterprise application? And would it be possible to use one set of connection servers for both the internal and external requests in this scenario? I know the same connection servers can be used for internal and external access but not sure if the MFA requirement would change that? Hope this makes sense. If someone can put me on right path that would be appreciated.
  4. Hi there I am looking for some tools to profile GPU workloads running on a physical desktop. I am aware of GPUprofiler (Releases · JeremyMain/GPUProfiler (github.com) but are there alternatives?
  5. Hi there I am getting this error on a pool after upgrading to 8.12. Whilst the workaround of enabling provisioning again and deleting VM in question gets it going again, I am not sure what the cause is or which IC utility would be the right one VC_FAULT_FATAL: The name already exists Instant Clone Creation Error (90426) (omnissa.com)
  6. No enable host redirection option in 2111 it seems Have attached screenshot of the connection settings. In this environment there is one for internal, and another for external (behind UAG) No settings in locked.properties other than default.
  7. Hi team I am trying to upgrade from 2111 to 2312.1. Upgrading the connection server from 2111 to 2312.1 works initially. I can log in, see that it is version 231.2 and launch a desktop session. However, when I reboot the connection server it stops working. I cannot get to console. The services are all still running. The issue appears to be similar to this article, but solution does not seem to be applicable to me JAVA_TOOL_OPTIONS on a VMware Horizon Connection Server = Not Good (stevenbright.com) Any ideas what could be causing this?
  8. Hi team I have to upgrade this environment which does not conform to best practices and it has been a bit of a headache. I am seeing some behavior that I do not understand. There are two connection servers. The primary server, con1 resolves to connect.mydomain.com. I access the admin console via connect.mydomain.com/admin Now there is supposedly no load-balancer. But when con1 is down/disabled and I go to con2.mydomain.com/admin it redirects to connect.mydomain.com/admin. What drives this behavior? I noticed that the config.properties file has a clientHost=connect.mydomain.com. Is that it or is there something else that drives it? Cheers
  9. So I have not touched Horizon in nearly 3 years and have been tasked with upgrading an environment that I have no prior knowledge of. I am running into issues. It is a very messy setup. There are no load balancers or setup documentation. The idea is to go from 2111 to 2406.Currently this environment has one UAG and two CS. One CS is for internal purposes (Con1) and the other for external connections (Con2). The UAG has its connection URL pointed to con2.domain.local and its thumbprint points to the SHA1 of a wildcart cert *.company.com The CS both have the wildcard certificate loaded (vdm). Now somehow connecting is working fine under 2111. Not that I understand it because the wildcard cert has no knowledge of con2.domain.local. Is there some hidden setting somewhere that could translate anything? I follow the upgrade process. I can upgrade the CS to 2406. Once upgraded I can still connect to the desktops internally via CS (I did notice that it overwritten the branding back to default. Any tips on how to save the custom branding appreciated). Next I do the UAG. Deploy new one and import settings. Now this did not work and I believe that this is because of SHA1 setting not being supported. I configured it manually with same settings but changed it to SHA256. The certificate was already SHA256.And things don't work via UAG anymore. I believe it should not work because the connection url domain name does not match the wildcard. But I am stumped over how it works with 2111. What am I overlooking? I have not verified yet but could it be a setting in one of the properties files that got overwritten with the CS upgrade?From memory, I saw an error along the lines of "vmware horizon rejecting request unexpected host header". The Horizon settings in UAG are green but in CS admin portal it says unreachable.I hope this makes sense.
×
×
  • Create New...