About Me

My photo
This blog has been created to share technical information, interesting innovations that I notice on daily basis and Architectural/Consulting overview of various technologies. My areas of interest, on which I would be blogging, are VMware, Microsoft and Citrix Technologies. I hope you will enjoy this blog and share your experience with me.

Enabling Verbose Mode for ADMX Logging (NoAD Mode) – VMware UEM 9.1

If you using VMware UEM for applying ADMX-based Setting and want detailed verbose logs on ADMX then then you will have to add an additional advanced settings in the NoAD.xml file.

Background: We were applying an ADMX setting (Desktop Background Wallpaper) and it wasn’t applying on the virtual desktop. The informational logging was not sufficient in deriving the root cause of the issue. Why the AMDX setting was getting skipped? After enabling the verbose logging it started logging additional information that was helpful in arriving to a conclusion.

Solution (NoAD.xml)
Located under \\FileShare\General\FlexRepository\NoAD subfolder.

Setting

XML Attribute

Comments

Enable verbose logging for ADMX-based settings, application blocking, and Horizon policies AdmxLogging="1"

Set to 1 to configure

Screenshot of the NoAD.xml file:

ADMX Logging

After enabling the setting you will see an additional file called FlexEngine-ADMX.log in the logs folder which will capture all the verbose logging.

Reference KB Article:
Configuring advanced UEM settings in NoAD mode – 2148324

Thanks,
Aresh

How to collect logs from Horizon View 6.x/7.x Instant Clones – Desktop VM’s

If you have desktops deployed via Horizon View 6.x/7.x Instant Clones technology it can get very difficult to collect the Horizon View Agent logs from the desktop VM for troubleshooting/analysis purposes. The moment the end-user logs-off from the desktop it gets into the Status = Disconnected –> Deleting.

vCenter Task for log-in and log-off of the desktopvCenter Task Log-in/Log-Off

vCenter Task for Deleting –> Customizing –> AvailablevCenter Task Delete - Customizing - Available

The above operations happen very quickly. Suppose in our scenario the desktop was failing on the Status=Customizing (View Administrator). The desktops status would change into the Error state and after couple of seconds get into delete will remain in a loop until the desktop becomes available. This is by design as the Instant Clone is trying to re-create the desktop There was no way to capture the logs for analysis or troubleshooting.

Resolution:Now you can disable the recovery of the Instant Clone desktop VM if they are in the Status=Error (Strictly for troubleshooting purposes). This setting can be enabled at Desktop Pool Level

Desktop Pool Setting (disable autorecovery):

  • Open the Horizon View ADAM – (DC=vdi,dc=vmware,dc=int)
  • Go to OU=Server Groups – on you right select OU=DesktopPoolName (this is the name of your desktop pool)
  • Search for pae-RecoveryDisabled and click Edit
  • Enter Value =1 and click Add – OK
  • ADAM

Now whenever your desktop within the Pool will be in Status=Error it will not delete the VM and keep it in the Error state for you to capture the logs and perform troubleshooting. Please revert the changes of this settings once you have finished analysis. I hope these steps would be helpful leave a comment down below

Additional KB:
Connecting to the View ADAM Database (2012377)

Thanks,
Aresh

Error accessing iOS devices - VMware Horizon View 7.x and F5 BIG IP APM 12.x

If you have recently upgraded to Horizon 7.x and use BIG IP APM version 12.1 you may realize that your Apple iPad and iOS devices don't work. The following error message on the Horizon View Client is noticed. (Screenshot from iPad)

iPad Error

Error: The Horizon server connection failed. Error the connection timed out.

Resolution:
In our scenario all the other devices such as Android, Windows etc. was working fine. To fix this problem we had to create a new F5 iRule(Name it F5-APM-iOS-fix):

when HTTP_REQUEST {
    if { [HTTP::header "Origin"] ne "" } {
        HTTP::header remove "Origin"
    }
}
Note: Make sure you apply this iRule on the existing Horizon View iApp or/else it will not allow you to apply the iRule, may get a error message.

Reference KB Article:
K84958121:
Accessing VMware Horizon 7 through the BIG-IP APM system

Thanks,
Aresh

Export Writable Volumes from vSAN Datastore

In certain scenarios such as uploading the Writable Volumes *.vmdk to VMware support team to analyze issues due to Writable Volumes or you simply want to export the WV from one vSAN datastore to another vCenter or vSAN Datastore
Following is the step by step procedure to export Writable Volumes from vsanDatastore for troubleshooting purposes:

Source vCenter or vSAN Datastore:

  • Create a dummy VM (No need to power on the VM)
  • Add a HDD to the dummy VM – Use existing disk option – Locate the Writable Volumes under -  /vmfs/volumes/vsandatastore/cloudvolumes/writables) and click OK
  • Now you can export the dummy VM as a OVA or OVF to another vCenter or vSAN datastore
  • Save the OVA to a File Share or GSS FPT for further troubleshooting

Target vCenter or vSAN Datastore

  • Import the OVA into the target vCenter
  • SSH to a host in the cluster from which the Writable Volumes (WV vmdk) needs to be copied to the correct path cd /vmfs/volumes/vsandatastore/cloudvolumes/writables
  • Copy the files *.vmdk from dummy VM Folder to the writable folder
    • cp /vmfs/volumes/DummyVM/AV-WV/domainname!5C.aresh.vmdk /vmfs/volumes/vsandatastore/cloudvolumes/writable
  • Go to App Volumes Manager – Writable Volumes – Import Writable Volumes
  • Now you should see the writable for that user
Following are the step the engineer needs to perform for further troubleshooting it can be GSS, R&D or L3.
  • Import the template into the environment
  • Click on convert to virtual machine
  • On any existing Windows 7 VM without AV Agent (make sure not AV agent is installed). One needs to have a Windows 7 VM pre-build
  • Add HDD and select the existing disk option. Search for the vmdk in the folder previously imported
  • Assign the volume a driver letter and you can browse the contents of the WV
  • Troubleshoot further!

I hope this post will save you a lot of time when exporting WV from VSAN Datastore

Thanks,
Aresh

Missing default Windows ADMX Templates after importing VMware UEM ADMX files

In VMware User Environment Manager 9.0 (UEM) after you have copied over the VMware UEM Manager GPO’s (.ADMX and .ADML) to the central store for group policy administrative policy templates on a domain controller you cannot view the default Windows ADMX templates such System, Network, Control Panel etc.

Issue
After copying the UEM GPO templates to  \\FQDN\SYSVOL\FQDN\policies\PolicyDefinitions. You cannot see “System” under the Computer Configuration – Policies – Administrative Templates.

What is a Central Store on Domain Controller?
It’s a location to centrally store the .ADMX and .ADML files in a domain environment. The path is as follows:

.ADMX - \\FQDN\SYSVOL\FQDN\policies\PolicyDefinitions
.ADML - \\FQDN\SYSVOL\FQDN\policies\PolicyDefinitions\en-US

MS Reference KB - https://support.microsoft.com/en-in/kb/3087759

Where is the default group policy administrative templates stored?
When central store is not enable the .ADMX and .ADML is stored at the default location on a domain controller. The path is as follows:

.ADMX - C:\Windows\PolicyDefinitions
.ADML - C:\Windows\PolicyDefinitions\en-US

Solution
If you cannot see the Windows default templates post enabling the central store you will have to copy all the ADMX and ADML manually from the Windows default location to Central Store on a domain controller

Copy all the .ADMX/.ADML files from Default to Central Store:

Particulars

Source

Destination

.ADMX C:\Windows\PolicyDefinitions \\FQDN\SYSVOL\FQDN\policies\PolicyDefinitions
.ADML C:\Windows\PolicyDefinitions\en-US \\FQDN\SYSVOL\FQDN\policies\PolicyDefinitions\en-US

I hope the above steps will help you to get your default Windows ADMX templates back and help you complete the remaining VMware UEM 9.0 server configuration.

Thanks,
Aresh

Solving Microsoft Outlook (.OST) issues by combing VMware UEM and App Volumes

The long outstanding challenge of Microsoft Outlook *.ost files within Windows 7/8/10 floating desktops. Using VMware User Environment Management (UEM) and App Volumes together can overcome this challenge. Microsoft never supported or recommended keeping .ost files on File Shares and with O365 into equation the .ost file could be enormous sizes and would be unable to provide optimal end-user experience like you would be running from your PC devices.

App Volumes

  • Writable Volumes with the User Installed Applications template will be used to store the Outlook .ost and profile configuration details (.xml)
  • The .ost is stored within the writable volumes. Hence there is no performance impact like storing it on remote file shares
  • Depending upon the mailbox sizes you can create larger custom Writable Volumes - UIA template (The default template in AV is 10 GB). Like in O365 scenarios its normal to have 25GB mailbox size. Customer can create larger WV depending upon the requirements

UEM

  • Use the ADMX based setting for the Microsoft Office 2013/2016 cache settings. Policy – Default location for OST files
  • The most import step here is to point the .ost location to “C:\Snapvolumestemp\writable\Outlook”. Note this path is not virtualized, there is no over ahead of the filter driver

Using this technique, we can now quickly re-direct the .ost files to writable volumes and continue offering floating desktops to our end-users

There is also a VMware UEM video which demonstrates this steps in more details here - https://www.youtube.com/watch?v=bzy4X5xbURY (Thanks to Pim Vandeis from the UEM team)

Thanks,
Aresh

Collect Horizon View Connection Server Logs in vRealize Log Insight

If you are using the VMware Horizon View Content Pack for Log Insight it will capture the Connection Server logs (Log-Date.txt and Debug-Date.txt etc.). However, it doesn’t work out of the box by deploying the Content Pack alone. You will have to enable the View GPO (vdm_common.adm) onto the Connection Servers in order to get the logs captured by Log Insight. In our scenario without the GPO it was only able to capture the Windows Events Application, System and Security only.

You need to perform the following steps:

  1. Download the Horizon 6 View GPO Bundle (VMware-Horizon-View-Extras-Bundle-3.5.0-2999900.zip) from https://my.vmware.com Downloads section. The Build number will depend on your version of Horizon View
  2. Extract the View Common Configuration Template (vdm_common.adm) from the zip bundle and copy it over to the domain controller
  3. Create a new OU and name it E.g. ViewServers and move all the Connection Server machine accounts into that OU
  4. Open gpmc.msc on the domain controller go to the newly created OU – ViewServers and “Create a new GPO and link it here” give a name to the GPO as ViewLoginsight and then click on Edit
  5. Go to Computer Configuration –> Policies –> Administrative Templates right click open “Add/Remove Templates” to import the vdm_common.adm file.
  6. Go to Computer Configuration –> Policies –> Administrative Templates –> Classic Administrative Templates (ADM) –> VMware View Common Configuration –> Log Configuration
  7. Select “Send Logs to Syslog server” choose Enabled under the Send logs to Syslog Server type – Debug|LogInsightIPAddress (E.g. Debug|10.10.10.1, Info|10.10.10.1, Trace|10.10.10.1)
  8. On the Connection Server VM make sure you have the following entry added. Navigate to %ProgramData%\VMware\Log Insight Agent\
  9. Open the liagent.ini file in any text Editor (Notepad, Notepad ++ etc.)
  10. Add the following configuration parameters to the file
    [filelog|ViewMain]
    directory="C:\ProgramData\VMware\VDM\logs"
    include=log-*.txt;debug-*.txt
    exclude=wsnm_starts.txt
    Note: We are only capturing the logs from Connection Server and not from the View Agent (deployed on the desktops). We have removed the pcoip_server and pcoip_agent from the default string as mentioned under Tech Specs in Solution Exchange portal page.
  11. Save and Restart the VMware Log Insight Agent service.

You will be able to see the Horizon View Connection Server logs getting captured to the Log Insight Manager: (Example below)

CSLoginsight

There is also a detailed blog post on this topic by one of my colleague Sivaprasad click on this link - http://incloudnet.com/2015/01/08/view-loginsight-support/

Thanks,
Aresh

EUC Sessions for VMworld 2016

Folks, I have submitted couple of sessions for the VMworld 2016. If you would like to see them go on stage then please vote! I highly recommend voting on other sessions which you might be interested in

How to Vote?
Create a Account on the VMworld 2016 website - https://www.vmworld.com/registration-create!input.jspa

Search in VMworld 2016 Catalogue - http://www.vmworld.com/uscatalog.jspa

Direct Links to my session
http://www.vmworld.com/uscatalog.jspa?search=8244
http://www.vmworld.com/uscatalog.jspa?search=8265

How VMware IT Implemented App Volumes and Said Goodbye to Traditional Application Delivery [8244]

The traditional approach to application delivery and lifecycle management within the Virtual Desktop Infrastructure (VDI) can be cumbersome and time consuming. The biggest challenge with this approach, is that it impedes the organization’s ability to be agile in times of change. In this session we will discuss how to size and architect Apps Volumes to deliver applications in real-time. We will explore the various application delivery methods such as App Stacks and Writable Volumes and best practices on integrating App Volumes with Horizon View for effective virtual desktops and application delivery with VMware.

Using EVO Software Defined Data Center for Managing VMware’s Horizon’s Automated Deployment and Lifecycle [8265]

VMware Horizon is leading the way for end-user computing. The latest version of Horizon introduced cutting-edge technologies in order to reduce the customers’ total cost of ownership (TCO). Combining Horizon with EVO Software Defined Data Center (EVO SDDC) allows the customer to easily deploy the desired right-sized Horizon View domain in an hour and enables further expansion as needed. In this session we will review the Horizon View architecture, the automation process, lifecycle management and EVO SDDC compute details.

Please Vote!

Thanks in advance,
Aresh Sarkari

Monitoring Horizon View Connection Server LDAP Replication

You wish to monitor the LDAP replication traffic between the Horizon View Connection servers (CS) in your environment, Simply run the following command against all the replicating CS individually. Note: Run the following command on a CS or make sure Windows Remoting enabled to execute from a remote machine.
CON1:

repadmin /showrepl con1.example.com:389 /errorsonly

repadmin
if you got the above response means inbound/outbound replication is successful on this CS

Suppose you have 4 CS within your environment, you would like to monitor the replication across all of them. One could ‘Schedule a Task’ to check replication every 4 hours between the CS and send the report to concern monitoring team for further action. In my case, I am running this command from a remote machine which has SMTP enabled to send emails.


CON1 – CON4:

repadmin /showrepl con1.example.com:389 /errorsonly
repadmin /showrepl con2.example.com:389 /errorsonly
repadmin /showrepl con3.example.com:389 /errorsonly
repadmin /showrepl con4.example.com:389 /errorsonly
Type the following in a notepad and save it as batch file and save as ‘replication.cmd’

How to check Outbound Partners of Connection Server
In case you want to see the outbound replication partners of the CS you will have to run the following command on each server.(By default inbound is always visible)
repadmin /showrepl con1.example.com:389 /repsto

How to check replication status with Cloud Pod Architecture enabled
The only difference when testing the replication of CS with CPA is the port number is different, you will have to run the following command
repadmin /showrepl con1.example.com:22389

This was a quick way to monitor the LDAP replication between CS!

Thanks,
Aresh

Installing Horizon View Connection Server 6.2.2 (Replica Server)

In this blog post I will be capturing the steps involved in the installation of Replica Connection Servers. The post is mainly for people who want to have a glance at the installation steps for Horizon 6 View Connection Server (64 bit) 6.2.2 – Build Number: 3508079

View experts please skip this post, if you are already familiar with the steps.

Installation of the Replica Horizon 6 Connection Server

Step 1: Right click on the Connection Server package and select 'Run as Administrator'

View-CS-Replica

Step 2: Click on 'Next'. The version number show's as '6.2.2'

View-CS-Replica

Step 3: Click on 'I accept the terms in the license agreement' and select 'Next'

View-CS-Replica

Step 4: Leave the installation in the default directory and select 'Next

View-CS-Replica

Step 5: This is the Replica (Second) Connection Server of the environment select 'Horizon 6 Replica Server' and 'Install HTML Access'. 'IPv4' is selected by default and click on 'Next'

View-CS-Replica

Step 6: Enter the FQDN of the primary Connection Server 'con1.example.com'

View-CS-Replica

Step 7: Click 'Configure Windows Firewall automatically' and select 'Next'

View-CS-Replica

Step 8: Click on 'Install' to begin installing Connection Server

View-CS-Replica

Step 9: Watch the Progress

View-CS-Replica

Step 10: Uncheck 'Show the readme files' and click on 'Finish'

View-CS-Replica

Step 11: On your desktop there will be an Icon 'Horizon 6 Administrator'

View-CS-Replica

Step 12: Enter the 'Username' and 'Password'

View-CS-Replica

Checkout the next blog post:
Installing Horizon View Connection Server 6.2.2 (Standard Server)
Installing Horizon View Composer Server 6.2.2

Thanks,
Aresh

My Blog List