Replica of VMware View

Similar Questions

• Remove the replica vms without view

  Hello

  OK, so I went and uninstalled VMware View after a VINE but I find myself with a couple of Replica machines in vCenter.

  I don't have an option to remove these inventory or the disk, it is possible to remove them without sight or will I need to re - install?

  Best regards

  John

  Here is a recent blog article about it to a colleague:

  http://vcdx56.com/2016/02/10/delete-horizon-view-based-vCenter-server-protected-objects/

  Linjo

• How to fix VMware View Server certificate revocation check connection error?

  Dear community,

  For about 2 weeks, I feel a revocation of the certificate check error in our environment Horizon see 6.2. The strange thing is that, within 12 hours about two (replication) connection servers and the vCenter Server / server of composer (on the same machine) are considered as having invalid certificates, even if, in fact, they are valid (CA certificates). We use no security servers.

  The view admin console shows the following for servers connection:

  The server certificate is not approved.

  The server certificate cannot be verified.

  For the vCenter, he said (that I have validated manually the certificate):

  No problems found.

  Certificate is not approved, but the thumbprint of the certificate is accepted.

  With the connection series on 'full', States that the login server logs for the vCenter server:

  TRACE (B 17-0 - 0E98) < VCHealthUpdate > [NativeKeyVault] validateCertificateChain response: {result = FAIL, EndEntityReasons = cantCheckRevoked, ChainReasons = invalid, SelfSigned = false, EndErrorCode = 16777280, EndInfoCode = 258, ChainErrorCode = 16777280, ChainInfoCode = 256, PolicyErrorCode =-2146885613}

  As far as I can see there no similar entries for login server certificates in the newspaper.

  At the moment I am under the environment with composer and vCenter certificates manually valid and invalid connection (red) server certificates (as view clients and browsers are not disabled).

  I already checked that I am able to do everything 'green' again via setting the registry key 'CertificateRevocationCheckType'2 (as described here Configure the server certificates certificate revocation check). This brings me to the conclusion that one of the intermediate certificates cannot be validated. So, I had the information a "version" of an intermediate (intermediate certification authority) certificate has been revoked. There seems to be no coincidence - like the time point is as well, but this particular version does not appear to be used in the servers of my connection.

  However, even with full logging enabled, I can't information which (intermediate) certificate cannot be validated and why. I expected to see something like 'OCSP verification' or 'check the CRL' but I can't find it in the newspapers. However, I noticed that one of the intermediate certificates lacked the OCSP URL (even if the field "Authority Information Access" existed). Of course I updated the certificate with a version that contains the OCSP URL, but it has not changed anything.

  In addition, I checked manually all of the certificates in the chain with openssl (for OCSP) and CRLs as well, but everything seems to be OK (all URLS are accessible and no opportunity of certificate has been revoked). Actually, I do not interpret the error as "that the connection to the server is an invalid certificate because it has been revoked", but "it cannot check if it has been revoked. The servers do not need a proxy and nothing configured, so (I checked the proxy settings system context, also).

  For now, the problem is not critical, such as 'red' status connection server has no effect on our customers and so I could turn off certificate revocation check (or switch to check that the certificate of the server (2)). But of course, I would really solve the problem.

  Is there someone who can give me a hint on what to check, for example, how do I know which certificate cannot be controlled and why? Someone had the same or a similar problem? Support VMware is working on the problem as well, but they seem don't know is not the problem, either.

  I appreciate the thoughts and responses! Thank you!

  Best regards

  Fabian

  Dear community,

  During this time, I was able to correct the error described at the beginning of this thread. Jump to the end to see what could probably help you...

  1. At first, I installed an additional standalone VMware View Server connection in order to check the following related certificates:
     1. VMware support always told me to renew my certificates because they "were not valid" etc. - even if in fact they were (like external URL calls and attested manual verification and tests).
     2. That's why I created new additional certificates for the login server and configured to include the vCenter even as my production environment - only difference was I didn't inlcude the composer who runs the server vCenter himself.
     3. The result was that the server was "green" including both the vCenter Server certificate which could be 'not reliable' by the environment of production - strange, huh?
  2. After I reset the additional server to a turned wink where connection to the server was not yet installed (before that, I uninstalled the connection to the server in case there is information in vCenter thereon) and reinstalled as a replica of the production environment server. Somehow I expected this, but still quite strange the vCenter Server (and composer) now again was considered "invalid", even if the certificate of the server connection itself considered still valid and green. For test purposes, so I put certifice revocation checking on '2' (only one server certificate check) - but only on the 'old' production servers' and 'magical' everything has been considered valid. So as I see it, there seems to be some sort of information stored on the 'old' connection servers that makes them believe that invalid certificates and that the information is replicated on the third server unless I lower the revocation of the certificate controls on these servers. Altervative explanation could be that VMware View does not accept certificates with aliases that do not include the 'real' server name - that is / was in fact certificates the old servers connection. The new server certificate connection included the real name and the alias. I understand if this is the case, but then I expect that it be documented somewhere (I have not found this information) and also wouldn't understand why it worked without problem for several years before.
  3. After finding that out, I created new certificates for the 'old' connection servers, including aliases and real names and replaced the certificate on one of the servers (and restarted the login server) - only a few successfully. Once I put the revocation checking on '4' again on this server, the login server certificate was still considered valid, but not the vCenter and certificate of composer.
  4. Now, I've uninstalled the old login server (removed from the view) and reinstalled completely (including an update of the 2008 R2 2012 R2 OS) and after I have it reintegrated into the environment, everything remained green - as long I have will activate revocation checking on the second login server "old." This is why I did the same with this (completely reinstalled and reinstated it) and now everything is green with the revocation checking enabled on all replicas of server connection.
  5. The next step I uninstall the additional replica because I created only for troubleshooting purposes.

  So what will no doubt help in similar cases:

  • Reinstall the servers of connection one by one, including:
  • Uninstalling html access (if used), uninstall the login server to view, uninstall 'VMware' AD LDS Instance.
  • Removal of the connection to the server of replication group: run "s - r s uninstalled_ vdmadmin.exeservername" on one of the servers connection remaining.
  • Reinstall/Update OS (may not be necessary, but I did not test that)
  • Reininstall, return to the login server replica. If you used the certificates which included only the alias of the server I recommend you to create new ones, including the name of the server as well, but maybe it's not necessary as well. If you want to keep the certificates which only inlcude the alias it will be necessary to install this certificate after the first replication of the servers (see below).

  My question for technicians of VMware/developers: It is supported to use certificates include only the server alias. Otherwise why it worked before and where is it documented? Where are certificate cached information so that simply replace the certificate was only some, and not a complete success (see above). FYI - when I paired initially replicas that I had to install the CA (including only the pseudonym) after the first replication - now with certificates (including the server name and the alias), I could install the certificate before you replicate (= the login server installation).

• Several areas in the Horizon of VMware View AD

  Hi guys, I want to test creating Pools with 2 Active Directory domains. I have set up my environment as follows:

  
  

  Domain A

  
  

  1. connecting to the server

  Server 2-composer

  3-Security Server

  4 - vCenter Server

  
  

  Domain B

  1. connecting to the server

  2. created a separate account to View Composer

  For now seen Horizon 5.3.2 is fully functional on the field. But I need your help deployment pool using domain B. After you have configured the connection Server (joined to Domain B), I tried to add domain B by using view composer account by logging in to view Admin(Domain A) > Edit vCenter Server > change display composer settings > check server information (under Domain) but I'm 'Bad domain name.

  
  

  You guys please help or send me a link of approval one way of installation which is required for VMware View, so that I can deploy Pool using domain B.

  
  

  Without creating confidence, I added redirector conditional field B on the field which allow me to add domain B without "Bad domain name" pop up. But I don't know what to do next. Anyone can guide me please.

  
  

  Concerning

  Hello

  I've done below the configuration to create 2 different pools where VM is joined to 2 different domains.

  I have Domain A and domain B, having 2 confidence way configured by the AD team.

  I sent 3 win 2 k 8 Server and added to the field.-a. On a single server, I installed vCenter & composer on one server I installed the login server & the other I did the Server fall back to the existing connection server.

  In connect to server, I added vCenter & composer. I have 2 different users who have domain join rights in Domain A and domain B.

  Domain-A\abcUser

  Domain-B\xyzUser

  I added above 2 users in the view composer under domain settings. PFA.

  When creating a pool, in the comments tab customization for users of domain-A, I chose identifier of domain-A\abcUser machine Domain-A and the AD container, which is present in Domina-A place machines.

  for domain B user created another pool, and tab customization of comments, I chose domain-B\xyzuser and the AD container that belongs to the domain B to place machines.

  If you want to add a different machines, you must not deploy a connection/replica server in each domain. Just add the ID domain user under domain composer view tab and choose the right ID when creating the pool.

• Overview of VMware View 5.2 Load Balancing

  Hi guys,.

  I use VMware view Horizon 5.2 and my infrastructure is as follows:

  2 view x servers security

  2 view connection x servers

  Can anyone please guide me how to configure load balancing and what are the best practice Horizon of VMware View load balancer configuration.

  See you soon

  http://pubs.VMware.com/view-52/topic/com.VMware.ICbase/PDF/horizon-view-52-architecture-planning.PDF

  Simply place your load balancer in front of the two security servers. This is indicated on page 70 - figure 5-2.

  If you also want to allow access by internal users, and then add two replicas more connection to the server. This is indicated on page 71 - figure 5-3.

  Your reviews will connect to the alias balanced appropriate load.

  Mark

• With VMware View Server using LDAPS (port 636)

  I've been responsible for something that seems impossible/not supported.

  VMware View Server uses port 389 for LDAP.  My task is to do view to use instead the port 636 (LDAP over SSL).  The accusation is that the replicated servers in VMware View data not encrypted between other on port 389.

  So far in my quest, I did no progress in this project.  However, I was able to test that manual connections can now be performed (with ADSI Edit) with port port SSL 636 other replicated servers view.  Problem is that the view seems to have hard-coded to use port 389 and cannot be moved to use LDAPS.

  There are instructions to do something like this in vCenter (http://www.vstable.com/2012/01/27/vcenter-5-active-directory-web-services-error-1209/) (Security Virtual Lab: & amp; nbsp;) Architecture - Blog - proSauce), but nothing related to the sight of the surfaces in a Google search.

  Someone at - it have a Yes or whinny if possible?

  EDIT: Moved to the correct community.

  It is not easy being responsible for something impossible!

  Connection view servers have an AD LDS instance, and replication between servers using the AD LDS replication. This is a replication mechanism secure by using the replication RPC, LDAP and Kerberos and secure without having to implement LDAP over SSL on 636.

  The articles you refer to are actually on the definition of a port number unused LDAPS access of Web Active Directory Services with vCenter Server to get rid of an event without danger. It does nothing to do with replication between LDAP servers. View prevents remote access Active Directory Web services anyway with a specific firewall rule so that remote users have no access to it.

  The only reason why you can use LDAPS with AD LDS is if you support simple LDAP connections. The use of SSL would mean that the simple bind passwords are not sent in the clear. In the case of the view, simple LDAP connections are not enabled in any case.

  In summary, what you're trying to do is useless.

  Mark

• Disaster recovery for VMware View

  I am trying to design a site recovery for vmware view on 100 VDI environment.

  I head office:-Equallogic PS6110 the same DR site storage

  -Data Center, Cluster 1,

  -1 vCenter, 1 server, 1 replica server connection, 1 SQL server, Active directory

  How can help pls I conceive the DR site? The head office is in production.

  without need to use RS.

  Do you know what RPO and RTO you should keep disaster?

  What distance between your primary and DR site?

• 64VMs limitation of VMware View by LUN CF

  Hello

  I couldn't find, why VMware View has limitation of 64 VMS pre a fibre channel LUN?

  It is limitation of View Composer or any other components of VMware View?

  I read this limit on any web and guides, but I can't figure out why?

  Thank you

  Maros

  http://myvirtualcloud.NET/?p=1155

  A review of VMware View 4.5 limits and ceilings

  Limits

  Limits may vary depending on the versions and the versions in use. Therefore, it is important to understand that the limits presented here are a combination of the following: VMware View 4.5, 4.1 vSphere and vCenter 4.1.

  -8 hosts per cluster (including 1 of relief)

  Limit defined by the View Composer.

  -16 VMS per CPU (NEW! before was 8)

  -512 clones by Replica or office (for linked cloning) pool

  -64 VMs per LUN

  Applies when you use the table of Fibre Channel only. No limit for iSCSI or NFS

  -10 000 VMs in vCenter (NEW! already 3000)

  Limit is variable and varies according to the vCenter activity (power on and out, reconfiguring, cloning, etc.)

  If I'm not mistaken that has a limit on the number of related clones, you can have per LUN.  It was on an older version of view and was found in one of the reference architecture.   I tried to search this document but couldn't locate it.

  If you have found this device or any other useful post please consider the use of buttons useful/correct to award points

  Twitter: http://twitter.com/mittim12

• Unable to connect to the host via VMWare View Security Server 4

  I have installed and configured the VMWare View connection server and can connect to the virtual machine (Windows XP Pro) shareed via the customer to view without a problem. The problem Im having is that I have configured the Security server in my zone demilitarized and authorized the appropriate DMZ ports and the port 80 and 443 to the outside on my DMZ. Access the public URL and he invites me to authenticate what I do and it then publishes my office pool. I click to connect to the shared pool and it says connection for about 5 drops of s and then just my connection. Now, if I go to my security on my DMZ server, I can connect to the thin desktop via RDP.

  Thank you

  eeg3 is correct if you have a direct connection enabled on the broker for connections paired with security server then you would be forced to open 3389 to the outside world since the workstations would try to connect directly to the desktop.    The right way to go forward is to create the replica with disabled direct connection and combine security with this box server.

  If you have found this device or any other useful post please consider the use of buttons useful/correct to award points

• ThinPro with VMware View USB Redirection

  Hi all:

  I'm trying to configure my workstation (t620 ThinPro 5.1 running) to start required services necessary for USB with VMware View forwarding at startup.  I tried to add the command to /etc/rc.local and created my own init.d script, but none of these options automatically launch services.  Run manually /etc/rc.local and the custom init.d script launches the services successfully.

  Has someone managed to get the necessary USB redirection services running at the start?  Any guidance is appreciated.

  Thank you.

  Solved my problem... changed under USB Manager Remote Protocol of VMware View.  Updated this setting caused VMware services to run at startup.

• Installation of VMWare view client issues with 64 bit Win8

  Hello

  I am trying to install VMware view client to access my VDI but I get the error message below... tried to install different products VMware, that nothing has worked... pls help.

  

  Its best you post your question in the following forums:

  Welcome | VMware Communities

• Test environment for VMware View 7 - PCoIP Protocol does not work properly

  We test VMware View 7 with as many Thin Clients and customers zero (Teradici)

  When we try to connect via RDP Protocol, it works fine. When we try to connect via the PCoIP Protocol, desktop display seems to blink (about 2 times per second) and display resolution is not acceptable. So, there is a problem with the Protocol (broker or Office VM)

  There are no firewall in the middle.

  Desktop virtual has a clean install.

  So... anyone have the same number? or similar?

  How much video Ram?

  You can increase the video Ram.

• VMware VIew 6 (PCOIP): Windows Client and web browser connects, Android and Ubuntu - don't

  Hello colleagues!

  VMware Horizon Client 3.4.0 build-2769709

  VMware View 6.1.1 construction-2769403

  VMware vSphere 6.0.0 2776511

  That's what's wrong: used SecurityServer and connecting to the server. External connection - via a router. When it is connected to a vmware PCOIP Protocol (Internet) outside of the view with a Windows client and a web browser, it works fine. But when connecting from Android or Linux (Ubuntu 14) load the desktop does not occur. Android immediately displays the message 'connection to server lost', Ubuntu delivers all messages - I'll be back on the screen to select a pool table.

  Which connection via MS RDP connection protocol is correctly to all customers.

  In the settings ConnectionServer in PCOIP Security Gateway set up the external address of the router.

  Redirect them router ports:

  -TCP 80,443,8443,4172,32111

  -UDP 4172,32111

  Any ideas?

  In security settings server in 'URL of PCOIP' was FQDN, but it must be the IP address.

• Names of certificate VMware View 6.1

  Hello world!

  I intend to install vmware view 6.1 with two connection on the LAN Server and security server on the DMZ.

  I wonder what names I need on the certificate?

  my login server names will be VDI1. MyDomain.Local, VDI2. MyDomain.Local

  my security server will be VDI3 (not domain joined server)

  my file on my public DNS is seen. Mydomain.com that guide to the Security server.

  I have internal CA server that can issue the certificate for VDI1. MyDomain.Local and VDI2. MyDomain.Local.

  I have a wildcard certificate for *. Mydomain.com (it does not contain one of my internal server names)

  
  

  1. can I use my wildcard certificate to connect to security without needing a server error?

  
  

  2. where should I install the generic cert? on the Security Server and all servers connection?

  
  

  3. what happens if I want to connect to internal network VDI do I have to install my certificate of internal CA with the internal names to my connection servers?

  
  

  4. because my login server will be connected both internal external, it uses internal cert (VDI1/2.MyCompany.local) for internal connection and external cert (*.) Mydomain.com) for external connection?

  
  

  
  

  Thank you.

  
  

  Taylor.

  I do not recommend to use a certificate with wildcards on connection servers.

  Instead, you can issue a certificate for each connection to the server: VDI1. MyDomain.Local and VDI2. MyDomain.Local

  In this way, the connection will be reliable when connection from inside.

  On the internet you connect on the server for security only, so you only need a trusted certificate installed on the Security server.

  If you issue a certificate from your CA, it will work but the clients that connect from the internet will not approve this certificate.

  If you want a certificate approved by anyone connecting from the internet, you must purchase a certificate of a CA like verisign etc.

  In both cases, the certificate must be issued with name: see . Mydomain.com and installed on the server for security only.

  Hope this helps

  Kind regards

  Claudio

• VMware View vGPU pool remote control software

  Hello!

  Normally, we used Dameware for remote control of our CAD user. But in a pool of VMware View, Dameware should not be used, the support has informed us.

  All other pools we used the VMware console, but it does not work with a vGPU.

  What is ofically supported and tested by VMware?

  Best regards

  Joerg

  News Info: Vmware supported Dameware, now!