VMWare View dedicated server necessary?

Similar Questions

• Cannot install VMWare View connection Server 5

  Hello

  In order to try the VMWare View 5, I have the program installation and 2008 R2 SP1 virtual server on which I am trying to install VMWare View connection Server 5.

  The server is a complete new installation with only the Active directory (and DNS) installed.

  Everything I try, I keep having the following error:

  This product can only be installed on Windows 2003 or Windows Server 2008 64 - bit. Other operating systems are not supported

  I went through the community forum, but the I have not found my solution to the problem of the forums.

  Kind regards

  Nick

  The broker for connections cannot be installed on a server that is running the role of AD.

  Sent from my iPhone

• Unable to connect to the host via VMWare View Security Server 4

  I have installed and configured the VMWare View connection server and can connect to the virtual machine (Windows XP Pro) shareed via the customer to view without a problem. The problem Im having is that I have configured the Security server in my zone demilitarized and authorized the appropriate DMZ ports and the port 80 and 443 to the outside on my DMZ. Access the public URL and he invites me to authenticate what I do and it then publishes my office pool. I click to connect to the shared pool and it says connection for about 5 drops of s and then just my connection. Now, if I go to my security on my DMZ server, I can connect to the thin desktop via RDP.

  Thank you

  eeg3 is correct if you have a direct connection enabled on the broker for connections paired with security server then you would be forced to open 3389 to the outside world since the workstations would try to connect directly to the desktop.    The right way to go forward is to create the replica with disabled direct connection and combine security with this box server.

  If you have found this device or any other useful post please consider the use of buttons useful/correct to award points

• Disable the protocols and encryption algorithms in VMware View connection server and security

  Hello

  In my recent deployment, I had a customer request to disable some protocols and encryption at the Server VMware View connection and security. I read some articles and found that this has been achieved by editing the locked.properties file. But when we have edited and replaced the file, users could not connect to the virtual desktop, so came back to us backwards and desktop computers worked fine.

  I found a few articles that we don't need to edit the locked.properties file in VMware view Horizon 6. If someone has done this please guide me through. Here are the details of the protocols and encryption algorithms that should be disabled

  Diffie-Hellman key

  Enable SSL v2/V3 and TLS 1.1 and 1.2

  Disable the RC4 encryption algorithm

  Select the secret of transfer (if possible)

  
  

  VMware view 6 is the connection to the server and security server.
  

  
  

  Thank you.
  

  Hello

  I implemented the following steps (from the manual):

  1. update the JCE policy files to take in charge the high-strength Cipher Suites

  You can add some cipher suites of high resistance for greater assurance, but first you must update the local_policy.jar and US_export_policy.jar files to each server instance and the security strategy for JRE 7 see connection to the server. You update these policy files by downloading the files to extend JCE (Java Cryptography) unlimited strength political jurisdiction from the Oracle Java SE download site 7.

  If you include some high-strength cipher suites in the list and you do not replace the policy files, you cannot restart the VMware view Horizon connection to the Server service.

  Policy files are located in the directory C:\Program View\Server\jre\lib\security from VMware.

  For more information on the download of the JCE unlimited strength jurisdiction policy 7 files, see the Oracle Java SE download site: http://www.oracle.com/technetwork/java/javase/downloads/index.html.

  After you update the policy files, you need to create backups of the files. If you upgrade the instance of the view connection server or security server, any changes you have made to these files can be replaced, and you may need to restore the backup files.

  2. the changes that policies of global acceptance with ADSI Edit

  • Start the ADSI utility on your computer see connection to the server.
  • In the console tree, select Connect to
  • In the selection or type a unique name text box or a naming context, type the unique name
    DC, DC = vdi is vmware, DC = int.
  • In the type or select a text field or the server box, select or type localhost: 389 or the name of a fully qualified domain (FQDN) of the server computer to connect to port 389 followed view.

  For example: localhost: 389 or mycomputer.mydomain.com:389

  • Expand the tree of the ADSI Editor, OU = properties, select OU = Global, then select OU = common in the right pane.
  • On the object CN = common, Global = UO, UO = properties, select each attribute that you want to change and enter the new list of security protocols or cipher suites.
    I used the following settings:

  EAP-ServerSSLCipherSuites: \LIST:TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256

  EAP-ServerSSLSecureProtocols_ \LIST:TLSv1.1,TLSv1.2

  It is not the highest possible, but they work with all the features of our customers.

  • Restart the service of VMware view Horizon connection server (server connection and security).

  This is not Activate secret transfer (if possible) , but other points are covered.

  If anyone can give a tip to activate the transfer secret, I would be grateful.

• VMware View Security Server DMZ

  Hello!

  We are currently developing a small installation of VMware View in our office as a CEP and I have a question about the server security and the need for the ports against customers.

  Our facility:

  (Active Directory and RADIUS) 2-factor authentication

  Front End FW

  Security on the DMZ server

  Backend FW

  Connection to the server

  The question I have is:

  4172TCP/UDP port 3389 be open from the Security server to customers?

  Is there no way of this tunnel since the Security server through the connection to the server on the inside?

  Thank you

  Kenth

  Hej Kenta.

  You are right, there is currently no way to tunnel on the dry-server and the connection broker using PCoIP, you can only create a tunnel through one.

  So that means you need to open TCP/UDP 4172 between dry-server and desktop computers-view.

  Joel

• Installing the Server VMware View Composer

  Hi team,

  Need help,

  I'm trying to install VMware View Composer server but I can not create my ODBC connector, can you pls help me to do this task.

  I get this error message

  

  (1) to connect to the database and the new query

  use 'ViewcomposerDbName '.

  exec Sp_changedbowner 'viewservice.

  (2) the right of the database and allow the sql and windows Authetication

  See the screenshot

  (3) lFailing Stil? Go to, click on Sql Server for management (on the left side) > Sql Server Logs > current view them if it connects

  It should be

• VMware View 5.1.1 Security Server LDAP errors

  Im having a serious amount of errors on my VMware View (5.1.1) security server

  Log debugging shows a large amount of LDAP errors, see below.

  2012-09 - 06T 10: 46:49.075 + 02:00 ERROR (0610-0940) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 11: 01:50.102 + 02:00 ERROR (0610-0CB8) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 11: 16:50.109 + 02:00 ERROR (0610-0FE8) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 11: 31:51.120 + 02:00 ERROR (0610-0DD8) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 11: 46:51.132 + 02:00 ERROR (0610-0244) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 12: 01:52.159 + 02:00 ERROR (0610-0F3C) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 12: 16:52.155 + 02:00 ERROR (0610-0E5C) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 12: 31:53.182 + 02:00 ERROR (0610-0F68) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 12: 46:53.194 + 02:00 ERROR (0610-092 C) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 13: 01:54.217 + 02:00 ERROR (0610-08E4) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
  2012-09 - 06T 13: 16:54.227 + 02:00 ERROR (0610-0504) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE

  Anyone got any suggestions?

  Hello

  The plugin ws_admin trying to make field checks every 15 minutes, but given that your security server is not on the field these checks fail. It is completely harmless, but they should not run in first place, I raised this in their own country.

  Mike

  Edit:

  There is a simple solution for this in 5.1.x:

  Under the current registry key HKLM\Software\VMware, Inc. \VMware VDM\plugins\wsnm\admin, create a new key named Params, and under that a new DWORD value named InitiateDomainChecks with 0 data. Once set, you will need to restart the VMware View Security Server service for the change to take effect.

• Install the server Vmware View connection

  Hello

  I have problem install vmware view connection server, my server has already joined ActiveDirectory, but I can't install vmware view connection to the server

  

  Help, please.

  Thank you

  Hudan

  It simply means that the client does not like your server certificate.  You should be able to click on configure SSL and change the certification autour options to make it work.

• I'm a little confused on what view "Security Server" is...

  I configured a test of internal company environment VMware View 5.1 to access pooled VMs dedicated and linked clone of iPads.

  Now, one of the users involved in the test environment wants to access his VM dedicated outside of the office... But I want to be sure to provide a secure connection.

  I was a little confused with the VMware documentation, because I understand that VMware View 4 had another product/device to view security server to act as a gateway, secure to operate into DMZ network and enable access to the view connection server... I think so... But I find no such beast in VMware not downloads section called 'VMware View Security Server 5.1.'

  I'm in a bit of mess. My understanding on Internet clients see how external access to the server of company internal connection through the DMZ must be leaves much to be desired unless 5.1 view connection server itself has absorbed the activities of the Server VMware View 4 security and he is riding on the area demilitarized or well... Oh hell... I'm just confused

  Little help or a point in the right direction would be greatly appreciated!

  See you soon!

  Keegan

  To install the Security server that you use the same installer regarding the Connection Broker, its an option during the installation process.

  Linjo

• Customizing the portal of VMWare View 5 Page

  HELO all,.

  We test Vmware view 5 for an implementation of the medim scale possible. We have all the settings and it works fine. There is one thing that the sentence is me: the Portal Page. Normally, the portal page tells you that you must install the client and it redirects you to the Vmware View client download page. I managed to find documentation that tells you how to customize and I had to show him a few links that will download the client to our own server. I have attached a screenshot with where I am now (vmwareviewcurrentportal.jpg) right; What is the best... but watch some training videos, I noticed that, after the trainer install Vmware View connection to the Portal Services looks diferent (in a better way). I've attached screenshots of what its like (VmwareViewDesiredPortal.JPG) looks like w.

  Essentially: it has radio buttons in the software selection and a download button. After choosing your Customer Portal redirects you to a page (VmwareViewDesiredPortalInstructions.JPG) of the instructions.

  -I know that it is a kind of model because the images to help guide are stored in C:\Program VMware View\Server\broker\webapps\ROOT\portlets\client\images on the Vmware View connection server.

  The question is: how setup/activate this portal? Any help would be greatly apreciated.

  Thank you

  Adrian

  Fear not, we stayed at a compatible screen for all types of customers. I'm sorry.

• The simplest configuration of vmware view?

  Good evening

  We have a small project with 5 desktop computers (= Users) and we think that it would be a good place to test VMware View.

  Unfortunately, it seems that we must implement the 4 servers to serve 5 customers:

  • See connection to the server
    
  • VMWare vCenter Server with View Composer
    
  • ESX Server
    
  • View transfer server
    

  What is the most simple and functional solution for VMware View with 5 users?

  The only software they use is a simple accounting tool that works very well with 100 k of memory...

  We hope that we can install a simple solution like this:

  HP (server) hardware with:

  • ESX Server with:
    
    • 1 x Windows 2008 R2 with Active Directory and the file server
      
    • 1 x Windows 2008 R2 with VMWare View to serve the 5 office users
      

  Unfortunately, there are no pre-sales VMware does support form / email (we hope that there is a customer support).

  Therefore, it would be great if someone can help us to answer this question.

  Thank you very much in advance,

  Kind regards

  Thomas

  I also wonder how this bake-off will go. I hope that the victories of view! In order to achieve this please take a good look at the documentation of the view. I also highly recommend that you take a look at the guide to optimize Windows 7 to see: http://www.vmware.com/files/pdf/VMware-View-OptimizationGuideWindows7-EN.pdf

  This will show you how to build a good image of Win 7 basis for review. Also note that it is strongly recommended that you build your base images starting from zero and NOT P2V them. You can quickly and easily build images for operating systems Windows using MDT 2010 update 1. This tool is free and is Microsoft. I strongly recommend that you take a look. In addition, many optimizations for Win7 and view are also good for use with Xen. Good luck.

• Level of encryption between Wyse ThinOS and VMware View desktop

  Can someone help me determine the level of encryption between my Wyse thin clients and virtual desktops.

  I use the latest Wyse ThinOS and VMware View connection Server 4.0.

  I have a manual desktop pool configured with things THAT RDP disabled. I'm also using smart card authentication.

  With direct disabled RDP is a configuration of SSL tunnel for the connection to the server and the RDP session to the virtual desktop by tunnel through this SSL connection?

  Yes that's right, although strictly that you should say server/connection security as if you use a security server, then this is endpoint of the tunnel rather than the CS.

• Discover the virtual machine with VMware View 4.5.  "That underlies the virtual machine is not available.

  I have installed the following to an ESX 4.1 server:

  -VMware View connection server (Server 2008 R2 Ent)

  -V - Center (Server 2003 Std)

  Install the VMware Client with Local Mode 4.5 to a laptop

  Installed VMware Agent to a Windows XP and Win7 is a guest vm on the ESX Server.

  I can connet with success both of these machines.

  When I try to extract either of these machines, I get the error message after 2% saying, "underlying this desktop virtual machine is unavailable.

  

  Can someone tell what to do to solve this problem?  I can't find anything so far for this error.

  Thank you

  Did you install and configure a forwarding server?

  -Mike

• How to fix VMware View Server certificate revocation check connection error?

  Dear community,

  For about 2 weeks, I feel a revocation of the certificate check error in our environment Horizon see 6.2. The strange thing is that, within 12 hours about two (replication) connection servers and the vCenter Server / server of composer (on the same machine) are considered as having invalid certificates, even if, in fact, they are valid (CA certificates). We use no security servers.

  The view admin console shows the following for servers connection:

  The server certificate is not approved.

  The server certificate cannot be verified.

  For the vCenter, he said (that I have validated manually the certificate):

  No problems found.

  Certificate is not approved, but the thumbprint of the certificate is accepted.

  With the connection series on 'full', States that the login server logs for the vCenter server:

  TRACE (B 17-0 - 0E98) < VCHealthUpdate > [NativeKeyVault] validateCertificateChain response: {result = FAIL, EndEntityReasons = cantCheckRevoked, ChainReasons = invalid, SelfSigned = false, EndErrorCode = 16777280, EndInfoCode = 258, ChainErrorCode = 16777280, ChainInfoCode = 256, PolicyErrorCode =-2146885613}

  As far as I can see there no similar entries for login server certificates in the newspaper.

  At the moment I am under the environment with composer and vCenter certificates manually valid and invalid connection (red) server certificates (as view clients and browsers are not disabled).

  I already checked that I am able to do everything 'green' again via setting the registry key 'CertificateRevocationCheckType'2 (as described here Configure the server certificates certificate revocation check). This brings me to the conclusion that one of the intermediate certificates cannot be validated. So, I had the information a "version" of an intermediate (intermediate certification authority) certificate has been revoked. There seems to be no coincidence - like the time point is as well, but this particular version does not appear to be used in the servers of my connection.

  However, even with full logging enabled, I can't information which (intermediate) certificate cannot be validated and why. I expected to see something like 'OCSP verification' or 'check the CRL' but I can't find it in the newspapers. However, I noticed that one of the intermediate certificates lacked the OCSP URL (even if the field "Authority Information Access" existed). Of course I updated the certificate with a version that contains the OCSP URL, but it has not changed anything.

  In addition, I checked manually all of the certificates in the chain with openssl (for OCSP) and CRLs as well, but everything seems to be OK (all URLS are accessible and no opportunity of certificate has been revoked). Actually, I do not interpret the error as "that the connection to the server is an invalid certificate because it has been revoked", but "it cannot check if it has been revoked. The servers do not need a proxy and nothing configured, so (I checked the proxy settings system context, also).

  For now, the problem is not critical, such as 'red' status connection server has no effect on our customers and so I could turn off certificate revocation check (or switch to check that the certificate of the server (2)). But of course, I would really solve the problem.

  Is there someone who can give me a hint on what to check, for example, how do I know which certificate cannot be controlled and why? Someone had the same or a similar problem? Support VMware is working on the problem as well, but they seem don't know is not the problem, either.

  I appreciate the thoughts and responses! Thank you!

  Best regards

  Fabian

  Dear community,

  During this time, I was able to correct the error described at the beginning of this thread. Jump to the end to see what could probably help you...

  1. At first, I installed an additional standalone VMware View Server connection in order to check the following related certificates:
     1. VMware support always told me to renew my certificates because they "were not valid" etc. - even if in fact they were (like external URL calls and attested manual verification and tests).
     2. That's why I created new additional certificates for the login server and configured to include the vCenter even as my production environment - only difference was I didn't inlcude the composer who runs the server vCenter himself.
     3. The result was that the server was "green" including both the vCenter Server certificate which could be 'not reliable' by the environment of production - strange, huh?
  2. After I reset the additional server to a turned wink where connection to the server was not yet installed (before that, I uninstalled the connection to the server in case there is information in vCenter thereon) and reinstalled as a replica of the production environment server. Somehow I expected this, but still quite strange the vCenter Server (and composer) now again was considered "invalid", even if the certificate of the server connection itself considered still valid and green. For test purposes, so I put certifice revocation checking on '2' (only one server certificate check) - but only on the 'old' production servers' and 'magical' everything has been considered valid. So as I see it, there seems to be some sort of information stored on the 'old' connection servers that makes them believe that invalid certificates and that the information is replicated on the third server unless I lower the revocation of the certificate controls on these servers. Altervative explanation could be that VMware View does not accept certificates with aliases that do not include the 'real' server name - that is / was in fact certificates the old servers connection. The new server certificate connection included the real name and the alias. I understand if this is the case, but then I expect that it be documented somewhere (I have not found this information) and also wouldn't understand why it worked without problem for several years before.
  3. After finding that out, I created new certificates for the 'old' connection servers, including aliases and real names and replaced the certificate on one of the servers (and restarted the login server) - only a few successfully. Once I put the revocation checking on '4' again on this server, the login server certificate was still considered valid, but not the vCenter and certificate of composer.
  4. Now, I've uninstalled the old login server (removed from the view) and reinstalled completely (including an update of the 2008 R2 2012 R2 OS) and after I have it reintegrated into the environment, everything remained green - as long I have will activate revocation checking on the second login server "old." This is why I did the same with this (completely reinstalled and reinstated it) and now everything is green with the revocation checking enabled on all replicas of server connection.
  5. The next step I uninstall the additional replica because I created only for troubleshooting purposes.

  So what will no doubt help in similar cases:

  • Reinstall the servers of connection one by one, including:
  • Uninstalling html access (if used), uninstall the login server to view, uninstall 'VMware' AD LDS Instance.
  • Removal of the connection to the server of replication group: run "s - r s uninstalled_ vdmadmin.exeservername" on one of the servers connection remaining.
  • Reinstall/Update OS (may not be necessary, but I did not test that)
  • Reininstall, return to the login server replica. If you used the certificates which included only the alias of the server I recommend you to create new ones, including the name of the server as well, but maybe it's not necessary as well. If you want to keep the certificates which only inlcude the alias it will be necessary to install this certificate after the first replication of the servers (see below).

  My question for technicians of VMware/developers: It is supported to use certificates include only the server alias. Otherwise why it worked before and where is it documented? Where are certificate cached information so that simply replace the certificate was only some, and not a complete success (see above). FYI - when I paired initially replicas that I had to install the CA (including only the pseudonym) after the first replication - now with certificates (including the server name and the alias), I could install the certificate before you replicate (= the login server installation).

• VMware View 5, unable to connect to the login server

  Has anyone seen a problem of not being able to connect to a server connection view 5, either with clients intelligent or even using the http://localhost/admin on the server? We had Windows patches pushed last night and now the software seems to not work.

  Windows 2003 R2 Ent Edition

  VMware View 5

  I noticed the patching procedures require you to uninstall view but not ADAM, so in theory I should be able to uninstall and reinstall without affecting stored prior information. Has anyone tried this before?

  Welcome to the forums.  I've uninstalled and reinstalled but you should be able to backup the DB ADAM and restore if necessary.    Have you checked the view logs to see if you can understand why it is not reponding?