Vmware Connection Server
Shameka Roessler
The first Horizon Connection Server must be a Standard Server. Subsequent Horizon Connection Servers are Replicas. Once Horizon Connection Server is installed, there is no difference between Standard and Replica.
If you point your browser to the Horizon Connection Server (without /admin in the path), the Install VMware Horizon Client link redirects to the VMware.com site for downloading of Horizon Clients. You can change it so that the Horizon Clients can be downloaded directly from the Horizon Connection Server.
If you plan to build RDS Hosts, then install Remote Desktop Licensing somewhere. You can install it on your Horizon Connection Servers by following the procedure at -controller-2203-ltsr-and-licensing/#rdlicensing.
No load balancer, just a connection server that had no problem before the upgrade. Client connections are made through the Blast protocol to the connection server (no direct connection) from clients to VDI. Monitor? Just what is installed by default.
I am using palo alto global protectin horizon vdi, once we login to vdi using horizon client and gp get connected we loose vdi connection from horizon. As gp install another network card and connect to there gate on internet.
Build new servers, then cutover, which usually means changing the load balancer to point to the new servers instead of the old. After cutover, for CS, see -AdministrationV2312/page/RemovingtheEntryforaConnectionServerInstanceUsingthe-SOption.html
Hi Carl,
when i run certlm.msc to request a new certificate, it show Certificate type are not available, not like your step 3 in part Install Cert Manually in your guide. How can i fix this? Should i install CA server on AD server and generate CSR from connection server and import to CA Server ?
No, unfortunately not. The problem still exists. I have uninstalled all third-party software and also Endpoint Protection. Only the Connection Server software is still installed. I have also already updated to 2312.1
I am still getting a 404 error. This had been running fine for a very long time, and stopped suddenly. I have edited the portal-links-html-access.properties on both connection servers, and restarted the VMware Horizon View Web Component on both connection server.
Hi Carl,
i am looking for a solution so that the horizon client connection to our Vmware horizon environment can only be accessed from company owned laptops.
Do you have any advise how to achieve this?
Many thanks in advance.
Kind Regards
Gerard
We used to see that VDPCONNECT_GATEWAY_ERROR error. We theorized that our load balanced UAGs or more so the F5 front ending the UAGs may have inadvertently caused this. The idea was that the users initial connection was via UAG1. A subsequent connection the F5 may send this user to UAG2. The Session or secured tunnel would tear down since the route for the reconnect wanted to go through UAG1.
Also, if I connect to a virtual machine on sites with version 2303, I do not shut down and connect from a third site with version 2303, I am given this virtual machine. What could be the problem? Can you tell me where to look?
thank you for your response. just a follow up question. Did Vmware end up recommending to match all sites to same version ? In our case, we have currently have 2209 and when upgraded one of the POD to 2309, the above issue occurred. we are waiting to hear from VMware.
In our case, we quickly raised the minimum test infrastructure and provided test updates from 2303 to 2306 and from 2303 to 2309. The problem arose in both cases, until we updated the second POD and the connection appeared, then the third POD. When upgrading from 2306 to 2309 there was no problem.
Hi, we are running Horizon 7.13 (linked-clone) on Windows 2012 R2
There is a need to replace the OS to 2019 or 2022. Instead upgrading the existing (in-place upgrade) Windows and Horizon on the existing machine, we are planning to deploy a new one instead, then perform configuration and testing first (Instant Clone) then perform a cutover once test is done. Do you think this this is practical and doable?
Basicaly you need to change the AD user Horizon uses to join VD to the domain (as Vmware says here: ).
In order to do so, you need to manualy change the CN=xxxx parameter of the pool through ADSIedit.
But to know which CN=xxxx correspond of the new user, you must add a test pool with the new account to see it in ASDI edit.
I am planning to upgrade OS on my Connection servers (running version 2211) from Windows 2016 to 2019. What would be the correct procedure? Can I just do the in-place upgrade? I would appreciate your suggestions.
BTW, I have always followed your BLOG to implement my Connection servers to the environment and they are running solid from the day one. Thank you in advance.
I would add a Replica server, reconfigure the load balancer to send traffic to the new server instead of the old server, and then remove the old server. If any UAGs connect directly to the old server, then reconfigure the UAGs too.
Another option is for each UAG to send Blast traffic to itself, but this would require three public IPs for the load balancer plus each UAG appliance instead of just one public IP for the load balancer.
Need to migrate the standard connection server from a 2012 server MS OS to 2019 MS OS. Can I create a replica of the 2012 connection server or does the new 2019 need to be a standard deployment? We have another connection server that used the 2012 standard to replicate from as well. If I have to use standard for the 2019 OS buildout does that also mean i need to replicate the other connection server off the new 2019 standard?
We are currently using the built-in HA features for UAGS and a primary connection server and a replica connection server. No load balancer. Had the primary connection server go down and connections failed to the replica. Started digging into DNS and found we never add an entry for examplevdi.domain.com for the replica server.
So if a primary connection server goes down and there is no load balancer then manual intervention should happen by changing the DNS record to point to the replica? Or is there a better way to go about it?
Before connecting, you will need to know the DNS name or IP address of your View Connection Server. For VMware Horizon DaaS, this is the DNS name or IP address of the VMware Horizon DaaS Desktop Portal.
This connection type automatically detects which broker protocol a connection server is using so users in a mixed environment (e.g., one that uses View Connection Servers and PCoIP Connection Managers) do not have to manually reconfigure the session type each time they switch brokers.
Imprivata OneSign allows users to access corporate networks, desktops, and applications with a single sign on. It also provides a range of authentication options that include proximity cards, smart cards, tokens, and other methods.
One of the great new features of VMware Horizon View 5.3 is the ability for any View Client to connect directly to a Horizon View desktop without using View Connection Server. VMware Horizon View Agent Direct-Connection (VADC) Plug-In enables some important new possibilities and flexibility in the way that Horizon View desktops can be used.
To support this direct-connection capability, a new Horizon View 5.3 software component called VMware Horizon View Agent Direct-Connection Plug-In (VADC) can be installed on each Horizon View desktop alongside View Agent. This component is essentially a mini View Connection Server on each Horizon View desktop that supports the full capabilities of each View Client (VMware and third-party). Supported capabilities include PCoIP, RDP, USB redirection, sound, 3D, Real-Time Audio-Video (RTAV), Unity Touch, single sign-on, session management, and more.
When a user starts View Client, instead of specifying the name or IP address of a View Connection Server or View Security Server, they can specify the name or IP address of the Horizon View desktop itself.
The user logs in as they normally would, either with a local user account or a domain account (if the desktop is joined to an Active Directory domain). Once connected, the user experiences the full capabilities of Horizon View as if they had connected via a View Connection Server.
During installation of the Horizon View Agent Direct-Connection Plug-In, you can specify the TCP port number that the HTTPS protocol will listen on for incoming connections from View Clients. Normally you should leave this as the default value of 443. You can also allow the installer to configure the firewall to create an inbound rule to allow this port through. The TCP port number can be changed later, if required.
There are several other advanced configuration settings for VADC. These can either be managed through Active Directory Group Policy Objects or by making registry updates directly in the Horizon View desktop master image. A full list of these settings is described in the VMware Horizon View Agent Direct-Connection Administration guide.
The guide describes how VADC can be configured for use in an environment that uses NAT (network address translation) and port mapping for client connections so that a single IP address from View Clients can be used for all desktops, and a unique TCP port number can be used to select a specific desktop. The guide also has information about how SSL server certificates can be set up and managed.
The filename for the Horizon View Agent Direct-Connection Plug-In is wsnm_xmlapi.dll. The diagram below shows the main modules of this plug-in together with the main interfaces to Microsoft subsystems and to the View Agent itself.
Yes. Although VADC can be used on its own without View Connection Server, there are several situations where deployments will use both. View Connection Server can be used to provision and manage desktops, while View Client users can still connect directly through VADC. A mixed mode can also be supported where brokered connections via View Connection Server can be supported for some users, and direct connections can be supported for others.
64591212e2