Jan
24

App Volumes: Reprovisioning fails with AppStacks set to computer based assignments

Symptoms
Linked clone virtual machines provisioning tasks fails.
Recompose fails due to customization failing to join the desktops to domain.
Cause
This issue occurs due to AppStacks being attached during the domain join process.

On reboot after domain join c:\svroot cache is cleared losing changes to the VM.

Resolution
To resolve this issue, disable the App Volumes Service on the parent virtual machine.
Open a command prompt as administrator and run the following commands
sc config "svservice" start= disabled
net stop "App Volumes Service"
ipconfig /release
Shutdown the virtual machine and take a snapshot.

Create a script or batch file as below to set the service to automatic and start the service.
sc config "svservice" start= auto
net start "App Volumes Service"

Copy the script to the parent virtual machine to a directory you can reference later.
In View Administration portal you will have to reference your post-synchronization script:

Open up View Administration Portal
Go to Catalog – Desktop Pools – Select your pool
Click Edit
Select Guest Customization Tab
Enter the file path for script in post-synchronization script name:

C:\scripts\script.bat

Recompose the pool
VMware KB 2147910

Jul
28

The Impact On App Layering On Your VDI Environment

I was testing instant clones in Horizon 7 and it was pretty much a requirement to use some form of application virtualization and get your user data stored off the desktops. My decision on what to select for for testing was based on that I had already had ProfileUnity from Liquidware Labs and App Volumes is bundled in View at the higher layers. I wanted to see the impact of layering on CPU and login times. I has also used UberAgent to collect some of the results. While testing I would run one test run with UberAgent to collect login times and then one with UberAgent agent turned off to collect CPU metrics.

I used three separate applications, each in their own layer.

* Gimp 2.8
* iTunes 10
* VLC

I used AppVolumes 2.11 since 3.0 is kind of dead in the water and not recommend for existing customers so I can’t see a lot of people using it till the next release. ProUnity was version 6.5

I first did a base run with no App Stacks or Flex Apps but with a roaming profile being stored on Acropolis File Services. The desktops were running horizon 7 agent and office 2013 and were instant clones. The desktops were Windows 10 with 2 vCPU and 2 GB of RAM. When you see the % listed is a factor of both CPUs.

Base Run
baserun

So not to bad 14 secs login, probably some clean up I could do to make it faster but also not that realistic if your thinking about enterprise desktop so I was happy with this.

I did test with 1 layer at a time until I used all of the 3 applications. There was a gradual increase in CPU and login time for each layer. The CPU cost comes from the agent and attaching the vmdk to the desktop.

App Volumes with 3 AppStacks

3appstacks

So with 3 layers the CPU jumped by ~20% and the login time went up ~9 secs with App Volumes.

3 Flex Apps

3appstacks

flexapp

With 3 Flex Apps CPU jumped a bit and login times went up ~4 sec.


Overall Review

layeringreview

What does this all mean?

Well if you have users that only disconnect and reconnect and rarely log out then this means absolutely nothing for the most part. If you have a user base that gets fresh new desktops all of the time and things like large shift changes then it means your densities will go down. I like to say “Looking is for free, and touching is going to cost you”. Overall I still feel this is a small price to pay to have a successful VDI deployment and layering will help out the process.

Apr
08

Horizon 7: Notes & important cliff notes from the docs

I was travelling last week and when I was sitting on the plane reviewing some Horzion 7 docs. I thought I would capture the bits that tend to make or break your installation. The below bits are good reminders on what to do and what not to do.

NOTE When installing replicated View Connection Server instances, you must usually configure the instances in the same physical location and connect them over a high-performance LAN. Otherwise, latency issues could cause the View LDAP configurations on View Connection Server instances to become inconsistent. A user could be denied access when connecting to a View Connection Server instance with an out-of-date configuration

IMPORTANT The physical or virtual machine that hosts View Connection Server must have an IP address
that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.

IMPORTANT To use a group of replicated View Connection Server instances across a WAN, MAN (metropolitan area network), or other non-LAN, in scenarios where a View deployment needs to span datacenters, you must use the Cloud Pod Architecture feature. You can link together 25 View pods to provide a single large desktop brokering and management environment for five geographically distant sites and provide desktops and applications for up to 50,000 users.

Cloud Pod Architecture

NOTE Windows Server 2008 R2 with no service pack is no longer supported.

To use View Administrator with your Web browser, you must install Adobe Flash Player 10.1 or later

IMPORTANT If you create the View Composer database on the same SQL Server instance as vCenter Server,
do not overwrite the vCenter Server database.

IMPORTANT To run View in an IPv6 environment, you must specify IPv6 when you install all View
components. – you can’t change it after the fact.

NOTE View does not require you to enter an IPv6 address in any administrative tasks. In cases where you can specify either a fully qualified domain name (FQDN) or an IPv6 address, it is highly recommended that you specify an FQDN to avoid potential errors.

NOTE To ensure that View runs in FIPS (Federal Information Processing Standard) mode, you must enable FIPS when you install all View components.

NOTE You might need to set the UPN for built-in Active Directory accounts, even if the certificate is issued
from the same domain. Built-in accounts, including Administrator, do not have a UPN set by default.

Enrollment Server Installation

NOTE Because this feature requires that a certificate authority also be set up,and specific configuration performed, the installation procedure for the enrollment server is provided in the View Administration document,

NOTE View Connection Server does not make, nor does it require, any schema or configuration updates to Active Directory.

IMPORTANT You will need the data recovery password to keep View operating and avoid downtime in
a Business Continuity and Disaster Recovery (BCDR) scenario. You can provide a password reminder
with the password when you install View Connection Server.

IMPORTANT When you perform a silent installation, the full command line, including the data recovery
password, is logged in the installer’s vminst.log file. After the installation is complete, either delete this
log file or change the data recovery password by using View Administrator.

NOTE Replication functionality is provided by View LDAP, which uses the same replication technology as
Active Directory.

NOTE You cannot pair an older version of security server with the current version of View Connection
Server. If you configure a pairing password on the current version of View Connecton Server and try to install an older version of security server, the pairing password will be invalid.

IMPORTANT If you do not provide the security server pairing password to the View Connection Server installation program within the password timeout period, the password becomes invalid and you must configure a new password.

IMPORTANT If you use a load balancer, it must have an IP address that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.

NOTE If the installation is cancelled or aborted, you might have to remove IPsec rules for the security server
before you can begin the installation again. Take this step even if you already removed IPsec rules prior to
reinstalling or upgrading security server.

CAUTION If you remove the IPsec rules for an active security server, all communication with the security
server is lost until you upgrade or reinstall the security server. Therefore, if you use a load balancer to manage a group of security servers, perform this procedure on one server and then upgrade that server before removing IPsec rules for the next server. You can remove servers from production and add them back one-by-one in this manner to avoid requiring any downtime for your end users.

IMPORTANT Replace the default certificate as soon as possible. The default certificate is not signed by a
Certificate Authority (CA). Use of certificates that are not signed by a CA can allow untrusted parties to intercept traffic by masquerading as your server.

IMPORTANT To configure View Connection Server or security server to use a certificate, you must change the
certificate Friendly name to vdm. Also, the certificate must have an accompanying private key.

IMPORTANT If you plan to use this feature and you are using multiple View pods that share some ESXi hosts,
you must enable the View Storage Accelerator feature for all pools that are on the shared ESXi hosts. Having
inconsistent settings in multiple pods can cause instability of the virtual machines on the shared ESXi hosts.

View Storage Accelerator is now qualified to work in configurations that use View replica tiering, in which
replicas are stored on a separate datastore than linked clones. Although the performance benefits of using
View Storage Accelerator with View replica tiering are not materially significant, certain capacity-related
benefits might be realized by storing the replicas on a separate datastore. Hence, this combination is tested
and supported.

NOTE You can also use Access Point appliances, rather than security servers, for secure external access to Horizon 7 servers and desktops. If you use Access Point appliances, you must disable the secure gateways on View Connection Server instances and enable these gateways on the Access Point appliances.

IMPORTANT Do not change the JVM heap size on 64-bit Windows Server computers. Changing this value
might make View Connection Server behavior unstable. On 64-bit computers, the View Connection Server
service sets the JVM heap size to accord with the physical memory.

IMPORTANT Syslog data is sent across the network without software-based encryption, and might contain
sensitive data, such as user names. VMware recommends using link-layer security, such as IPSEC, to avoid
the possibility of this data being monitored on the network.

IMPORTANT View Composer is an optional component. If you plan to provision instant clones, you do not need to install View Composer.

NOTE Virtual Volumes is compatible with the View storage accelerator feature but not with the space efficient
disk format feature, which reclaims disk space by wiping and shrinking disks.

NOTE Instant clones do not support Virtual Volumes.

Nov
07

GPU-Z for XenApp / RSDH (View)

GPU-Z is a PC graphics diagnostic and monitoring utility, which gives you up to date information of the GPUs installed in your system, and lets you monitor their clock speeds, temperatures, fan-speeds, voltages, dedicated and memory usage. It’s a perfect tool to be using in your XenApp and RDSH farms depending on your broker of choice when using a GPU.

gpuz

< download GPU-Z >

May
05

VMware Horizon 6 RDS-hosted Apps and Imprivata failover with New Firmware

PCoIP Firmware 4.8.0 firmware for Tera2 zero clients has just been released. Some small goodies in there but I think the main one is for RDS. Zero clients now support VMware Horizon 6 application remoting based on Microsoft Remote Desktop Services (RDS). To configure zero clients to access VMware Horizon streamed applications, select the new Enable RDS Application Access option on the View Connection Server > Session page, under Advanced Options.

The new firmware aslo allows a View Connection Server address for Imprivata OneSign environments allows administrators to configure a Direct to View link on zero clients configured for View Connection Server + Imprivata OneSign mode. When users click the link, the current OneSign connection or authentication flow is cancelled and a Horizon View authentication flow starts instead. This feature lets OneSign zero client users access their View desktops when the OneSign infrastructure is unavailable.

—- link to new firmware —-

Nutanix-.Next-User-Conference-Email_Signature

Nov
25

EUC TIP: Have a slow logon times? via Fermin Echegaray – Nutanix Support

This post is courtesy of Fermin Echegaray, a Golbal Support Engineer at Nutanix. This goes to show why Nutanix has one of the highest customer satisfaction ratings in the industry. If it’s running on Nutanix, we are going to help.

Some time ago ​I found this very nifty tool while working with a customer; it is helpful in determining if GPOs are causing a slow logon time.
http://www.sysprosoft.com/policyreporter.shtml

It needs to be installed on one of the VMs and it should assist you with setting up verbose policy for the logging, but if it fails to do so, these are the manual directions:

Define a value at the registry like this:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Entry: UserEnvDebugLevel
Type: REG_DWORD
Value data: 30002 (Hexadecimal)

To make sure you have current log data, do the following:
Go to %systemRoot%\Debug\UserMode and delete or rename the current Userenv.log; Log off and log back on to reproduce the problem. A new Userenv.log will be produced.

I found once with this tool that this customer’s IE Branding policy took 14 seconds to complete, disabling it obviously accelerated the logon time.

Sep
23

Fast Access with PreLaunch and Session Linger in Citrix XenApp 7.6

Session lingering seems like a great fit shared environments like schools and hospitals.

More info on Citrix Validated Solution for Nutanix – 1000 users in 6U of space.

Jun
10

Loginvsi and the Launchers from Hell

Just from friendly advice from a guy who has been hunting down bugs and to remember a healthy launcher is just as important as great golden image.

1) Remove the Windows XPS printer so you don’t have to worry about printer redirection issues.

2) vSphere 5.5 and VMware tools has issues and can reset the network. Easiest thing to do is disable logging for VMware tools.

3) Installing Citrix receiver installs some older version of c++ 2005 libraries and you’ll see a ton of sidebyside in the event logs. Install by the X86 and X64 of the SP1 and you’ll be good to go.

4) More VMware tools issues – Unity (Mac) showing up in the logs, KB here to fix

5) Stick to the recommendations when using connectors of your broker of choice. If you need a lot of launchers here is PowerShell script that will help you along -> http://vmwarepro.wordpress.com/2012/05/19/provision-multiple-vms-from-template-via-powercli/

or a great tip from @shanetech is to use PVS for the launchers.

Mar
17

EUC Tip 93: XenDesktop & the vCenter Virtual Appliance

If you plan just to use the self-signed certificate with XenDesktop and Machine Creation Services(MCS) make sure you regenerate the certificate for the vCenter Virtual Appliance. This will allow you to configure MCS by allowing you to store the certificate from vCenter on the Desktop Controller.

XenDesktop on Nutanix

Regenerate the local cert

Jan
23

EUC Tip 92: SuperFetch Windows 8 vs 7

SuperFetch in Windows 8 is enabled by default. It is VDI-aware and should not be disabled. SuperFetch can further reduce memory consumption through memory page sharing, which is beneficial for VDI. Non-Persistent virtual desktops running Windows 7, SuperFetch should be disabled, but for personal virtual desktops running Windows 7, it should be left on.