VMware ADAM Database – Backup & Connect

Working with the ADAM database in VMware View is kind of like going to the dentist. You never want to go there, your reasons for going are usally related to pain, but your glad when it’s all said and done. This post will form the ground work for a series of tips & articles over the next couple of weeks. The article references all locations in terms of Windows 2008. If you’re running Windows 2003, god bless you.
Step 1 – Always Get a Current Backup
In the VMware View Administrator console you get create an on-demand backup Under View Configuration -> Servers.
Once the backup is complete, go to the server you ran the backup on and move the .LDF and .SVI file to a “safe location”.

The backup location is: C:\ProgramData\VMware\VDM\backups
.LDF = ADAM database
.SVI = View Composer Database

Step 2 – Connecting to the ADAM database

To connect to the View ADAM database:
1. Log in to one of the View Connection Servers.
2. Click Start > Administrative Tools > ADSI Edit.
3. In the console window, right-click ADSI Edit and click Connect to.
4. In the Name field type: View ADAM Database
5. Select Select or type a Distinguished Name or Naming Context.
6. In the field below, type dc=vdi,dc=vmware,dc=int
7. Select Select or type a domain or server.
8. In the field below, type localhost
9. Click OK.
10. Click View ADAM Database [localhost] to expand.
11. Click DC=vdi,dc=vmware,dc=int to expand


Automatically Turn Off and On Build to Lossess Based on Internal or External Access – VMware View 5.0

I’ll start off by saying the vast majority of users will never be able to tell the difference with Build to Lossess(BTL) turned off or on. VMware recommends in its PCOIP Performance Best Practices to have it turned off by default. BTL turned off is one of three major bandwidth saving in View 5.0. The other bandwidth saving features are the client side caching and the lossess codec for text.

I can see the need for it with special uses cases like in the Medical Field or high end graphical workstations in the office, but when you go home at night you just want to check an couple of emails. So lets begin.

All the PCOIP sessions variables can be controlled by Group Policy Administrative (ADM) Template files. The View ADM template files are installed in the install_directory\VMware\VMware View\Server\extras\GroupPolicyFiles . To get this to work we need to use:

    vdm_agent.adm – used to run a viscual basic script or PowerShell script on Connect or Reconnect
    pcoip.adm – used to set the defaults for Frame Rate, BTL, Image quality and many more.

The PCOIP will take the settings you provide and apply them at the time you connect to your virtual desktop. If you want to verify the settings are being used you can check the logs on the VM at :\ProgramData\VMware\VDM\logs ( I am pretending everyone is running Windows 7). The first few lines of code in the pcoip_server*timestampOfConnection*.log. will show the settings, see below.

02/02/2012, 22:04:16.737> LVL:0 RC: 0 MGMT_ENV :cTERA_MGMT_CFG::load_server_config_from_stores[1]: Did not process over-rideable pcoip defaults from registry.

02/02/2012, 22:04:16.737> LVL:0 RC: 0 MGMT_ENV :cTERA_MGMT_CFG::Registry setting parameter pcoip.audio_bandwidth_limit = 150

02/02/2012, 22:04:16.737> LVL:0 RC: 0 MGMT_ENV :cTERA_MGMT_CFG::Registry setting parameter pcoip.image_cache_size_mb = 300

02/02/2012, 22:04:16.737> LVL:0 RC: 0 MGMT_ENV :cTERA_MGMT_CFG::Registry setting parameter pcoip.enable_build_to_lossless = 0

You can only detect where the user has connected from after the fact, you will have to make your users disconnect to make the necessary changes. So I guess it’s not that automatic but it’s the best I good come up with.

How do you tell where the user connected from?

You can find out from the following registry key –
HKEY_CURRENT_USER\Volatile Environment\ViewClient_Broker_URL
If they are connecting from outside your corporate network it should be the name of your security server which you can check for. If your using an F5 device and no security servers you will have to use
HKEY_CURRENT_USER\Volatile Environment\ViewClient_IP_Address
and create your own logic. PowerShell might be the easiest to use because it has a LIKE operator which will make a quicker job of comparing strings.

So here is the code that you use to accomplish the task of turning BTL off. I named the text file Flip-BTL.vbs

'Declare Environment Variables

Dim ViewBroker, BTL

'Set Environment Variables

Set WSHShell = CreateObject("WScript.Shell")

'Lookup values in registry and assign to variables

ViewBroker = WSHShell.RegRead("HKEY_CURRENT_USER\Volatile Environment\ViewClient_Broker_URL")


'Check Build to Lossess and if they are connecting to a security server

If ((ViewBroker = "External-Broker-Name") And (BTL = 1)) Then


'Test Message Box inform the user

MsgBox "Your Connected from a Remote Location, to get better performance please disconnect and connect to get optimal user experince. A new setting must be applied"

End If

'Check to see if they connected from home and turned BTL off but are now back on the LAN
If ((ViewBroker = "Internal") And (BTL = 0)) Then


'Test Message Box inform the user

MsgBox "Your Performance is optimized for a slow link. To have the best user experience disconnect your session and log back in. A new setting must be applied"

End If

To get the code to run when the user connects into their session we must use the vdm_agent.adm. The graphic below shows a local policy but you should use an AD one for better manamgment.


The Best VMware View PowerShell Variable – Inform the Users

Running a lot of persistent desktops can have it’s it challenges. While persistent desktops are easier on the infrastructure; like DNS, DHCP, and storage IO they’re a real pain to manage. Since windows is windows, you do need to reboot your windows virtual desktop or else it will eventually get slow by some memory leaking program. It’s kind of funny that all things that a user would put up with a physical desktop, but when it comes to VDI they except the world(this can be good). I think the high exception is because you have given them something that is new and that they’re unsure of.

To help move your users move along their VDI journey, you can tell them how long their virtual desktop has been running my emailing them. Hopefully by letting them know, maybe you can prevent a help desk ticket.

The below code has to run on the View Connection Broker. There might be a better way to get the user’s email address but I don’t know it. If you do please do tell!

Import-Module ActiveDirectory
#need to grab AD information later

$listOfvms = Get-DesktopVM -vc_id (Get-ViewVC -serverName "vCenter").vc_id
#Grab all the desktops that your connection brokers are using,this will pull replica's as well
foreach ( $vms in $listOfvms){

if ($vms.isInPool -eq "true")
#if the desktop is in a pool see how long it's been running
$wmi = Get-WmiObject -ComputerName $vms.Name -Query "SELECT LastBootUpTime FROM Win32_OperatingSystem"
$now = Get-Date
$boottime = $wmi.ConvertToDateTime($wmi.LastBootUpTime)
$uptime = $now - $boottime
$d =$uptime.days
$user = Get-ADUser $vms.user_sid #Get AD user info so we can build the email address
$userSID = $vms.user_sid #Best PowerShell Variable b\c it means you know which desktops have been assigned and are active by users

#If the desktop has been running for 7 days and desktop is being used by a user, send an email
if ($d -gt "7"-and $userSID -gt 1){
Write-Host $userSID
$mail = New-Object System.Net.Mail.MailMessage
$user = Get-ADUser $vms.user_sid
$mail = New-Object System.Net.Mail.MailMessage
$emailTo = $user.GivenName + "." + $user.SurName + "@domain.com"
$mail.From = "noreply@domain.com"
Write-Host $mail.From
$mail.Subject = "Your VDI Desktop has been running for " + $d + " days"
$mail.Body = "Your " + $vms.name + " desktop has been running for " + $d + " days. If performance is slow please take the time restart your desktop. To restart your virtual machine please select the option from the Start menu. "
Write-Host $emailTo
$smtp = New-Object System.Net.Mail.SmtpClient("emailserver")
$emailTo = ""

$userSID = ""


#VDI Tip 52: Rat A Dat Dat, better Thin Dat

For a long time I thought DAT files where bad. They were normally very big and I considered them an extra file. I have now realized the error of my ways. DAT files are great because the help control your anti-virus by scanning a small exe and then excluding the DAT file. Exclude outgoing DAT’s on your server hosting your streaming apps and exclude DAT files incoming on your VDI desktops. Remember to remove any extra files, like user state files, extra language options and temp directories with install files.


VMware View 5 and MS Lync

While it will be never be supported by Microsoft(MS) it can be done. What is that you ask? MS Lync will run on VMware View and will work good if you can stay from running any USB devices. VMware offers Unified Communications (UC) API that reduces load on servers, reduces bandwidth and allows for QoS since the VoIP and PCoIP traffic can be split up. The API should allow you to squeeze more VM’s out of your hosts as well, though I am in favour of having head room for the bursting nature of VDI.

To get MS Lync to run on View 5 follow the basic guidelines that have been listed in VMware View Performance Best Practice Guidelines.
• Turn Build to Losses off
• Drop the Frame Rate to 8 – 12(I prefer 12)
• Limit the sounds quality to 100 – 150 Kbps (Note this does not affect USB devices)

The above can all be changed from the PCOIP.ADM object thru Group Policy. The Frame Rate setting is inside of the Image quality setting.

The next thing to do is go off to www.teradici.com and download the Teradici virtual audio driver. It’s a basic install. If your upgrading from View 4.6 , the audio driver will get set back to the default windows audio device.

Once that is done all you need to do is buy a headset that is not USB. I found it hard finding a non-USB headset but stumbled upon Cyber Acoustics AC-201 Stereo Headset/microphone.

With the reduction of CPU processing for PCoIP in View 5 I think it’s ok to offer MS Lync via View to your end users.

Good Luck out there.


ProfileUnity – New Release 4.8.1

Liquidware Labs new release of ProfileUnity 4.8.1 has three main points that I would like to cover.

1) – I had written a blog post about using ActiveSetup to speed up non-persistent machines. With 4.8.1 is it is now intregrated as a portablilty settings. Every easy to use and get up and running.

2) Log on Speeds – They have improved the movment of user persona data by changing giving two options to move data. For those unformilar with ProfileUnity, Liquidware Labs uses 7zip to compress and decompress the portabablity settings when logging off and on. The faster log on speeds results in bigger files being saved but it is less than 50% of the original.

3) Wizard Driven – If you just starting out you have the ability to use a wizard to configure your base policy instead of manually entering all the fields. It’s also nice now that unused settings are greyed out so you don’t have to go hunting around if you’re doing some troubleshooting.


Red Bull VDI Setting changes name with vSphere 5?

The great people over at VRC coined the term “Red Bull Setting” when they showed how to increase your VDI throughput.

The jest of the Red Bull setting is:
• Physically CPU has to over 50%
• Your CPU has to have Hyper-threading
• You can see a 20% increase with HaltingIdleMsecPenaltyMax set to 2000 or you can disable it.
• To ensure a VM gets it fair share of time, ESX will not let anything run on the one side of the core by disabling it while the vm takes its turn.

That is pretty high level overview but for more info go check out their sight. I noticed in vSphere 5 that I think the setting has changed its name. The picture below is the old setting disabled. The one after that is what appears to be the new one. When I upgrade my test environment I will double check to see if the setting is kept.

Old Setting: HaltingIdleMsecPenaltyMax


New Setting: HTWholeCoreThreshold

HaltingIdleMsecPenaltyMax set


Twitter Tips for VMware View – #16 – #39

Here are the twitter tips I made up between 16 and 39. I think I will have to start doing them all from the blog so I can keep track of them. Hope some are useful for you.

#VDI Tip 16: To upgrade a ThinApp application, you must unassign and remove the older version and add and assign the newer version.
#VDI Tip 17: Never, Never delete the VM’s in vCenter before you delete desktops with View Admin. View will go into a inconsistent state.
#VDI Tip 18: To manage ThinApp apps through View Admin, you must store the MSI packages on a network share. The network share must reside in an AD domain that is accessible to your View Conn Svr host and your View desktops.
#VDI Tip 19: #ThinApp The order of precedence 4 updating files is the files in the sandbox, the virtual OS, & then physical machine #appsync
#VDI Tip 20: #ThinApp uncomment the Wow64 parameter to simulate a 32‐bit env for 32‐bit apps on a 64‐bit
OS. Wow64=0
#VDI Tip 21: Don’t use the same vCenter for VDI as you use for your Server workload. You get the license, USE IT!
#VDI TIP 22:To prevent internal resources from being accessed external, setup “Tags” for your different connection brokers.
#VDI Tip 23: Reduce the number of connection servers and help put your #SharePoint and #Exchange environment with a #Big -IP from #F5
#VDI Tip 24: Try to do all of your management from only one connection server. This will pay off if replication decides to throw up on itself.
#VDI Tip 27: Use the vregtool .exe to change registry settings in a #ThinApp package instead of rebuilding the whole package
#VDI Tip 28: Always install conn. servers with 10GB of RAM b\c it sets the java and max connections allowed. You can scale back after the install.
#VDI Tip 34: Assigning application packages created with ThinApp is not supported for desktops that are downloaded and used in local mode
#VDI Tip 33: ThinApp the View Client and place it on your company website somewhere not easily seen so your support staff can direct them to it.
#VDI Tip 35: #NetApp Don’t dedupe and waste Fast Cache on non-persistent data like temp directories. Tier the data and use different policies.
#VDI Tip 36:See between the trees,use domain filtering to speed logon times after reboot & less is more with end user options. VDMADMIN – N
VDI Tip:37 via @langonej :persistent UDD can be placed on datastores optimized 4 heavy read \ write. Use to ensure application performance
#VDI Tip 39: Make sure you have a baseline before starting replacements. It will help to battle FUD like VDI is slow.