Administration
Table Of Contents
- View Administration
- Contents
- View Administration
- Using Horizon Administrator
- Configuring View Connection Server
- Configuring vCenter Server and View Composer
- Create a User Account for View Composer AD Operations
- Add vCenter Server Instances to Horizon 7
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support Remote Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Remove a vCenter Server Instance from View
- Remove View Composer from View
- Conflicting vCenter Server Unique IDs
- Backing Up View Connection Server
- Configuring Settings for Client Sessions
- Set Options for Client Sessions and Connections
- Change the Data Recovery Password
- Global Settings for Client Sessions
- Global Security Settings for Client Sessions and Connections
- Message Security Mode for View Components
- Configure the Secure Tunnel and PCoIP Secure Gateway
- Configure the Blast Secure Gateway
- Off-load SSL Connections to Intermediate Servers
- Configure the Gateway Location for a Horizon Connection Server or Security Server Host
- Disable or Enable View Connection Server
- Edit the External URLs
- Join or Withdraw from the Customer Experience Program
- View LDAP Directory
- Configuring vCenter Server and View Composer
- Setting Up Smart Card Authentication
- Logging In with a Smart Card
- Configure Smart Card Authentication on View Connection Server
- Configure Smart Card Authentication on Third-Party Solutions
- Prepare Active Directory for Smart Card Authentication
- Verify Your Smart Card Authentication Configuration
- Using Smart Card Certificate Revocation Checking
- Setting Up Other Types of User Authentication
- Using Two-Factor Authentication
- Using SAML Authentication
- Using SAML Authentication for VMware Identity Manager Integration
- Configure a SAML Authenticator in Horizon Administrator
- Configure Proxy Support for VMware Identity Manager
- Change the Expiration Period for Service Provider Metadata on Connection Server
- Generate SAML Metadata So That Connection Server Can Be Used as a Service Provider
- Response Time Considerations for Multiple Dynamic SAML Authenticators
- Configure Workspace ONE Access Policies in Horizon Administrator
- Configure Biometric Authentication
- Authenticating Users Without Requiring Credentials
- Providing Unauthenticated Access for Published Applications
- Using the Log In as Current User Feature Available with Windows-Based Horizon Client
- Saving Credentials in Mobile and Mac Horizon Clients
- Setting Up True SSO
- Determining an Architecture for True SSO
- Set Up an Enterprise Certificate Authority
- Create Certificate Templates Used with True SSO
- Install and Set Up an Enrollment Server
- Export the Enrollment Service Client Certificate
- Import the Enrollment Service Client Certificate on the Enrollment Server
- Configure SAML Authentication to Work with True SSO
- Configure View Connection Server for True SSO
- Command-line Reference for Configuring True SSO
- Advanced Configuration Settings for True SSO
- Identify an AD User That Does not Have an AD UPN
- Using the System Health Dashboard to Troubleshoot Issues Related to True SSO
- Configuring Role-Based Delegated Administration
- Understanding Roles and Privileges
- Using Access Groups to Delegate Administration of Pools and Farms
- Understanding Permissions
- Manage Administrators
- Manage and Review Permissions
- Manage and Review Access Groups
- Manage Custom Roles
- Predefined Roles and Privileges
- Required Privileges for Common Tasks
- Best Practices for Administrator Users and Groups
- Configuring Policies in Horizon Administrator and Active Directory
- Maintaining View Components
- Backing Up and Restoring View Configuration Data
- Monitor View Components
- Monitor Machine Status
- Understanding View Services
- Change the Product License Key
- Monitoring Product License Usage
- Update General User Information from Active Directory
- Migrate View Composer to Another Machine
- Update the Certificates on a View Connection Server Instance, Security Server, or View Composer
- Customer Experience Improvement Program
- Managing ThinApp Applications in View Administrator
- View Requirements for ThinApp Applications
- Capturing and Storing Application Packages
- Assigning ThinApp Applications to Machines and Desktop Pools
- Best Practices for Assigning ThinApp Applications
- Assign a ThinApp Application to Multiple Machines
- Assign Multiple ThinApp Applications to a Machine
- Assign a ThinApp Application to Multiple Desktop Pools
- Assign Multiple ThinApp Applications to a Desktop Pool
- Assign a ThinApp Template to a Machine or Desktop Pool
- Review ThinApp Application Assignments
- Display MSI Package Information
- Maintaining ThinApp Applications in View Administrator
- Remove a ThinApp Application Assignment from Multiple Machines
- Remove Multiple ThinApp Application Assignments from a Machine
- Remove a ThinApp Application Assignment from Multiple Desktop Pools
- Remove Multiple ThinApp Application Assignments from a Desktop Pool
- Remove a ThinApp Application from View Administrator
- Modify or Delete a ThinApp Template
- Remove an Application Repository
- Monitoring and Troubleshooting ThinApp Applications in View Administrator
- ThinApp Configuration Example
- Setting Up Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Prepare Active Directory and View for Clients in Kiosk Mode
- Set Default Values for Clients in Kiosk Mode
- Display the MAC Addresses of Client Devices
- Add Accounts for Clients in Kiosk Mode
- Enable Authentication of Clients in Kiosk Mode
- Verify the Configuration of Clients in Kiosk Mode
- Connect to Remote Desktops from Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Troubleshooting Horizon 7
- Using Horizon Help Desk Tool
- Verify Horizon Help Desk Tool License
- Configure Role-Based Access for Horizon Help Desk Tool
- Log In to Horizon Help Desk Tool
- Troubleshooting Users in Horizon Help Desk Tool
- Session Details for Horizon Help Desk Tool
- Session Processes for Horizon Help Desk Tool
- Application Status for Horizon Help Desk Tool
- Troubleshoot Desktop or Application Sessions in Horizon Help Desk Tool
- Monitoring System Health
- Monitor Events in Horizon 7
- Collecting Diagnostic Information for Horizon 7
- Create a Data Collection Tool Bundle for Horizon Agent
- Save Diagnostic Information for Horizon Client
- Collect Diagnostic Information for View Composer Using the Support Script
- Collect Diagnostic Information for Horizon Connection Server
- Collect Diagnostic Information for Horizon Agent , Horizon Client, or Horizon Connection Server from the Console
- Update Support Requests
- Troubleshooting an Unsuccessful Security Server Pairing with Horizon Connection Server
- Troubleshooting View Server Certificate Revocation Checking
- Troubleshooting Smart Card Certificate Revocation Checking
- Further Troubleshooting Information
- Using Horizon Help Desk Tool
- Using the vdmadmin Command
- vdmadmin Command Usage
- Configuring Logging in Horizon Agent Using the -A Option
- Overriding IP Addresses Using the -A Option
- Setting the Name of a View Connection Server Group Using the ‑C Option
- Updating Foreign Security Principals Using the ‑F Option
- Listing and Displaying Health Monitors Using the ‑H Option
- Listing and Displaying Reports of View Operation Using the ‑I Option
- Generating View Event Log Messages in Syslog Format Using the ‑I Option
- Assigning Dedicated Machines Using the ‑L Option
- Displaying Information About Machines Using the -M Option
- Reclaiming Disk Space on Virtual Machines Using the ‑M Option
- Configuring Domain Filters Using the ‑N Option
- Configuring Domain Filters
- Displaying the Machines and Policies of Unentitled Users Using the ‑O and ‑P Options
- Configuring Clients in Kiosk Mode Using the ‑Q Option
- Displaying the First User of a Machine Using the -R Option
- Removing the Entry for a View Connection Server Instance or Security Server Using the ‑S Option
- Providing Secondary Credentials for Administrators Using the ‑T Option
- Displaying Information About Users Using the ‑U Option
- Unlocking or Locking Virtual Machines Using the ‑V Option
- Detecting and Resolving LDAP Entry and Schema Collisions Using the -X Option
Table 5‑8. Broker to Enrollment Server Connection Status
Status Text Description
Failed to fetch True SSO health
information.
The dashboard is unable to retrieve the health information from the broker.
The <FQDN> enrollment server
cannot be contacted by the True SSO
configuration service.
In a POD, one of the brokers is elected to send the configuration information to all
enrollment servers used by the POD. This broker will refresh the enrollment server
configuration once every minute. This message is displayed if the configuration task has
failed to updated the enrollment server. For additional information, see the table for
Enrollment Server Connectivity.
The <FQDN> enrollment server
cannot be contacted to manage
sessions on this connection server.
The current broker is unable to connect to the enrollment server. This status is only
displayed for the broker that your browser is pointing to. If there are multiple brokers in the
pod, you need to change your browser to point to the other brokers in order to check their
status. For additional information, see the table for Enrollment Server Connectivity.
Table 5‑9. Enrollment Server Connectivity
Status Text Description
This domain <Domain Name> does
not exist on the <FQDN> enrollment
server.
The True SSO connector has been configured to use this enrollment server for this
domain, but the enrollment server has not yet been configured to connect to this domain. If
the state remains for longer than one minute, you need to check the state of the broker
currently responsible for refreshing the enrollment configuration.
The <FQDN> enrollment server's
connection to the domain <Domain
Name> is still being established.
The enrollment server has not been able to connect to a domain controller in this domain.
If this state remains for longer than a minute, you might have to verify that name resolution
from the enrollment server to the domain is correct, and that there is network connectivity
between the enrollment server and the domain.
The <FQDN> enrollment server's
connection to the domain <Domain
Name> is stopping or in a problematic
state.
The enrollment server has connected to a domain controller in the domain, but it has not
been able to read the PKI information from the domain controller. If this happens, then
there is likely a problem with the actual domain controller. This issue can also happen if
DNS is not configured correctly. Check the log file on the enrollment server to see what
domain controller the enrollment server is trying to use, and verify that the domain
controller is fully operational.
The <FQDN> enrollment server has
not yet read the enrollment properties
from a domain controller.
This state is transitional, and is only displayed during startup of the enrollment server, or
when a new domain has been added to the environment. This state usually lasts less than
one minute. If this state lasts longer than a minute, either the network is extremely slow, or
there is an issue causing difficulties accessing the domain controller.
The <FQDN> enrollment server has
read the enrollment properties at least
once, but has not been able to reach a
domain controller for some time.
As long as the enrollment server reads the PKI configuration from a domain controller, it
keeps polling for changes once every two minutes. This status will be set if the domain
controller (DC) has been unreachable for a short period of time. Typically this inability to
contact the DC might mean the enrollment server cannot detect any changes in PKI
configuration. As long the certificate servers can still access a domain controller,
certificates can still be issued.
The <FQDN> enrollment server has
read the enrollment properties at least
once but either has not been able to
reach a domain controller for an
extended time or another issue exists.
If the enrollment server has not been able to reach the domain controller for an extended
period, then this state is displayed. The enrollment server will then try to discover an
alternative domain controller for this domain. If a certificate server can still access a
domain controller, then certificates can still be issued, but if this state remains for more
than one minute, it means the enrollment server has lost access to all domain controllers
for the domain, and it is likely that certificates can no longer be issued.
View Administration
VMware, Inc. 111