4.6
Table Of Contents
- VMware View Administration
- Contents
- VMware View Administration
- Configuring View Connection Server
- Configuring Role-Based Delegated Administration
- Understanding Roles and Privileges
- Using Folders to Delegate Administration
- Understanding Permissions
- Manage Administrators
- Manage and Review Permissions
- Manage and Review Folders
- Manage Custom Roles
- Predefined Roles and Privileges
- Required Privileges for Common Tasks
- Best Practices for Administrator Users and Groups
- Preparing Unmanaged Desktop Sources
- Creating and Preparing Virtual Machines
- Creating Virtual Machines for View Desktop Deployment
- Install View Agent on a Virtual Machine
- Install View Agent Silently
- Configure a Virtual Machine with Multiple NICs for View Agent
- Optimize Windows Guest Operating System Performance
- Optimize Windows 7 Guest Operating System Performance
- Optimizing Windows 7 for Linked-Clone Desktops
- Benefits of Disabling Windows 7 Services and Tasks
- Overview of Windows 7 Services and Tasks That Cause Linked-Clone Growth
- Disable Scheduled Disk Defragmentation on Windows 7 Parent Virtual Machines
- Disable the Windows Update Service on Windows 7 Virtual Machines
- Disable the Diagnostic Policy Service on Windows 7 Virtual Machines
- Disable the Prefetch and Superfetch Features on Windows 7 Virtual Machines
- Disable Windows Registry Backup on Windows 7 Virtual Machines
- Disable the System Restore on Windows 7 Virtual Machines
- Disable Windows Defender on Windows 7 Virtual Machines
- Disable Microsoft Feeds Synchronization on Windows 7 Virtual Machines
- Preparing Virtual Machines for View Composer
- Prepare a Parent Virtual Machine
- Activating Windows 7 and Windows Vista on Linked-Clone Desktops
- Disable Windows Hibernation in the Parent Virtual Machine
- Configure a Parent Virtual Machine to Use Local Storage
- Keep a Record of the Parent Virtual Machine's Paging-File Size
- Increase the Timeout Limit of QuickPrep Customization Scripts
- Creating Virtual Machine Templates
- Creating Customization Specifications
- Creating Desktop Pools
- Automated Pools That Contain Full Virtual Machines
- Linked-Clone Desktop Pools
- Worksheet for Creating a Linked-Clone Desktop Pool
- Create a Linked-Clone Desktop Pool
- Desktop Settings for Linked-Clone Desktop Pools
- Using vSphere Mode for View Composer
- View Composer Support for Linked-Clone SIDs and Third-Party Applications
- Choosing QuickPrep or Sysprep to Customize Linked-Clone Desktops
- Storage Sizing for Linked-Clone Desktop Pools
- Set the Storage Overcommit Level for Linked-Clone Desktops
- Storing View Composer Replicas and Linked Clones on Separate Datastores
- Linked-Clone Desktop Data Disks
- Manual Desktop Pools
- Microsoft Terminal Services Pools
- Provisioning Desktop Pools
- Setting Power Policies for Desktop Pools
- Entitling Users and Groups
- Setting Up User Authentication
- Using Smart Card Authentication
- Using Smart Card Certificate Revocation Checking
- Using RSA SecurID Authentication
- Using the Log in as Current User Feature
- Configuring Policies
- Managing Linked-Clone Desktops
- Reduce Linked-Clone Size with Desktop Refresh
- Update Linked-Clone Desktops
- Prepare a Parent Virtual Machine to Recompose Linked-Clone Desktops
- Recompose Linked-Clone Desktops
- Recompose Linked-Clone Desktops That Can Run in Local Mode
- Updating Linked Clones with Desktop Recomposition
- Correcting an Unsuccessful Recomposition
- Prepare an ESX Host or Cluster to Support Parent Virtual Machine Hardware v7
- Rebalance Linked-Clone Desktops
- Manage View Composer Persistent Disks
- View Composer Persistent Disks
- Detach a View Composer Persistent Disk
- Attach a View Composer Persistent Disk to Another Linked-Clone Desktop
- Edit a View Composer Persistent Disk's Pool or User
- Recreate a Linked-Clone Desktop With a Detached Persistent Disk
- Restore a Linked-Clone Desktop by Importing a Persistent Disk from vSphere
- Delete a Detached View Composer Persistent Disk
- Managing Desktops and Desktop Pools
- Managing Desktop Pools
- Edit a Desktop Pool
- Modifying Settings in an Existing Desktop Pool
- Fixed Settings in an Existing Desktop Pool
- Change the Size of an Automated Pool Provisioned by a Naming Pattern
- Add Desktops to an Automated Pool Provisioned by a List of Names
- Disable or Enable a Desktop Pool
- Disable or Enable Provisioning in a Desktop Pool
- Delete a Desktop Pool from View Manager
- Reducing Adobe Flash Bandwidth
- Managing Virtual-Machine Desktops
- Export View Information to External Files
- Managing Desktop Pools
- Managing Physical Computers and Terminal Servers
- Managing ThinApp Applications in View Administrator
- View Requirements for ThinApp Applications
- Capturing and Storing Application Packages
- Assigning ThinApp Applications to Desktops and Pools
- Best Practices for Assigning ThinApp Applications
- Assign a ThinApp Application to Multiple Desktops
- Assign Multiple ThinApp Applications to a Desktop
- Assign a ThinApp Application to Multiple Pools
- Assign Multiple ThinApp Applications to a Pool
- Assign a ThinApp Template to a Desktop or Pool
- Review ThinApp Application Assignments
- Display MSI Package Information
- Maintaining ThinApp Applications in View Administrator
- Remove a ThinApp Application Assignment from Multiple Desktops
- Remove Multiple ThinApp Application Assignments from a Desktop
- Remove a ThinApp Application Assignment from Multiple Pools
- Remove Multiple ThinApp Application Assignments from a Pool
- Remove a ThinApp Application from View Administrator
- Modify or Delete a ThinApp Template
- Remove an Application Repository
- Monitoring and Troubleshooting ThinApp Applications in View Administrator
- ThinApp Configuration Example
- Managing Local Desktops
- Benefits of Using View Desktops in Local Mode
- Managing View Transfer Server
- Managing the Transfer Server Repository
- Using the Transfer Server Repository to Download System Images
- Determine the Size of a View Composer Base Image
- Configure the Transfer Server Repository
- Publish Package Files in the Transfer Server Repository
- Delete a Package File from the Transfer Server Repository
- Migrate the Transfer Server Repository to a New Location
- Recover from a Corrupted Transfer Server Repository Folder
- Managing Data Transfers
- Configure Security and Optimization for Local Desktop Operations
- Optimizing Data Transfers Between Local-Desktop Host Computers and the Datacenter
- Setting Security Options for Local Desktop Operations
- Change the Local Desktop Encryption Key Cipher for New Key Generation
- Change the Encryption Key Cipher for an Existing Local Desktop
- Determining the Effects of Deduplication and Compression on Data Transfers
- Guest File System Optimization of Data Transfers
- Configuring Endpoint Resource Usage
- Configuring an HTTP Cache to Provision Local Desktops Over a WAN
- Configuring the Heartbeat Interval for Local Desktop Client Computers
- Manually Downloading a Local Desktop to a Location with Poor Network Connections
- Troubleshooting View Transfer Server and Local Desktop Operations
- Check-Out Fails with "No Available Transfer Server" Error
- Problems with Desktop Check-Outs After Initial Check-Out
- Login Window Takes a Long Time to Appear
- View Transfer Server Remains in a Pending State
- View Transfer Server Fails to Enter Maintenance Mode
- The Transfer Server Repository Is Invalid
- View Transfer Server Cannot Connect to the Transfer Server Repository
- View Transfer Server Fails the Health Check
- The Transfer Server Repository Is Missing
- View Transfer Server Instances Have Conflicting Transfer Server Repositories
- The View Transfer Server Web Service Is Down
- Virtual Disk of a Local Desktop Needs Repair
- Recover Data from a Local Desktop
- Maintaining View Components
- Backing Up and Restoring View Configuration Data
- Monitor View Components
- Monitor Desktop Status
- Understanding View Manager Services
- Add Licenses to VMware View
- Update General User Information from Active Directory
- Migrating View Composer with an Existing Database
- Update the Certificates on a View Connection Server Instance or Security Server
- Troubleshooting View Components
- Monitoring System Health
- Monitor Events in View Manager
- Send Messages to Desktop Users
- Display Desktops with Suspected Problems
- Manage Desktops and Policies for Unentitled Users
- Collecting Diagnostic Information for VMware View
- Create a Data Collection Tool Bundle for View Agent
- Save Diagnostic Information for View Client
- Collect Diagnostic Information for View Composer Using the Support Script
- Collect Diagnostic Information for View Connection Server Using the Support Tool
- Collect Diagnostic Information for View Agent, View Client, or View Connection Server from the Console
- Update Support Requests
- Further Troubleshooting Information
- Troubleshooting Network Connection Problems
- Troubleshooting Desktop Pool Creation Problems
- Pool Creation Fails if Customization Specifications Cannot Be Found
- Pool Creation Fails Because of a Permissions Problem
- Pool Provisioning Fails Due to a Configuration Problem
- Pool Provisioning Fails Due to a View Connection Server Instance Being Unable to Connect to vCenter
- Pool Provisioning Fails Due to Datastore Problems
- Pool Provisioning Fails Due to vCenter Being Overloaded
- Virtual Machines Are Stuck in the Provisioning State
- Virtual Machines Are Stuck in the Customizing State
- Troubleshooting USB Redirection Problems
- Troubleshooting QuickPrep Customization Problems
- View Composer Provisioning Errors
- Windows XP Linked Clones Fail to Join the Domain
- Using the vdmadmin Command
- vdmadmin Command Usage
- Configuring Logging in View Agent Using the ‑A Option
- Overriding IP Addresses Using the ‑A Option
- Setting the Name of a View Connection Server Group Using the ‑C Option
- Updating Foreign Security Principals Using the ‑F Option
- Listing and Displaying Health Monitors Using the ‑H Option
- Listing and Displaying Reports of View Manager Operation Using the ‑I Option
- Assigning Dedicated Desktops Using the ‑L Option
- Displaying Information About Machines Using the ‑M Option
- Configuring Domain Filters Using the ‑N Option
- Configuring Domain Filters
- Displaying the Desktops and Policies of Unentitled Users Using the ‑O and ‑P Options
- Configuring Clients in Kiosk Mode Using the ‑Q Option
- Displaying the First User of a Desktop Using the ‑R Option
- Removing the Entry for a View Connection Server Instance Using the ‑S Option
- Setting the Split Limit for Publishing View Transfer Server Packages Using the ‑T Option
- Displaying Information About Users Using the ‑U Option
- Decrypting the Virtual Machine of a Local Desktop Using the ‑V Option
- Unlocking or Locking Virtual Machines Using the ‑V Option
- Detecting and Resolving LDAP Entry Collisions Using the -X Option
- Setting Up Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Prepare Active Directory and View Manager for Clients in Kiosk Mode
- Set Default Values for Clients in Kiosk Mode
- Display the MAC Addresses of Client Devices
- Add Accounts for Clients in Kiosk Mode
- Enable Authentication of Clients in Kiosk Mode
- Verify the Configuration of Clients in Kiosk Mode
- Connect to Desktops from Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Running View Client from the Command Line
- Index
Troubleshooting RSA SecurID Access Denial
Access is denied when View Client connects with RSA SecurID authentication.
Problem
A View Client connection with RSA SecurID displays Access Denied and the RSA Authentication Manager
Log Monitor displays the error Node Verification Failed.
Cause
The RSA Agent host node secret needs to be reset.
Solution
1 In View Administrator, select View Configuration > Servers.
2 In View Connection Servers, select the View Connection Server and click Edit.
3 On the Authentication tab, select Clear node secret.
4 Click OK to clear the node secret.
5 On the computer that is running RSA Authentication Manager, select Start > Programs > RSA Security >
RSA Authentication Manager Host Mode.
6 Select Agent Host > Edit Agent Host.
7 Select View Connection Server from the list and deselect the Node Secret Created check box.
Node Secret Created is selected by default each time you edit it.
8 Click OK.
Using the Log in as Current User Feature
When View Client users select the Log in as current user check box, the credentials that they provided when
logging in to the client system are used to authenticate to the View Connection Server instance and to the View
desktop. No further user authentication is required.
To support this feature, user credentials are stored on both the View Connection Server instance and on the
client system.
n
On the View Connection Server instance, user credentials are encrypted and stored in the user session
along with the username, domain, and optional UPN. The credentials are added when authentication
occurs and are purged when the session object is destroyed. The session object is destroyed when the user
logs out, the session times out, or authentication fails. The session object resides in volatile memory and
is not stored in View LDAP or in a disk file.
n
On the client system, user credentials are encrypted and stored in a table in the Authentication Package,
which is a component of View Client. The credentials are added to the table when the user logs in and are
removed from the table when the user logs out. The table resides in volatile memory.
You can use View Client group policy settings to control the availability of the Log in as current user check
box and to specify its default value. You can also use group policy to specify which View Connection Server
instances accept the user identity and credential information that is passed when users select the Log in as
current user check box in View Client.
Chapter 7 Setting Up User Authentication
VMware, Inc. 135