Fix “Already Used” status VMware Horizon View

When linked-clone desktops are not cleanly logged off and the “Refresh on logoff” policy is used, VMware Horizon View marks the desktop as “Already used” and blocks other users from accessing the machine.

This “Already Used” state is a default VMware security feature which prevents other users from accessing the previous user’s data and allows a VMware Horizon View administrator to investigate potential problems with the desktop.

The VMware Horizon View desktop can also go into the “Already Used” state if a virtual machine is powered on on another ESXi host in the cluster in response to an HA event, or if it was shut down without reporting to the broker that the user had logged out.

The problem with this “Already Used” state is that the default within VMware Horizon View waits until a View Administrator actually does something to resolve the issue.

To resolve the “Already Used” issue, you can

  • Refresh or delete the desktop through teh VMware Horizon View Administrator console (this is a manual action)
  • Set an LDAP attribute pae-DirtyVMPolicy in the VMware Horizon View ADAM database under OU=Server Groups,DC=vdi, DC=vmware, DC=int
    • pae-DirtyVMPolicy=0 – This is the default behavior of leaving the desktop in the error state and not available for use.
    • pae-DirtyVMPolicy=1 – This allows desktops that were not cleanly logged off to be available without being refreshed. The desktop is available in the pool for another user.
    • pae-DirtyVMPolicy=2 – This setting will automatically refresh a desktop in the “already used” state and make it available again in the pool.

I prefer to set the pae-DirtyVMPolicy to 2 so “Already Used” situations will be automatically resolved by VMware Horizon View.

Changing the pae-DirtyVMPolicy needs to be done for each pool.

Manual method of setting the pae-DirtyVMPolicy value:

  • Start the ADSI Edit utility on your VMware Horizon View Connection Server host. Go to Start > Programs > ADAM > ADAM ADSI Edit.
  • Select or type a Distinguished Name or connect to DC=vdi, DC=vmware, DC=int.
  • Select or type a domain or server to localhost:389.
  • Locate the OU=Server Groups for editing.
  • Under the Server Groups OU, double-click CN=pool_name. This opens the properties of the CN.
  • Click the pae-DirtyVmPolicy attribute and click Edit.
  • Set the pae-DirtyVmPolicy attribute

PowerCLI method of setting the pae-DirtyVMPolicy value:

  • Create a function “Set-DirtyVMPolicy”

function Set-DirtyVmPolicy([string]$desktopid, [int]$policy) {
     $pool = [ADSI](“LDAP://localhost:389/cn=” + $desktopid + “,ou=server groups,dc=vdi,dc=vmware,dc=int”)
     $pool.put(“pae-DirtyVmPolicy”, $policy )
     $pool.setinfo()
     }

  • Run the function on the desktop pool

Set-DirtyVMPolicy -desktopid <yourdesktoppoolid> -policy 2

AlreadyUsed

References: Ituda & TheFinalByte

Windows 7 and Windows 8 Optimization Guide for Horizon View Virtual Desktops & Antivirus Best Practices for Horizon View 5.x

VMware released two great documents!!

Windows 7 and Windows 8 Optimization Guide for Horizon View Virtual Desktops

Antivirus Best Practices for Horizon View 5.x

VMware View preview Client for Windows Store

VMWare released a preview of the VMware View Client for Windows Store. This Windows Store client will run in the tiled view of Windows RT and Windows 8.

 

image

 

As this is a preview, it does have a number of limitations:

  • The client supports RDP connections but not PCoIP yet
  • No support for smart card authentication
  • To use the onscreen keyboard on a tablet, go to Settings and select Keyboard

The Windows Store client has additional requirements for server certificate checking:

  • You cannot turn off certificate verification on the client.
  • The View Connection Server or security server must have a security certificate that the client can fully verify and it must match the host name in the View Client.
  • If you plan to use a secure tunnel connection, for instance if you will be connecting remotely, the tunnel server (View Connection Server instance or security server) must also have a security certificate that the client can verify. The host name in the View Client must match the host name in the “External URL” setting shown in the Edit View Connection Server Settings dialog box, in View Administrator. For example, the field cannot have an IP address and the certificate cannot be self-signed.
  • Alternately, the user can install a self-signed certificate into the client computer, but it must be put in the local machine store rather than the current user store. The app that end users should use is called “Manage computer certificates” (certlm.msc).

We are excited to release this Windows Store client and look forward to improving it in subsequent releases. To install the client, go to the store from your Windows 8 system and search on VMware.

The existing VMware View Client for Windows (version 5.2 or later) runs in Windows 8 desktop mode. If you are running Windows 8 (not Windows RT) VMware recommends that you use our existing VMware View Client for Windows in the Windows 8 desktop mode for maximum functionality

Teradici released Firmware 3.5.0 for PCoIP Zero Clients and PCoIP Host Cards & PCoIP Management Console 1.7.0

    Teradici released a new  PCoIP zero client and host card firmware and the PCoIP Management Console. The following releases are now available for download on the Teradici support site (techsupport.teradici.com):

    • Firmware 3.5.0 for PCoIP Zero Clients and PCoIP Host Cards.
    • PCoIP Management Console 1.7.0

    Firmware 3.5.0 update includes key feature enhancements including:

    • USB2.0 with VMware View sessions
    • Imprivata OneSign® Virtual Desktop Access via proximity cards with VMware View
    • IEEE 802.1x network security
    • IPv6 support. 

    With this release, Teradici continues to innovate PCoIP zero client technology and accelerate the adoption

VMware View XP persistent disk can not save outlook.ost c:\document and settings\…..

I’m busy with created a new a new pool with presentment disks.

The View desktops we’ve got setup are using linked clones and persistent disks which map to the D:\ in the users sessions. Of course this means the users profile is loaded to the D:\ instead of C:\ in the virtual desktops. My issue is, when a new users comes from our old environment into the test view setup, their Outlook is trying to find their OST file on the C:\ (c:\document and settings\…etc). The users data has been loaded to the D:\ though. The only way I’ve found to get around this is going into the Contol Panel in the users session, deleting their Outlook profile,

Solution:

Microsoft saves information about profile under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

So, within regedit, I right-clicked on HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook then chose Export. For Save as Type, I changed the value to "Text Files (*.txt)". I then opened the text file I created with Notepad. You can’t just search for "Outlook.ost", since there are null, i.e. 00, characters stored between each character. They show up in an ASCII representation as dots. E.g. Outlook.ost would be O.u.t.l.o.o.k…o.s.t.

Since the "Outlook.ost" could be broken across multiple lines, I decided just to search for o.s.t. I found the following in the text file I had created.

Value 31

  Name:            001f6610

  Type:            REG_BINARY

  Data:           

00000000   43 00 3a 00 5c 00 44 00 – 6f 00 63 00 75 00 6d 00  C.:.\.D.o.c.u.m.

00000010   65 00 6e 00 74 00 73 00 – 20 00 61 00 6e 00 64 00  e.n.t.s. .a.n.d.

00000020   20 00 53 00 65 00 74 00 – 74 00 69 00 6e 00 67 00   .S.e.t.t.i.n.g.

00000030   73 00 5c 00 4a 00 69 00 – 6d 00 5c 00 4c 00 6f 00  s.\.J.i.m.\.L.o.

00000040   63 00 61 00 6c 00 20 00 – 53 00 65 00 74 00 74 00  c.a.l. .S.e.t.t.

00000050   69 00 6e 00 67 00 73 00 – 5c 00 41 00 70 00 70 00  i.n.g.s.\.A.p.p.

00000060   6c 00 69 00 63 00 61 00 – 74 00 69 00 6f 00 6e 00  l.i.c.a.t.i.o.n.

00000070   20 00 44 00 61 00 74 00 – 61 00 5c 00 4d 00 69 00   .D.a.t.a.\.M.i.

00000080   63 00 72 00 6f 00 73 00 – 6f 00 66 00 74 00 5c 00  c.r.o.s.o.f.t.\.

00000090   4f 00 75 00 74 00 6c 00 – 6f 00 6f 00 6b 00 5c 00  O.u.t.l.o.o.k.\.

000000a0   6f 00 75 00 74 00 6c 00 – 6f 00 6f 00 6b 00 2e 00  o.u.t.l.o.o.k…

000000b0   6f 00 73 00 74 00 00 00 -                          o.s.t…

I could also have searched in the .reg file I created when I exported the registry information from the other computer. But, again, you can’t just search for "Outlook.ost" in the .reg file you created, either, since the information in it is the hexadecimal representation of the binary data in the registry keys. You would need to convert a string, such as "ost" to hexadecimal form. You can do that at String – ASCII, HEX, Binary Converter. In the String field, I put in ost. The converter showed me the equivalent hex value is 6F 73 74. Note: the converter shows decimal/ASCII, binary, and hex values. Make sure you use the correct one. Also note that the hexadecimal representation of "OST" is not the same as "ost". Since the error message I received referred to Outlook.ost, I converted "ost" to hexadecimal. Again, it may be better to limit the length of the string to reduce the chance it will be broken across multiple lines in the file.

Once you have the hexadecimal equivalent of the ASCII string, you still can’t just search for it, i.e. a search for 6F7374 wouldn’t work. The hexadecimal numbers are stored in the .reg file with commas and the null character, 00, between them. I.e., I would need to search for 6f,00,73,00,74 instead.

In the .reg file found it among the following lines:

"001f6610"=hex:43,00,3a,00,5c,00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,\

  00,73,00,20,00,61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,\

  67,00,73,00,5c,00,4a,00,69,00,6d,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,\

  00,53,00,65,00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,\

  6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,\

  00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,4f,00,\

  75,00,74,00,6c,00,6f,00,6f,00,6b,00,5c,00,6f,00,75,00,74,00,6c,00,6f,00,6f,\

  00,6b,00,2e,00,6f,00,73,00,74,00,00,00

I noticed it was associated with a "001f6610" entry. When I had searched the text file, I had also seen Outlook.ost associated with "Name: 001f6610".

You can delete the following registry key with group policy preferences to disable using Offline Folders after disabling Use Cached Mode in Group Policy:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a\001f6610

New VMware View Clients for iPad, Android and Cius ;)

The new VMware View Client for iPad is out and it offers some great new features including an innovative new presentation mode supporting Apple AirPlay. More on this shortly…

VMware View makes it easy to extend to your users the opportunity to work where you want and on the device they choose. Today, we are excited to make this even easier with the release three new or updated mobile clients:

  • VMware View Client for iPad 1.2 (Photo below showing new presentation mode!*)

ViewClient_iPad_Presentation_Mode

  • VMware View Client for Android Tablets

Android_touchpad

  • VMware View Client for Cius

Let’s talk about the new clients…

VMware View Client for iPad 1.2
Building on the earlier View Client for iPad we released in March, VMware View Client for iPad 1.2 makes it easier, faster and better than ever to connect to your View desktop.

Optimized for VMware View 5 Glimlach
With support for VMware View 5, you can get better performance with reduced bandwidth options as well as more resilient connections to your desktop than previous versions.

Move Back and Forth between Windows Desktop and iOS Apps
Now with support for background multitasking, you can jump from your Windows desktop to another iPad app and then right back into the Windows desktop to where you left off!

Simpler to Connect with Embedded RSA Soft Token Knipogende emoticon
If you need to use an RSA key to authenticate to connect to your View Desktop, just activate the RSA soft token built into the View Client for iPad and you just need to enter your RSA PIN when you connect to your View desktop.

Support for iOS 5 and Apple AirPlay
That right… VMware View Client for iPad 1.2 works well with iOS 5 and takes advantage of Apple AirPlay and an available AppleTV to use your big screen TV as a display for your View desktop. While some people might think that Apple TV is just for fun, it can now blur the lines between work and play and represents the best the post-PC era has to offer.

Work Smarter with Presentation Mode *
Use an external monitor or AirPlay in iOS 5 and the iPad display turns into a trackpad / keyboard while the external screen shows your View desktop!

Speaks Your Language
The latest VMware View client is now available in English, French, German, Japanese, Simplified Chinese, and Korean. When working multi-byte Asian languages, the new local input mode enables you to type in full lines of complete multi-byte words and then send them to your View desktop.

The new VMware View Client for iPad is available in the Apple App Store today! Check it out!

For those of you who follow this blog and use Android based tablets. Today we are happy to release our production Android clients for Android Tablets and the Cisco Cius. After all it is about supporting the tablet you choose.

VMware View Client for Android Tablets and the Cisco Cius
Whether you are using a Samsung Galaxy Tab 8.9 or 10.1, an LG/T-mobile G-Slate, a Motorola Xoom or any of the other newly available Honeycomb-based Android tablets or the Cisco Cius, you can get the most of your View desktop on the Android tablet you choose.

Optimized for VMware View 5
The VMware View Client for Android Tablets is the first Android client to support the PCoIP display protocol for best performance with VMware View 4.6 and View 5 users. With support for VMware View 5, you can get better performance with reduced bandwidth options as well as more resilient connections to your View desktop.

Move Back and Forth between Windows Desktop and Android Apps
Leveraging the power of Android multitasking, you can jump from your Windows desktop to another Android app and then right back into the Windows desktop to where you left off!

Speaks Your Language
The latest VMware View Client for Android is available in English, French, German, Japanese, Simplified Chinese, and Korean. When working multi-byte Asian languages, local input mode enables you to type in full lines of complete multi-byte words and then send them to your View desktop.

The new VMware View Client for Android Tablets is available in the Android Marketplace and the VMware View Client for Cius will soon be available in Cisco’s AppHQ. Check them out today!

Free Quest vWorkspace Desktop Optimizer

Quest vWorkspace Desktop Optimizer  is a free tool to optimize the virtual desktop.

Blindly deploying entirely the same Windows desktop image that was used for the physical desktops is not the smartest thing to do. Running Windows in a VDI environment requires a decent amount of optimizing. This optimizing is nothing new. Quest has been optimizing SBC environments for over ten years now and many of things that we learned there (the hard way) apply equally to VDI environments.

Quest created a piece of software that contains our entire ‘optimizing knowledge’ called the Quest vWorkspace Desktop Optimizer and it is Free!

Although optimized for Quest vWorkspace environments, the Quest vWorkspace Desktop Optimizer will work just as well in Citrix XenDesktop or VMware View environments. You can download the Quest vWorkspace Desktop Optimizer HERE. Read HERE important information on how to use the Quest vWorkspace Desktop Optimizer.

image

Optimizing Windows 7 Images for use in VDI

One of our MCS deployment guys in the UK – Jonathan Bennett (you may know Jonathan as the author of the autoit tools and GImageX) has developed a tool for configuring Windows 7/Windows Vista/Server 2008 images for use in a VDI environment. The tool called VDI Optimizer outputs a VBScript (based on the selections you make in the GUI interface), which can then be used to apply performance and configuration settings to images that will be deployed via VDI platforms – this is particularly useful if you are using MDT 2010 for your image engineering process as the VBScript can bolted into the task sequence using a Run Command Line task.

image

You can make machine based selections for turning off services and functions that may not be required when the operating system is running in a VDI environment such as hibernation, system restore, and background defrag, as well as adjusting some user based settings such as visual effects, font smoothing and off-screen composition for Internet Explorer.

The beta of this tool is available from http://www.autoitscript.com/files/tools/VDIOptimizer.zip but please remember The tool is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation.

Source: Optimizing Windows 7 images for use in VDI

VMware View 5 is released

The VMware View created a funny video to celebrate the release of View 5.

Check out the Video Emoticon met brede lach

VMware Party Rock Parody

And off Course the New features in View 5:

PCoIP WAN performance optimization – Improvements on PCoIP protocol performance in low-bandwidth WAN environments. Users who connect to their desktops over an external WAN have enhanced desktop experience.

PCoIP Build-to-Lossless – PCoIP now provides the ability to turn off Build-to-Lossless. This is the feature that puts PCoIP in parity with ICA when the discussion is around bandwidth consumption. Build-to-Lossless is ON by default and included in the PCoIP protocol within VMware View. I have prepared another post specifically to discuss this feature along with other important changes to the display protocol.

VMware Client Side Caching – VMware View Client (Windows Only) now implements a client side image caching to store portions of the display that were previously transmitted. Image caching reduces the amount of data that is retransmitted and improve user experience. This cache can be managed and it’s size can be modified. I have prepared an article specifically to address this feature.

Support for 3D graphics on vSphere 5.0 – This feature provides View desktops with vGPU graphics enablement available on vSphere 5.0 platforms (hardware version 8). View users can take advantage of desktop graphics enhancements provided by AERO (such as peek, shake, and Flip 3D) and the 3D capabilities of Windows Office 2010 (such as picture editing, slide transitions and animations, presentation-to-video conversion, video embedding, editing, and 3D rotations). Include here: Support for DirectX9 and OpenGL 2.1

View Persona Management – The View Persona Management feature manages user profiles in a secure and centralized environment. (User profiles include user data and settings, application data and settings, and Windows registry settings configured by user applications.) View Persona Management allows IT organizations to simplify and automate the capture and management of a user’s persona while providing a rich user experience. View Persona Management offers the following benefits:

  • Provides a user profile that is independent of the virtual desktop. When a user logs into any desktop, the same profile appears.
  • Lets you configure and manage personas entirely within View. You do not have to configure Windows roaming profiles.
  • Expands functionality and improves performance compared to Windows roaming profiles.
  • Minimizes login impact by downloading only the files that Windows requires, such as user registry files. Other files are copied to the local desktop when the user or an application opens them from the local profile folder.
  • Copies recent changes in the local profile to a remote profile repository at configurable intervals, typically once every few minutes.

Client certificate checking for Windows Clients – You can configure remote Windows clients to require certificate verification. Users without valid certificates are denied access to View Connection Server. Alternatively, you can use a Warn But Allow mode that supports self-signed server certificates and lets users connect to View Connection Server with certificates that have expired or are not yet valid. You can also set a No Security mode that lets users connect without certificate checking.

Support for vSphere 5.0 and hardware v8 – Remote View desktops can be hardware v8 virtual machines. Hardware v8 is not supported for desktops that run in local mode.