Mind map for Azure Virtual Desktop – Getting started
Getting started with Azure Virtual Desktop (AVD)
Deployment – Pre-requisites for AVD
Master Images – (Windows 10 Multi-Session, Windows 10 1909 Enterprise or Windows Server 2019 DC)
Template and Shared Image Gallery
Host Pools
Application Groups
Workspaces
Windows Desktop Client
Quick Start Links
Mindmap for Azure Virtual Desktop (AVD) – Getting started
Managed to put together a mindmap on the AVD getting started from zero to a working desktop or application. The idea here is the mindmap acts as an excellent visual representation of what to do during pre-requisites, deployment and you can figure out in advance the requirements/steps and pre-requisites.
Azure Virtual Desktop
Disclaimer – This guide is a get you started guide, and the production settings and configuration might be different. Please make sure you change the settings appropriate for production workloads. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –
I hope you will find this helpful information on your Azure Virtual Desktop journey. Please let me know if I have missed any steps in the mindmap, or reference links, and I will be happy to update the post.
Horizon Reach is a potent tool, and Andrew Morgan has put in a lot of blood, sweat and tears to develope it. What suprises me is why isnt this fling included into the Horizon product? We haven’t gathered here to talk about the product management and roadmap aspects ๐
Horizon Reach fling aggregates all the various Horizon POD information into its database. Typically, running Horizon API calls or Horizon Powershell modules might have to run them against individual pods to fetch information about that POD. The beauty with Horizon Reach is it aggregates all the information, we can write scripts/API calls to request information from there instead of writing Horizon POD specific scripts.
Let’s take a look at the following information from the Horizon Reach fling:
What API’s are available with Horizon Reach?
What all options are available to interact with Horizon Reach API?
Script – Get a consolidated list of Horizon Farm details (Display the Name, Base Image details, Snapshot Version, Health and If provisioning is enabled)
Note the above can also be fetched using the old Horizon Powershell modules but trust me it’s pretty tricky to run a foreach loop for every object on the SOAP method.
Script – Get a consolidated list of Horizon Desktop Pools details (Display the Name, Base Image details, Snapshot Version, Health and If provisioning is enabled)
What API’s are avilable with Horizon Reach?
After you have installed the Horizon Reach fling, go to the following URL to check out all the avilable API’s. Its the UI Swagger interface to simplify and understand each calls.
Scripts to get consolidated Horizon Farms/Desktops information
Pre-requsites:
You need the Horizon Reach Server URL
You need the password of the Horizon Reach Server
The script provides you with the details of all Horizon PODs in your setup.
The script was tested on PowerShell V5.x
#Horizon Reach Server Name or IP Address
$HZReachServer = "https://horizonreach.domain:9443"
#Ignore the self signed cert errors
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
#API Call to make the intial connection to the Horizon Reach Server##
$HZReachLogonAPIcall = "$HZReachServer`/api/Logon"
#The body payload that comprises of the login API request
$body = @{
username = "administrator"
password = "enteryourpassword"
} | ConvertTo-Json
$HZReachlogin = Invoke-RestMethod -Method Post -uri $HZReachLogonAPIcall -Body $body -ContentType "application/json"
#Header along with the JWT token is now saved for future API calls
#You need to call this header in all subsequent calls as it has the token
$Headers = @{ Authorization = "Bearer $($HZReachlogin.jwt)" }
#API Call to fetch the consolidated (as many pods you have) Horizon Farm information##
$HZReachFarms = Invoke-RestMethod -Method Get -uri "$HZReachServer/api/Farms" -Headers $Headers -ContentType "application/json" -UseBasicParsing | Format-Table -Property displayname, baseimage, snapshot, enabled, health, isProvisioningEnabled
Write-Output $HZReachFarms
#API Call to fetch the consolidated (as many pods you have) Horizon desktop pool information##
$HZReachPools = Invoke-RestMethod -Method Get -uri "$HZReachServer/api/pools" -Headers $Headers -ContentType "application/json" -UseBasicParsing | Format-Table -Property displayname, baseimage, snapshot, enabled, healthDetail, isProvisioningEnabled
Write-Output $HZReachPools
The following information (Display Name, Snapshot, Base Image, Health, Provisioning Mode) is pulled using the above scripts. I was much interested to see the snapshot versions of each Farms/Pools along with Health and provisioning status. Feel free to extract whatever details you are looking for there are plenty of other properties.
I hope you will find this script useful to fetch helpful information from Horizon Reach. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?
It was patch Tuesday time, and we were implementing the Windows 10 1909 Oct October 12, 2021โKB5006667 (OS Build 18363.1854) patch to our base images which are used for VMware Horizon VDI. During our validations, we started noticing the strange behaviour of Explorer.exe crashing and desktop becoming completely unusable.
The Windows explorer.exe keeps crashing within the virtual desktop of Windows 10 1909. The virtual desktop is entirely unusable. The only way to see the Event Viewer or anything is by using Horizon Client – Options – Send Ctrl + Alt + Del command within the virtual desktop and then opening up the Task Manager.
Cause
Provided by Microsoft – The explorer is trying to update feeds content, and there is a NULL value due to this bug that is causing explorer to crash.
Resolution
We tried performing various steps of un-install and re-installing the patch etc.. However, nothing worked, and we ended up working with Microsoft and seemed like it was a known issue, and they provided us with the following fix:
It was that time of the year to perform a VMware End-User Computing (EUC) stack upgrade on the environment, and I thought of sharing the overall thought process and decisions made along the way. It will be interesting to share with others who might be in a similar situation or process of developing their upgrade/migration strategies. In this post, we shall take a look into these topics:
Current versions of the VMware EUC Stack
What version numbers did we upgrade/migrated to?
Why did we migrate to these versions?
Wishlist (Someone Listening?)
Valuable links to reference during upgrade/migration
Current versions of the VMware EUC Stack
VMware Horizon 7.11 (Connection Server/Agents)
VMware Horizon Client 5.5
VMware App Volumes 2.18.1.x Manager/VMware App Volumes 2.18.5 Agent version
VMware Workspace ONE Access 20.01/Connector 1903 (Not in scope for the upgrade)
VMware Dynamic Environment Manager 9.10
VMware Unified Access Gateway 3.10
What versions numbers did we upgrade/migrated to?
VMware Horizon 7.13.1 (Connection Server/Agents)
VMware Horizon Client 5.5.2
VMware App Volumes 2.18.10.10 (Manager/Agents)
VMware Dynamic Environment Manager 2103
VMware Unified Access Gateway 2103.1
Why did we migrate to these versions?
The obvious question everyone might ask is the latest versions are Horizon 8.x and App Volumes 4.x why are you picking older versions for the upgrade? The short answer is the limitations and trade-off, and the following matrix tries to uncover in more detail.
Note – Not all customers might fall under the limitation category, or the limiting feature/functionality could be different in your case. By no means this should be your defacto reasons. Make sure to evaluate your situation and create a matrix to make a data-driven decision. If the project is greenfield/no-limitations applied, it’s a no-brainer to opt for the latest product releases.
++ We had all the boxes ticked from a feature/functionality standpoint to be able to upgrade/migrate to Horizon 8.x version. (Instant Clones, Printing, UAG etc.). Infact everything worked well in the development environment ++ The latest vROPS Horizon Adapter 1.2/Horizon 8.x version doesn’t include the built-in Horizon reports. We use the reporting feature for all sorts of custom reporting on Horizon PODs. The older version of vROPS Horizon Adapter 6.7.1/Horizon 7.x has all the existing metrics and reporting available but doesn’t include support for Horizon 8.x on the support matrix ++ The no reporting on the Horizon Adapter 1.2 + limited metrics on RDSH limited our ability to move to the latest version of Horizon 8.x. Once the built-in reports\metrics and guidance is made available, we shall jump onto the latest version (n-1)
++ Lack of Writable Volumes (UIA+Profile and UIA) migrations from 2.18.x to 4.x. Need official guidance or tool/script/guidance to upgrade all the wrtiable of the 2.18.x environment to 4.x. I am sure alot of enterprise customers will have plenty of Writable Volumes to migrate and don’t have the flexibility to start from scratch on a new version ++ VMware AppStack Migration fling is the perfect migration utility to migrate AppStacks 2.18.x to 4.x need something similar for Writable Volumes
++ The appliance has no interoperability issues with Horizon 7.13.1 or upgrade complexity. The obvious choice was to upgrade to the latest (n-1)
UAG 2103.1
Upgrade Decision Matrix
The above stack provides us with the required General Availability support until Q2 FY2022 and beyond.
Wishlist
I am looking forward to vROPS Horizon Adapter XX to include the built-in Horizon Reports/Additional Metrics for RDSH in the new version or provide detailed guidance on creating meaningful reports in future releases. Additionally, the App Volumes team releases tools and advice on migrating 4000’s+ Writable Volumes from 2.18.x to 4.x. Once the above is released, I plan to upgrade to the branch of Horizon 8.x and App Volumes 4.x releases version numbers.
Valuable links to reference during upgrades
Here is the cheat sheet for all the useful links to review and formulate an upgrade plan:
I hope you will find the above information useful in your enterprise upgrade/migrate strategy for VMware EUC Stack. I would love to hear your strategy and similar situations limiting your ability to migrate to the latest and greatest versions.
While upgrading from VMware App Volumes 2.18.1 to 2.18.10.10 version, the upgrade installer completes successfully. However, when you load the App Volumes Manager portal, you get the following error message – Startup Failure – Unable to start App Volumes Manager – Migrations are pending. To resolve this issue, run bin/rails db:migrate RAILS_ENV=production
Startup Failure
Cause
Upon quickly checking the App Volumes computer account (<Domain>\<MachineName>$ within SQL Server was missing the db_onwer permissions. Obviously, that caused the above error post-migration.
Note – This is a very corner case and not expected to see along on most of the App Volumes Migration/Upgrade scenarios. If you did come across one now you know how to remediate.
Resolution
Step 1 – Adding the missing db_owner permission back to the App Volumes Manager computer security account within SQL Server Management Studio
Step 2 – As the db:migration didn’t complete during the upgrade, we need to re-run the following command on the App Volumes Manager server. Open the CMD and change directory to the following path – C:\Program Files (x86)\CloudVolumes\Manager\ruby\bin and run the following command:
bundle exec rake db:migrate RAILS_ENV=production
You should see the following output:
Command Output
Step 3 – Restart the App Volumes Manager service, and now you will see the login page of the App Volumes Manager.
The mystery remains how did that permission go missing as the additional App Volumes Manager account had retained the db_owner role. But none the less the above steps came in handy with help from VMware support – Suman Rout luckily, has seen a similar issue before.
Lesson Learnt
Create a pre-upgrade task item on checking to making sure all the App Volumes Manager computer accounts within the SQL Server have the db_owner permissions.
I hope you will find these steps helpful to resolve missing SQL permissions causing upgrade issues during the App Volumes migration from 2.18.x to 2.18.10.10.
In this script, we shall perform the agents install and reboot the golden image towards the end. There is no need to install the individual agents one by one, instead, sit back, relax and have a coffee!
VMware EUC Agents:
VMware Horizon Agent (Works on 7.x and 8.x/YYMM)
Note few MSI switches are deprecated if you still use them, you will have an error code 1603
VMware Dynamic Environment Manager Agent (Works on 9.x and YYMM)
VMware App Volumes Agent (Works on 2.x and 4.x/YYMM)
Note โ All the above testing is carried out on Windows 10 1909 with PowerShell 5.1. Reboot is required to complete the installation operations.
A big thanks to Chris H for providing the original blueprint of the script and Wouter for showing me the magical “space” on the switch /v within the Horizon Agent installer. Final thanks to Jishan for the numerous testing cycles and additions to a different version of this script which tackles VMware Tools reboot and continues installing post a reboot.
I hope you will find this script useful to install the VMware EUC agents and never look back to install them individually. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?
If you are planning for the VMware EUC Stack migration or upgrade and are in the middle of uninstalling the existing agents, look no further and here is the script that will allow you to uninstall all the agents and reboot the golden image towards the end. There is no need to remove individual agents one by one from the “Program and Features”; instead, sit back, relax and have a coffee!
VMware EUC Agents:
VMware App Volumes Agent (Works on 2.x and 4.x/YYMM)
VMware Horizon Client (Optional)
VMware Dynamic Environment Manager Agent (Works on 9.x and YYMM)
VMware Horizon Agent (Works on 7.x and 8.x/YYMM)
VMware Tools (Works on 11.x)
Note – All the above testing is carried out on Windows 10 1909/Windows Server 2016 with PowerShell 5.1. The PowerShell module Uninstall-Package suppresses individual reboot and we perform the final reboot towards the end using the Restart-Computer module. (Reboot is required to complete the uninstallation operations.)
#################################################################################
# Un-Install EUC Agents in the proper order for Golden Image
# App Volumes Agent, Horizon Client(Optional), DEM, Horizon and VMware Tools
# Suppressed auto Reboot the OS towards the end after un-installing all Agents.
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari (Twitter - @askaresh)
#################################################################################
#Un-installing VMware App Volumes Agent
Write-Host "Un-installing the App Volumes Agent" -ForegroundColor Green
Get-Package -Name 'App Volumes **' | Uninstall-Package
sleep -Seconds 60
#Un-installing VMware Horizon Client
#Write-Host "Un-installing the VMware Horizon Client" -ForegroundColor Green
#Get-Package -Name 'VMware Horizon Cli**' | Uninstall-Package
#sleep -Seconds 60
#Un-installing VMware Dynamic Environment Agent
Write-Host "Un-installing the Dynamic Environment Agent" -ForegroundColor Green
Get-Package -Name 'VMware Dynamic **' | Uninstall-Package
sleep -Seconds 60
#Un-installing VMware Horizon Agent
Write-Host "Un-installing the VMware Horizon Agent" -ForegroundColor Green
Get-Package -Name 'VMware Horizon Ag**' | Uninstall-Package
sleep -Seconds 60
#Un-installing VMware Tools Agent
Write-Host "Un-installing the VMware Tools Agent" -ForegroundColor Green
Get-Package -Name 'VMware Tools' | Uninstall-Package
sleep -Seconds 60
# Restart the computer
Write-Host "Restarting the computer post the VMware EUC Agents Un-install" -ForegroundColor Green
Restart-Computer -Force
Thanks to Hilko and Joel for reviewing the script and providing valuable feedback.
I hope you will find this script useful to uninstall the VMware EUC agents and never look back to remove individual programs under “Programs and Features”. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?
We are in the middle of automating the VMware Horizon Agent 8.x installer for the golden images. To undertake such a task, it’s essential to understand all the MSI Switches that come along with the installer. If you had already automated the Horizon Agent 7.x install it’s also important to check which MSI switches have been removed in Horizon Agent 8.x/YYMM. The below details will show you the switches and highlight the removed/deltas MSI Switches and Properties.
Enables Hybrid logon which allows an unauthenticated user access to network resources without the need to enter credentials.
HelpDesk
Help Desk Plugin for Horizon Agent
Help Desk Plugin for Horizon Agent.
RDP
Enable RDP (hidden)
BlastUDP
Core
Core
Core
[ProductName] core functionality
INSTALLDIR
VMWMediaProviderProxy
VMware Virtualization Pack for Skype for Business
This feature will enable optimization for Skype for Business in remote desktop
ClientDriveRedirection
Client Drive Redirection
Allow Horizon Clients to share local drives with remote desktops and applications. If not installed, copy/paste and drag and drop files and folders features will be disabled.
RTAV
Real-Time Audio-Video
Real-Time Audio-Video enables users to redirect locally connected audio and video peripherals back to the remote desktop for use.
GEOREDIR
Geolocation Redirection
Enables redirection of client’s geolocation to the remote desktop
PerfTracker
Horizon Performance Tracker
Enables Horizon Performance Tracker
Horizon Agent 8.x/YYMM Release MSI Features
Horizon Agent 7.x version (Features available within the agent)
Feature (s38)
Feature_Parent (S38)
Title (L64)
Description (L255)
Directory_ (S72)
URLRedirection
Core
URL Content Redirection
Redirects URL content from a server session to a client device and vice versa.
PSG
Core
VmVideo
Core
VmwVdisplay
Core
VmwVidd
Core
SmartCardSingleUserTS
Core
FlashURLRedirection
Flash URL Redirection
Enables Flash URL Redirection for internal company controlled web pages.
RDSH3D
3D RDSH
This feature enables hardware 3D acceleration in RDSH sessions.
SVIAgent
VMware Horizon View Composer Agent
VMware Horizon View Composer Agent RDSH installs: This machine can be used as the parent image for provisioning Automated Farms
NGVC
VMware Horizon Instant Clone Agent
Horizon Instant Clone Agent should only be installed on a virtual machine running on VMware vSphere 6.0/2015 U1 or later. It cannot be co-installed with Horizon View Composer Agent.
ScannerRedirection
Scanner Redirection
Enables the Scanner Redirection feature.
SerialPortRedirection
Serial Port Redirection
Enables the Serial Port Redirection feature.
SmartCard
Smartcard Redirection
Enables the Smartcard Redirection feature.
TSMMR
TSMMR
Terminal Services Multimedia Redirection. Does not support IPv6 configuration.
ThinPrint
Virtual Printing
Virtual Printer Support
PrintRedir
VMware Integrated Printing
VMware Integrated Printing Redirection.
USB
USB Redirection
USB Redirection. Refer to the VMware Horizon 7 Security document for guidance on using USB redirection securely.
V4V
vRealize Operations Desktop Agent
vRealize Operations Desktop Agent. Does not support IPv6 configuration.
This feature allows remote connections to Internet Explorer to use the Client’s IP address instead of this machine’s. Does not support IPv6 configuration.
HybridLogon
Hybrid Logon
Enables Hybrid logon which allows an unauthenticated user access to network resources without the need to enter credentials.
HelpDesk
Help Desk Plugin for Horizon Agent
Help Desk Plugin for Horizon Agent.
RDP
Enable RDP (hidden)
BlastUDP
Core
Core
Core
[ProductName] core functionality
INSTALLDIR
VMWMediaProviderProxy
VMware Virtualization Pack for Skype for Business
This feature will enable optimization for Skype for Business in remote desktop
ClientDriveRedirection
Client Drive Redirection
Allow Horizon View Clients to share local drives with their remote desktops and applications. Does not support IPv6 configuration.
RTAV
Real-Time Audio-Video
Real-Time Audio-Video enables users to redirect locally connected audio and video peripherals back to the remote desktop for use.
FLASHMMR
Flash Redirection
Flash Redirection
GEOREDIR
Geolocation Redirection
Enables redirection of client’s geolocation to the remote desktop
PerfTracker
Horizon Performance Tracker
Enables Horizon Performance Tracker
Horizon Agent 7.x Release MSI Features
If you want to download the spreadsheet version of the table above/below you can find it below. Note there is a bonus within the spreadsheet: MSI Property comparision between Horizon Agent 7.x and Horizon Agent 8.x and two MSI Properties have been removed VDM_FLASH_URL_REDIRECTION and INSTALL_VDIDISPLAY_DRIVER (Part of the Core in 8.x).
Deprecated/Delta Features between 7.x and 8.x/YYMM release
From the table above, we know all the switches of the Horizon Agent 7.x and 8.x versions. Once we compare the above two tables, we are left with the following delta, and I have commented on whether each feature exists or is removed. Please make sure to remove them from your existing scripts or silent installers if you had added them during your Horizon 7.x installs.
Feature (s38)
Title (L64)
Description (L255)
Additional Comments
FlashURLRedirection
Flash URL Redirection
Enables Flash URL Redirection for internal company controlled web pages.
Flash come to EOL in 2020. Feature has been deprecated
SVIAgent
VMware Horizon View Composer Agent
VMware Horizon View Composer Agent RDSH installs: This machine can be used as the parent image for provisioning Automated Farms
VMware Compose was replaced by Instant Clones
ThinPrint
Virtual Printing
Virtual Printer Support
ThinPrint is replaced by VMware Integrated Printing
VPA
VMware Horizon 7 Persona Management
VMware Horizon 7 Persona Management
Persona is replaced by App Volumes or DEM or FSLogic
DeviceBridgeBAS
Device Bridge BAS Plugin
Enables finger scanners supported by BAS system
Feature has been deprecated
CIT
VMware Client IP Transparency
This feature allows remote connections to Internet Explorer to use the Client’s IP address instead of this machine’s. Does not support IPv6 configuration.
Feature has been deprecated
FLASHMMR
Flash Redirection
Flash Redirection
Flash come to EOL in 2020. Feature has been deprecated
Delta or Deprecated feature list after comparing the above two tables
I hope you will find this post useful to perform silent installs on Horizon Agent. My request is if you find any additional delta or enhancements, please make sure to share it back with me.
If you have desktops deployed via Horizon View 6.x/7.x Instant Clones technology it can get very difficult to collect the Horizon View Agent logs from the desktop VM for troubleshooting/analysis purposes. The moment the end-user logs-off from the desktop it gets into the Status = Disconnected โ> Deleting.
vCenter Task for log-in and log-off of the desktop
vCenter Task for Deleting โ> Customizing โ> Available
The above operations happen very quickly. Suppose in our scenario the desktop was failing on the Status=Customizing (View Administrator). The desktops status would change into the Error state and after couple of seconds get into delete will remain in a loop until the desktop becomes available. This is by design as the Instant Clone is trying to re-create the desktop There was no way to capture the logs for analysis or troubleshooting.
Resolution:Now you can disable the recovery of the Instant Clone desktop VM if they are in the Status=Error (Strictly for troubleshooting purposes). This setting can be enabled at Desktop Pool Level
Desktop Pool Setting (disable autorecovery):
Open the Horizon View ADAM โ (DC=vdi,dc=vmware,dc=int)
Go to OU=Server Groups โ on you right select OU=DesktopPoolName (this is the name of your desktop pool)
Search for pae-RecoveryDisabled and click Edit
Enter Value =1 and click Add โ OK
Now whenever your desktop within the Pool will be in Status=Error it will not delete the VM and keep it in the Error state for you to capture the logs and perform troubleshooting. Please revert the changes of this settings once you have finished analysis. I hope these steps would be helpful leave a comment down below
Recent Comments