Tag Archives: VMware

Mindmap – Part 2 – Horizon Cloud on Microsoft Azure (HCoA) – Configuration of Images – Desktops – Farms – Assignments

13 Apr

This post is in continuation of my part 1 – Mindmap – Part 1 – Horizon Cloud on Microsoft Azure (HCoA) – Quick start guide where we look at pre-requisites and the initial deployment of the HCoA solution. In this post, I want to share my learnings about the configuration of Images, Virtual Desktops, Farms and Assignments. We shall take a look into the following topics:

  • Mind map for Horizon Cloud on Microsoft Azure – Part 2 – Configuration of Images – Desktops – Farms – Assignments
    • Creating a Virtual Desktop or RDSH Image
      • Import VM
      • Create Image (Converting VM to Image)
    • Farms (Published Applications)
      • Create Desktop Farm
    • Add Applications to the Farms
      • New Applications – Auto-Scan from Farm
    • Create an Application Assignment
    • Create an Assignment for Multi-session or Hosted Shared Desktop
    • Create a Virtual Desktop Assignment (Persistent – Full Clone)
    • Create a Virtual Desktop Assignment (Non-Persistent – Floating)
    • AppStacks

In the second part of this series, the mindmap acts as an visual representation of all the configurations to be performed post the initial deployment of the Horizon Cloud Pod. It also helps during customer discussions and allows everyone to be on the same page. You can figure out in advance the pre-requisites, deployment details, and requirements for performing the next steps in your HCoA journey.

HCoA – Part 2

Disclaimer – This guide is a deployment/configuration guide, and the production settings, configuration, and use-cases might be different. Please make sure you change the settings appropriate for production workloads. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –

Screenshots from my deployment

Horizon Cloud POD Managers + Unified Access Gateways

Note everything is deployed keeping in mind High availability.

  • 2 x Horizon Cloud Pod Managers
  • 2 x External Unified Access Gateways (Public IP)
  • 2 x Internal Unified Access Gateways (Internal on-premise network)
Azure – Virtual Machines

Azure Load Balancers

  • 1 x Horizon Cloud Pod Managers
  • 1 x Public UAG Appliances
  • 1 x Internal UAG Appliance
Azure – Load Balancers

Azure Virtual Network

I have created the vNet as part of pre-requisites in Part 1 series

  • 1 x Subnet for DMZ (Unified Access Gateway)
  • 1 x Subnet for Mgmt (Pod Managers)
  • 1 x Subnet for Workload (Desktop/Farms)
Azure – vNet

Azure Resource Groups

Note these are auto-created during the Pod deployment.

Azure – Resource Groups

I hope you will find this helpful information on your HCoA journey. Please let me know if I have missed any steps in the mindmap, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Mindmap – Part 1 – Horizon Cloud on Microsoft Azure (HCoA) – Quick start guide

7 Apr

This will be a two part blog series on VMware Horizon Cloud on Microsoft Azure (HCoA). My aim is to get you started off the ground on HCoA, and I have a fair understanding of Azure due to my past certifications on AZ-140 and AZ-104(prep). I high recommend acquiring the Azure skills to make your life easier.

In part one, we shall take a look into the following topics:

  • Mind map for Horizon Cloud on Microsoft Azure – Part 1 – Getting started
    • Getting Started
      • Azure pre-requisites
      • Horizon Cloud Account
    • Configure the Azure Pod
      • Subscription
      • Pod Setup
      • Gateway Settings
    • General Setup
      • Domain Bind
      • Domain Join
      • Administrative Group
      • Universal Broker

The idea here is that the mindmap acts as an excellent visual representation of what to do during the end-2-end cycle of the project. It also helps during customer discussions and allows everyone to be on the same page. You can figure out in advance the pre-requisites, deployment, and requirements for the initial setup.

HCoA – Part 1

Disclaimer – This guide is a get you started guide, and the production settings, configuration and usecases might be different. Please make sure you change the settings appropriate for production workloads. Here is the PDF version if you would like to download and zoom in (Don’t stress your eyes!) –

The useful links to get you quickly started on Horizon Cloud on Azure:

DescriptionLinks
Horizon Cloud on Microsoft Azure Architecture (Techzone)Horizon Cloud on Microsoft Azure Architecture | VMware
Evaluation Guide for VMware Horizon Cloud Service on Microsoft Azure (Techzone)https://techzone.vmware.com/quick-start-tutorial-vmware-horizon-cloud-service-microsoft-azure
Horizon Cloud on Azure Evaluation YouTube playlist – Awesome stuff by Caroline Arakelian(14) VMware Horizon Cloud on Microsoft Azure: Deploying a Cloud Manager–Based Pod – YouTube
Our local Oz hero – Shane Fowler – 0 to hero on HCoAFrom Zero to Hero: A Step by Step Guide How To Deploy Horizon Cloud Service on Azure – YouTube
Horizon Cloud on Azure Cost CalculatorPathfinder (vmware.com)

I hope you will find this helpful information on your HCoA journey. Please let me know if I have missed any steps in the mindmap or reference links, and I will be happy to update the post.

Thanks,
Aresh Sarkari

Unable to use Privilege Elevation – VMware Dynamic Environment Manager

7 Mar

We were exploring the feature Privilege Elevation – VMware Dynamic Environment Manager (DEM) within our development environment, and for some odd reason, a specific feature and configuration wouldn’t work in our setup.

Disclaimer

The windows registry mentioned within this blog post is used within enterprise-grade secure environments. The hardening measure is part of CIS Benchmarks on Windows 10. If your machines aren’t hardened, the feature typically works out of the box. For example, in my home lab, I had no issues with the Privilege Elevation feature working.

Issue

Whenever we enable the feature and apply any settings, it will not work. It didn’t matter which configuration you picked. The error within the logs remains constant.

The error within the FlexEngine-ElevatedTasks.log

2022-02-21 13:02:30.122 [ERROR] Cannot launch elevated task 'TaskName01' (token infrastructure not available)
2022-02-22 11:22:02.960 [ERROR] Cannot launch elevated task 'TaskName01' (token infrastructure not available)
2022-02-28 18:23:19.736 [ERROR] Cannot launch elevated task 'TaskName01' (token infrastructure not available)

Cause

Provided by VMware – The additional configuration on LSA Protection causing issues with the VMware DEM agent (2103 Version). The windows registry key – HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

RunAsPPL=1

Resolution

My team managed to open a VMware GSS case handled by GuruKripal (A very helpful support engineer), we had to provide numerous amount of logs, procmons and group policy export of the enivornment. After giving them the export of our CIS Benchmarked group policies, they could reproduce the issue. In the end, the VMware engineering team provided us with a newer build of DEM Agent (10.2.4.1023 x64.msi).

If you encounter a similar issue, you can raise a VMware support case to obtain the fix or/else, I was assured all future releases of DEM Agent would include the fix. I hope you will find this information useful if you encounter the issue. A big thanks to my teammate Jishan T for his continuous effort while troubleshooting with GSS over 6+ months.

Thanks,
Aresh Sarkari

Azure VMware Solution – Network Connectivity Azure VNet and On-premise

15 Feb

In this blog post, we shall take a deeper look into the Azure VMware Solution network connectivity between the Azure VNet for accessing Azure native services such as Bastion, Azure AD, SQL etc. and further connectivity to the On-premise network to migrate virtual machines or hyrbid setup.

AVS Networking – Image courtesy @Microsoft

Step 1 & 2 – Connectivity between Azure VMware Solution (AVS) – Express Route to Azure VNet

  • After the deploying the AVS we need to connect it to the Azure VNet for consuming Azure Native Services such as Bastion, SQL, AAD etc.
    • Note AVS pre-deploys the ExpressRoute for you (AVS – Manage – Connectivity – Express Route).
  • We need to have a Virtual Network Gateway (VNG) existing on Azure VNet, or we need to create one. All steps to be performed under portal.azure.com
  • Deploy the Virtual Network Gateway (VNG) on Azure subscription
    • Make sure you have a VNG created on Azure VNET
    • Give it a name – AZ104-VNG01
    • Resource Group – Select New or existing
    • Location – Australia East
    • SKU – Standard (for demo and testing purposes)
    • Virtual Network – Select the existing VNET (E.g. 10.0.0.0/16) for Azure. Note it will create the Gateway Subnet automatically (10.x.x.x/24)
    • Type – ExpressRoute
    • Public IP Address – Create New (It will auto assign a public IP)
    • Optional Create Tags
    • Save and Create
  • Under AVS – Connectivity – Express Route
    • Request the Authorization key
      • Name – ToAzureVNET
      • Copy the Key and Express Route ID
  • Open the VNG (AZ104-VNG01) and Settings – Connections
    • Click on Add
    • Name – FromAVSPrivateCloud
    • Connection Type – Express Route
    • Enter the Authorization Key and Express Route ID and paste them here
    • Click OK
    • The Status will change from Updating to Succeeded
  • Now we have the connectivity between the AVS and Azure VNet.

Step 1 & 3 – Connectivity between Azure VMware Solution – ExpressRoute Global Reach to On-premise networks

  • Now we will establish the connectivity between AVS and On-premise networks
  • ExpressRoute Circuits – This is the coming from On-premise into Azure VNet
    • This will depend upon the partner network (Equinix, Telstra etc.)
    • Note there are different type of Peerings available. Select based on your design – Azure ExpressRoute Overview: Connect over a private connection | Microsoft Docs
      • Azure Private – We are going with this option at the moment
      • Azure Public (Public IP address required)
      • Microsoft (Office 365 etc.)
    • Click under Settings – Authorizations
    • Click on Add
    • Name – AuthorizationforAVS
    • Copy the Authorization Key
    • Copy the Resource ID, which is the Express Route Circuit ID
  • Under AVS – Connectivity – ExpressRoute Global Reach
    • Click on Add
    • Select the Subscription and Resource Group
    • Copy and paste the Authorization key and Express Route Circuit ID
    • Click Create
    • It will show as Connected

The intention here is to get you a few useful links on the Networking on Azure VMware Solution:

DescriptionLinks
AVS Network Setup – Video from Trevor DavisAzure VMware Solution – Network Setup – YouTube
VMware Documentation – Using Azure ExpressRoute with AVSDesignlet: Using Azure ExpressRoute with Azure VMware Solution for On-premises Connectivity | VMware
Azure ExpressRoute PricingPricing – ExpressRoute | Microsoft Azure
Previous Blog post – Mindmap AVS Networking guidanceMindmap – Azure VMware Solution – Guidance on Deployment and Networking | AskAresh
ExpressRoute Private PeetingGitHub – microsoft/Deploy-and-Optimize-Azure-ExpressRoute-Private-Peering: This deployment guide is focused on helping you deploy and optimize the Azure private peering, which enables connectivity between your private network and your Azure VNets over ExpressRoute.
Useful Links

I hope you will find this helpful information on your AVS Networking journey. Please let me know if I have missed any steps or good reference links, and I will be happy to update the post.

Thanks,
Aresh Sarkari

VMware vRealize Operations Management Pack for Horizon MP4H 2.0

9 Feb

The MP4H (Management Pack for Horizon) 2.0 was recently released – Release Notes. It was time to give it a go, and the best place IMHO is VMware Test Drive, as they have a larger environment and there is alot of data for simulation compared to our small homelab.

Let’s take a look at the following information from the vRealize Operations – MP4H:

  • New engaging Dashboards and View
  • Observations and thoughts
  • Where to download the MP4H 2.0 pack?

New engaging Dashboards and Views

Service Monitoring for Unified Access Gateway (UAG) and Connection Server (CS) – Using the Telegraf Agent, you can monitor the Tomcat services and HTTP Health Checks against the UAG and CS web services. The step by step configuration details can be found here.

Connection Server certificate validation – There are new properties around CS certificate validation. This way, you can an dashboard based on the view – Availability \ Horizon Connection Server Certificate.

Unified Access Gateway Session – There are views on UAG Session Disparity amongst different UAG Appliances and session split across internal and external UAG appliances. The UAG Overall experience widget gives a high-level overview. Note the HTTP check is using the Telegraf agent to perform the checks (It’s empty, but you get the point there is capability.)

Horizon Client Versions and Horizon User Agent Version – These dashboards are not new and were present in the previous MP4H, but these are so important to get an overview of the Client and Agent versions within the environment.

Observations and thoughts

Very excited to see the UAG Appliances inclusion as a first class citizen into monitoring & alerting. One can tell looking at the MP4H 2.0 has come a long way since its previous releases. I am personally looking forward to the built-in reports to come back in future releases, along with the inclusion of VMware App Volumes and VMware Workspace ONE alerting and reporting. If the VMware product team considers my recommendation, it can start to differentiate itself against other players within the same market segment.

Features wishlist:

  • HTTP Check and Service monitoring for App Volumes and Workspace ONE Access
  • Certificate validation for UAG, App Volumes and Workspace ONE Access
  • Builtin Reports – Previous Horizon Reports, App Volumes – AppStacks, App Volumes – Wrtiable Volumes, Workspace ONE Access – User Sessions etc.

I can’t wait to see what the next release of the vRealize Operations – Horizon Management pack beholds.

Where to download the MP4H 2.0 pack?

You can download the pack from VMware Marketplace, and the following versions of vRealize Operations are supported.

Cameron covers additional information on his blog post here – MP4H 2.0 What’s New and Use Cases – C4 | Virtually Blogging (cameronfore.com). I highly recommend following him for all MP4H content.

Disclaimer – All the screenshots are from VMware Test Drive Portal. All credits to them for their hardwork.

I hope you will find this helpful post about the latest release of MP4H 2.0. I highly recommend giving it a go on Test Drive and a small request if you find anything interesting. I hope you can share it back with me?

Thanks,
Aresh Sarkari

VMware Community Podcast #584 – Guest Speaker on Azure VMware Solution Deployment & Networking Guidance Mindmap

9 Dec

On Dec 8th 2021 I got the oppurtunity to come to the VMware Community Podcast as a guest speaker and talk about my previously written blog post – Mindmap – Azure VMware Solution – Guidance on Deployment and Networking | AskAresh. I am told my blog post was trending among VMware Social Media feeds 🙂

It was an honour to come and speak at the podcast with host Eric L Nielsen and co-host Matt Langguth. A treat to watch and speak live, and catch-up on the signature Eric’s introduction of “Across the nation or around the world” and the “color of the bay”. The entire overall experience on the podcast was outstanding and I hope to come back again soon. Following is the Audio/Video version on Youtube the podcast is available on leading platform such as Apple, Google, Spotify etc.

I hope you find our conversation useful and feel free to revert if you have further questions.

Thanks,
Aresh

Script/API – Delete Orphaned Writable Volumes from VMware App Volumes Manager

10 Nov

Often within the VMware App Volumes Manager (AVM), Writable Volumes will show up as Status – Orphaned. Let’s take a look at the following topics:

  • What is Orphaned Writable Volumes?
  • Script to delete them from the App Volumes Managers

What is Orphaned Writable Volumes?

App Volumes Manager is integrated with Microsoft Active Directory (AD), and it’s in continuous synchronization. Whenever an end-user account gets disabled into the AD during the next sync activity of App Volumes Manager, it will mark the writable volumes with Writable Status = Orphaned.

Now in the ideal world, these accounts have been disabled and should be okay to delete? Maybe, if you don’t have the obligation of data retention, then you are ready to delete them. If you need to retain them, keep them as-is for compliance purposes.

Script to delete them for App Volumes Manager

Before we talk about the script, the deletion is very straightforward within the App Volumes Manager. Select the volumes with Status = Orphaned and select the Delete button. However, when you have to do the same against multiple POD, which becomes challenging, and as always, if it’s not automated, there is the scope of human error.

Pre-requisites

  • You need the App Volumes Manager URL
  • You need the username and password of the App Volumes Manager
  • You need to enter y/Y to proceed further with the deletion
  • The script was tested on PowerShell V5.x with App Volumes Manager version 2.18.10 (The logic will be the same however, the API call for App Volumes 4.x will be different)
###########################################################################
# Get List of Wrtiable Volumes from AppVolumes Manager for Status=Orphaned
# Delete the Orphaned Wrtiable Volumes
# You need username and password for the App Volumes Manager
# Author - Aresh Sarkari (Twitter - @askaresh)
# Version - V5.0
###########################################################################

#App Volumes Manager Name or IP Address
$AVManager = "https://avm001.askaresh.local"

# Run at the start of each script to import the credentials
$RESTAPIUser = "domain\username"
$RESTAPIPassword = "enteryourpassword"

#Ignore cert errors
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'

#Login AV Manager Body
$body = @{
    username = “$RESTAPIUser"
    password = “$RESTAPIPassword”
}

#Login API call to the AV Manager
Invoke-RestMethod -SessionVariable DaLogin -Method Post -Uri "$AVManager/cv_api/sessions” -Body $body

#Get the list of Writbale Volumes from the AV Manager
$output = Invoke-RestMethod -WebSession $DaLogin -Method Get -Uri "$AVManager/cv_api/writables" -ContentType "application/json"

#Selecting the WV with status Orphaned into a variable
$WVouput = $output.datastores.writable_volumes | Select-Object id, owner_name, owner_upn, title, status | Where-Object {[string]$_.status -match "Orphaned"}

#Output on the console (Validate carefully before proceeding ahead)
$WVouput | Format-Table | Out-String | % {Write-Host $_}

#Confirmation logic to proceed with the deletion
$confirmation = Read-Host -Prompt "Are you Sure You Want To Proceed with the deletion:" 
if ($confirmation -match "[yY]" ) {
    # proceed

# The WV Deletion API call only looks for IDs. We are filtering the ids only
$WVOutputIDs = $WVouput.id

#Looping to delete each Writable Volumes via its ID
foreach ($WVOutputIDss in $WVOutputIDs) {

# Writable Volumes deletion Parameters body
$jsonbody = @{
    bg = "0"
    volumes = "$WVOutputIDss"
} | ConvertTo-Json

#API call to delete the Wrtiable Volumes
#We are using Invoke-webrequest for getting the Content of the deletion (Success) in oneline
$WVdeletecall = Invoke-WebRequest -WebSession $DaLogin -Method Post -Uri "$AVManager/cv_api/volumes/delete_writable" -Body $jsonbody -ContentType "application/json"

}

#Dig into the exception to get the Response details.
Write-Host $WVdeletecall.StatusCode
Write-Host $WVdeletecall.StatusDescription
Write-Host $WVdeletecall.Content

}

GitHub scripts/del-writablevolume-status-orphaned at master · askaresh/scripts (github.com)

Observations

  • When you run the script, it will identify all the end-users with Status = Orphaned. If you like, you can copy and paste the output in an editior (Notepad++) to verify the output.
  • Once you press y/Y it will go ahead and delete the Orphaned writable volumes.

I hope you will find this script useful to bulk delete orphaned Writable Volumes in App Volumes Manager. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Script/API – Horizon Reach – Get consolidated Horizon Farms/Desktops pools – Name Health, Image and Snapshot information

27 Oct

Horizon Reach is a potent tool, and Andrew Morgan has put in a lot of blood, sweat and tears to develope it. What suprises me is why isnt this fling included into the Horizon product? We haven’t gathered here to talk about the product management and roadmap aspects 😉

Horizon Reach fling aggregates all the various Horizon POD information into its database. Typically, running Horizon API calls or Horizon Powershell modules might have to run them against individual pods to fetch information about that POD. The beauty with Horizon Reach is it aggregates all the information, we can write scripts/API calls to request information from there instead of writing Horizon POD specific scripts.

Let’s take a look at the following information from the Horizon Reach fling:

  • What API’s are available with Horizon Reach?
  • What all options are available to interact with Horizon Reach API?
  • Script – Get a consolidated list of Horizon Farm details (Display the Name, Base Image details, Snapshot Version, Health and If provisioning is enabled)
    • Note the above can also be fetched using the old Horizon Powershell modules but trust me it’s pretty tricky to run a foreach loop for every object on the SOAP method.
  • Script – Get a consolidated list of Horizon Desktop Pools details (Display the Name, Base Image details, Snapshot Version, Health and If provisioning is enabled)

What API’s are avilable with Horizon Reach?

After you have installed the Horizon Reach fling, go to the following URL to check out all the avilable API’s. Its the UI Swagger interface to simplify and understand each calls.

URL https://horzonreach.domain:9443/swagger/index.html

What all options are avilable to interact with Horizon Reach API?

You can interact with the API with your preffered method such as Powershell or Postman or something else.

Postman https://horzonreach.domain:9443/swagger/v1/swagger.json (You will be able to import all the Horizon Reach API as a collection within Postman)

Powershell – You can use the built-in modules of Invoke-RestMethod or Invoke-WebRequest method to interact with Horizon Reach API.

Scripts to get consolidated Horizon Farms/Desktops information

Pre-requsites:

  • You need the Horizon Reach Server URL
  • You need the password of the Horizon Reach Server
  • The script provides you with the details of all Horizon PODs in your setup.
  • The script was tested on PowerShell V5.x
#Horizon Reach Server Name or IP Address
$HZReachServer = "https://horizonreach.domain:9443"

#Ignore the self signed cert errors
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'


#API Call to make the intial connection to the Horizon Reach Server##
$HZReachLogonAPIcall = "$HZReachServer`/api/Logon"

#The body payload that comprises of the login API request
$body = @{
    username = "administrator"
    password = "enteryourpassword"
} | ConvertTo-Json

$HZReachlogin = Invoke-RestMethod -Method Post -uri $HZReachLogonAPIcall -Body $body -ContentType "application/json"

#Header along with the JWT token is now saved for future API calls
#You need to call this header in all subsequent calls as it has the token
$Headers = @{ Authorization = "Bearer $($HZReachlogin.jwt)" }

#API Call to fetch the consolidated (as many pods you have) Horizon Farm information##
$HZReachFarms = Invoke-RestMethod -Method Get -uri "$HZReachServer/api/Farms" -Headers $Headers -ContentType "application/json" -UseBasicParsing | Format-Table -Property displayname, baseimage, snapshot, enabled, health, isProvisioningEnabled

Write-Output $HZReachFarms

#API Call to fetch the consolidated (as many pods you have) Horizon desktop pool information##
$HZReachPools = Invoke-RestMethod -Method Get -uri "$HZReachServer/api/pools" -Headers $Headers -ContentType "application/json" -UseBasicParsing | Format-Table -Property displayname, baseimage, snapshot, enabled, healthDetail, isProvisioningEnabled

Write-Output $HZReachPools

GitHub scripts/HorizonReach-Farms-Pools-Info at master · askaresh/scripts (github.com)

Observations:

  • Farm Output:
  • Desktop Pool Output:
  • The following information (Display Name, Snapshot, Base Image, Health, Provisioning Mode) is pulled using the above scripts. I was much interested to see the snapshot versions of each Farms/Pools along with Health and provisioning status. Feel free to extract whatever details you are looking for there are plenty of other properties.

I hope you will find this script useful to fetch helpful information from Horizon Reach. A small request if you further enhance the script or make it more creative, I hope you can share it back with me?

Thanks,
Aresh Sarkari

Explorer.exe keeps crashing every 3 seconds in Windows 10

19 Oct

It was patch Tuesday time, and we were implementing the Windows 10 1909 Oct October 12, 2021—KB5006667 (OS Build 18363.1854) patch to our base images which are used for VMware Horizon VDI. During our validations, we started noticing the strange behaviour of Explorer.exe crashing and desktop becoming completely unusable.

Update 16th Nov 2021 – The explorer.exe crashing issue is now resolved in November 9, 2021—KB5007189 (OS Build 18362.1916) (microsoft.com)

Issue

The Windows explorer.exe keeps crashing within the virtual desktop of Windows 10 1909. The virtual desktop is entirely unusable. The only way to see the Event Viewer or anything is by using Horizon Client – Options – Send Ctrl + Alt + Del command within the virtual desktop and then opening up the Task Manager.

Cause

Provided by Microsoft – The explorer is trying to update feeds content, and there is a NULL value due to this bug that is causing explorer to crash.

Resolution

We tried performing various steps of un-install and re-installing the patch etc.. However, nothing worked, and we ended up working with Microsoft and seemed like it was a known issue, and they provided us with the following fix:

Option 1 – Registry – Disable News and Interest

Open regedit.exe on the golden image or

 Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Feeds\
 REG_DWORD name: ShellFeedsTaskbarViewMode
 Value: 2

Option 2 – GPO – Disable News and Interest

To access the policy for news and interests on the taskbar, on a device that has installed Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2) – v2.0 ADMX file Feeds.admx is newly added, and we can retrieve it from the below .admx file:

Computer Configuration > Administrative Templates > Windows Components > News and interests > News and interests on the taskbar > Select Disabled

Note – I suspect this fix might be applicable to other Windows 10 versions.

I hope you will find these steps helpful to resolve explorer.exe crashing issue and don’t have to go down the path of troubleshooting the issue.

Thanks,
Aresh Sarkari



Mindmap – Azure VMware Solution – Guidance on Deployment and Networking

12 Oct

I have been trying out the Azure VMware Solution (AVS) on the VMware HOL and going through the techzone documentation. In this post, we shall take a look into these topics:

  • Mindmap – Steps for AVS Deployment and Networking
  • Quick Start Links
  • Optional – Deploy AVS via Azure Resource Manager Templates

Mindmap for AVS Deployment/Networking

Managed to put together a mindmap on the AVS deployment and networking steps of the service. The idea here is the mindmap acts like an excellent visual representation of what to do during deployment and you can figure out in advance the requirements/steps and pre-requisites.

Azure VMware Solution

Here is the PDF version if you would like to download and zoom-in

Quick Start Links

The intention here is to get you quickly started on Azure VMware Solution:

DescriptionLinks
AVS TechzoneAzure VMware Solution | VMware
AVS Hands-on LabAzure VMware Solution Hands-on Labs | VMware
AVS PricingPricing – Azure VMware Solution | Microsoft Azure
AVS (Microsoft Doco)Azure VMware Solution documentation – Azure VMware Solution | Microsoft Docs
AVS Logical DiagramAzure VMware Solution Logical Design
Useful Links

Optional – Deploying AVS using Azure Resource Manager

We can also deploy the AVS solution via PowerShell and using the Azure Resource Manager (ARM) template. The advantage here is you have slightly more advanced options that are not available via the GUI. (E.g. You can set the desired password for vCenter and NSX)

{
  "type": "Microsoft.AVS/privateClouds",
  "apiVersion": "2021-06-01",
  "name": "AE-1-AVS-01",
  "location": "Australia East",
  "tags": {
    "Billing": "IT",
    "Department": "IT"
  },
  "sku": {
    "name": "AV36"
  },
  "properties": {
    "circuit": {},
    "identitySources": [
      {
        "alias": "string",
        "baseGroupDN": "string",
        "baseUserDN": "string",
        "domain": "string",
        "name": "string",
        "password": "string",
        "primaryServer": "string",
        "secondaryServer": "string",
        "ssl": "string",
        "username": "string"
      }
    ],
    "internet": "string",
    "managementCluster": {
      "clusterSize": "3"
    },
    "networkBlock": "10.19.0.0/22",
    "nsxtPassword": "yourchoicepassword",
    "vcenterPassword": "yourchoicepassword"
  }
}

I hope you will find this helpful information on your AVS journey. Please let me know if I have missed any steps in the mindmap or reference links and I will be happy to update the post.

Thanks,
Aresh Sarkari