Phần 3–Cấu hình VMware Horizon View 5.2
1. Create a domain service account that the View connection server will use to connect to vCenter. On a domain controller create a new AD service account, and set the password to never expire. In my environment the account is called SVC-View01-001. Name is not important, so use whatever naming convention suits you.
2. Login to the vSphere Web Client and from the Home page click on Administration.
In the Administration page click on Role Manager. Create a new role by clicking on the green plus icon. Call it something like View Administrator.
3. Add all of the privileges to the View Administrator role shown in the VMware table below.
4. In the vSphere Web Client navigate to Home > vCenter > Hosts and Clusters, then click on the vCenter name. Now click on the Manage tab and then the Permission tab. Click on the green plus icon to add a permission.
5. Add the domain service account in the left pane, and change the role to View Administrator in the right pane.
6. Launch the View administrator and in the left pane expand View Configuration. Click on Product Licensing and Usage. Enter your View 5 product license key.
7. Under View Configuration click on Servers. Click on the vCenter Servers tab and click Add. Enter the vCenter’s FQDN, your service account name and password. Review the advanced settings in the lower half of the pane to see if they make sense for your environment. I left the defaults.
8. Since we haven’t yet installed View Composer (optional component), select Do not use View Composer.
9. If you are using vCenter 5.1 and ESXi 5.1, you will be presented with some new storage settings. I would leave the all the defaults, as those will produce the best results. If you are using a third party VDI storage accelerator such as Atlantis Computing ILIO then I would disable these storage features as they won’t provide much benefit.
10. At this point the vCenter should be successfully added and have green check boxes under all features.
We have now covered the major configuration steps for the View Connection server components. Next up is a little AD work, creating a VM template, and adding a few desktops to the View administrator console. You can check out that installment in Part 4 here.
Cấu hình cho phép từ mạng Internet truy cập vào View Server 5.2:
I ran into an issues where my View clients were able to connect internally on the same LAN with no issues to thier View Desktops, but when attempting to use the Security Server from an outside source the connection would authenticate, show available desktops, start to load a desktop and then fail with the error “The connection to the remote computer ended”.
Not a lot of details beyond that. After running firewall logs, netcat, wireshark to no avail, VMWare Support was able to help me find the field that was in error in the View Administrator. Apparently during a reinstall the internal IP of the PCoIP Secure Gateway field was left as the default internal IP instead of the actually public IP. The external URL under the HTTP(S) Secure Tunnel also exibited a simular setting using the actual hostname of the server and was updated to the public DNS name of the Security Server.
Not a difficult soltuion, but one of those things that is easily overlooked after a lot of troubleshooting and not something that I easily found a solution for on the web or in KB articles. Hopefully this will help someone else.
In View Administrator click on Servers, the Connection Server, then Edit.
Update the HTTP(S) Secure Tunnel External URL and the PCoIP Secure Gateway, PCoIP External URL. Check both boxes
Sửa lỗi trường hợp không kết nối vào Desktop VM:
Recently I found myself looking at an error which I’ve seen many times before with different customers View environments in which they are unable to connect to desktops getting the following error..
“The connection to the remote computer ended”
In 99% of cases this is usually due to missing firewall rules between the View Client (thick/thin client) and the View Agent (virtual desktop).
The following VMware KB details this error and how to troubleshoot.
However it only affected my test Windows 8 clients which were previously working.
The only thing that has changed was I had been applying and testing the CIS benemarks for Windows 8 in some new GPOs I had created, it had to be those what had broken it, so I set out trying to find which setting.
Unlinking the new CIS GPOs I found I could now connect to my View desktop succesfully so it definatley a setting in the CIS GPOs. The tough job was going through each setting and testing it to find which (initial guess work was not sucessful).
In the end I found the cause to be the following setting:
“System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Enabled”
This setting being configured to enabled, caused a conflict with the View 4.5 connection server settings in the environment which resulted in connections to the View agent from a View client with this policy setting to be rejected.