VMware Horizon 7.13 – Master Virtual Desktop

Last Modified: Nov 16, 2020 @ 6:25 am

Navigation

Use this post to build a virtual desktop that will be used as the parent image or source image for additional virtual desktops. There’s a separate article for RDS Session Host.

This post applies to all VMware Horizon 7 versions including 7.13 (ESB) and 7.10.3 (ESB).

💡 = Recently Updated

Change Log

Virtual Hardware

Lieven D’hoore has a desktop VM build checklist at VMware Horizon View – Windows 10 Golden Image Creation

  1. The virtual desktop pools will use the same hardware specs (e.g. vCPUs, memory size, network label) specified on the master virtual desktop. Adjust accordingly.
  2. For New Hard disk, consider setting Thin provision.
  3. Make sure the virtual desktop is using a SCSI controller.
  4. The master virtual desktop should be configured with a VMXNET 3 network adapter.
  5. When building the master virtual desktop, you will probably boot from an ISO.
  6. Before using View Administrator to create a pool, ensure the CD/DVD drive points to Client Device and is not Connected. The important part is to make sure ISO file is not configured.
  7. There’s no need for the Floppy drive so remove it.
  8. If you have any Serial ports, remove them.
  9. In Device Manager, after installing VMware Tools, make sure the video driver is VMware SVGA 3D.
  10. If not, you can use the driver at C:\Program Files\Common Files\VMware\Drivers\video_wddm.

Windows

VMware TechZone Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop

Preparation

Windows 7 VMXNET 3 Networking Hotfix

For Windows 7 machines:

  1. Ensure the vSphere network port group allows a sufficient number of connected virtual machines.
  2. Make sure Windows 7 Service Pack 1 is installed.
  3. The recommended hotfix for fixing VMXNET 3 is the 3125574 Convenience Rollup.

    1. Run windows6.1-kb3125574-v4-x64.msi.
  4. Or, the minimum hotfix is 2550978 http://support.microsoft.com/kb/2550978.

    1. Run Windows6-1-KB2550978.msu.
  5. Click Yes when asked to install the hotfix.
  6. Click Restart Now.
  7. After installing either hotfix, follow http://support.microsoft.com/kb/315539 to delete ghost NICs.

From Microsoft KB article http://support.microsoft.com/kb/235257: For desktop VMs using VMXnet3 NICs, you can significantly improve the peak video playback performance of your View desktop by simply setting the following registry setting to the value recommended by Microsoft:

  • HKLM\System\CurrentControlSet\Services\Afd\Parameters\FastSendDatagramThreshold to 1500

Windows 7 Black Screen Hotfix

For Windows 7 machines, request and install Microsoft hotfix 2578159: The logon process stops responding in Windows. More info at VMware 2073945 Reconnecting to the VDI desktop with PCoIP displays a black screen.

Windows 7 SHA2 Hotfix

For Windows 7 machines, install Microsoft Security Advisory 3033929, Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2.

Windows 7 Hotfix for AppVolumes

For Windows 7 machines, install the Microsoft hotfix for mountmgr.sys.  More info at VMware 2126775 Logging in to a virtual machine fails or is slow at the Welcome Screen when using VMware AppVolumes,

Power Options

  1. Run Power Options. In Windows 8 and newer, right-click the Start Menu to access Power Options.
  2. Click the arrow to show more plans, and select High performance.
  3. Next to High performance, click Change plan settings.
  4. Change the selection for Turn off the display to Never, and click Save changes.

System Settings

  1. Domain Join. For linked clones, join the machine to the domain. For Instant Clones, see VMware 2150495 Computer-based Global Policy Objects (GPOs) that require reboot are not applied on instant clones.
  2. In System control panel applet (right-click the Start Menu > System), click Remote settings.
  3. Enable Remote Desktop.
  4. Activate Windows with a KMS license if not already activated. Note: only KMS is supported with View Composer.

Windows Profiles v3/v4 Hotfix

Roaming user profiles are tied to the operating system version so profiles on Windows 8.1-based, Windows 10-based, or Windows Server 2012 R2-based computers are incompatible with roaming user profiles in earlier versions of Windows.

Profiles are compatible only between the following client and server operating system pairs:

  • v6 = Windows 10 1607 and newer, Windows Server 2016, Windows Server 2019
  • v5 = Windows 10 1511 and older
  • v4 = Windows 8.1 and Windows Server 2012 R2
  • v3 = Windows 8 and Windows Server 2012
  • v2 = Windows 7 and Windows Server 2008 R2

If Windows 8, install hotfix http://support.microsoft.com/kb/2887239.

If Windows 8.1, ensure update rollup 2887595 is installed. http://support.microsoft.com/kb/2890783

After you apply this update, you must create a registry key before you restart the computer.

  1. Run regedit.
  2. Locate and then tap or click the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\ProfSvc\Parameters
  3. On the Edit menu, point to New, and then tap or click DWORD Value.
  4. Type UseProfilePathExtensionVersion.
  5. Press and hold or right-click UseProfilePathExtensionVersion, and then tap or click Modify.
  6. In the Value data box, type 1, and then tap or click OK.
  7. Exit Registry Editor.

After you configure the UseProfilePathExtensionVersion registry entry, you have to restart the computer. Then, Windows 8.1 creates a user profile and appends the suffix “.v4” to the profile folder name to differentiate it from version 2 of the profile in Windows 7 and version 3 of the profile in Windows 8. Then, Windows 8.1-based computers that have update rollup 2887595 installed and the UseProfilePathExtensionVersion registry entry configured use version 4 of the profile.

Windows 8 creates a new copy of the user profile and appends the suffix “.v3” in the profile folder name to differentiate it from the original version 2 profile for Windows 7. After that, Windows 8-based computers that have this hotfix installed and the UseProfilePathExtensionVersion registry entry configured use the version 3 profile for users.

Install Applications

Install applications locally if you want them to be available on all virtual desktops created based on this master virtual desktop.

Or you can use a Layering product (e.g. VMware App Volumes, Unidesk) or App Streaming (e.g. ThinApp, Microsoft App-V).

Antivirus

VMware Tech Paper Antivirus Considerations for VMware Horizon 7 contains exclusions for Horizon View, App Volumes, User Environment Manager, ThinApp, etc.

Microsoft’s virus scanning recommendations (e.g. exclude group policy files) – http://support.microsoft.com/kb/822158.

Carbon Black

Interoperability of VMware Carbon Black and Horizon (79180)

Symantec

Symantec links:

Trend Micro

Trend Micro Slow login on Citrix environment after installing OfficeScan (OSCE): The following registries can be used to troubleshoot the issue. These registries will allow a delay on the startup procedure of OSCE until the system has launched successfully. This avoids deadlock situations during login.

Citrix CTX136680 – Slow Server Performance After Trend Micro Installation. Citrix session hosts experience slow response and performance more noticeable while users try to log in to the servers. At some point the performance of the servers is affected, resulting in issues with users logging on and requiring the server to be restarted. This issue is more noticeable on mid to large session host infrastructures.

Trend Micro has provided a registry fix for this type of issue. Create the following registry on all the affected servers. Add new DWORD Value as:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TmFilterParameters] “DisableCtProcCheck”=dword:00000001

Trend Micro Links:

Sophos

Sophos Endpoint Security and Control: Best Practice for running Sophos on virtual systems: we’ve amassed the following practical information about how you can optimize our software to work with this technology.

Sophos Endpoint Security and Control: Installation and configuration considerations for Sophos Anti-Virus on a Remote Desktop Services server: It maybe desirable to disable the Sophos AutoUpdate shield icon

Sophos Endpoint Security and Control: How to include current version of Sophos in a disk image for cloned virtual machines: This procedure will make sure that the produced target/cloned computers:

  • Get their distinct identity with Enterprise Console, under which they can be subsequently managed.
  • Have the desired version of Sophos Anti-Virus already installed and configured on the created image.

Palo Alto Traps

  • Install Traps Agent for Windows:
    • Virtual desktop infrastructure (VDI) installation—Intended for non-persistent endpoints that replicate (also referred to as spawn) from a golden image which has Traps installed.
    • Temporary session—Intended for either physical or virtual endpoints (such as a Remote Desktop Server) that repeatedly revert to a snapshot (or image) on which Traps is not installed.

Windows Defender Antivirus

Configuring Microsoft Defender Antivirus for non-persistent VDI machines – Microsoft Blog

Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment – Microsoft Docs

Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATP

Cylance

CTX232722 Unable to launch application with Cylance Memory Protection Enabled. Cylance must be run in compatibility mode in order to the VDA and Cylance to run on the same machine. See the article for detailed instructions.

Horizon Agent

Horizon Agent Installation/Upgrade

Install Horizon Agent on the master virtual desktop. Upgrades are performed in-place.

  1. See VMware 2149393 Supported versions of Windows 10 on Horizon Agent.
    1. Windows 10 version 1903 is supported by Horizon Agent 7.8 and newer.
    2. Windows 10 version 1809 is supported by Horizon Agents 7.5.1 and newer.
  2. VMware Tools – Only install Horizon Agent after you install VMware Tools.
    1. If you need to update VMware Tools, uninstall Horizon Agent, upgrade VMware Tools, and then reinstall Horizon Agent.
    2. See VMware Product Interoperability Matrices for supported versions of VMware Tools with different versions of Horizon Agent.
    3. If VMware Tools 11.x, VMware recommends running the following: (source = VMware 78434 Performance issues for Horizon 7 when using VMware VMTools 11.x)
      C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe" config set appinfo disabled true
  3. Check the video driver to make sure it is VMware SVGA 3D.
  4. Download Horizon 7.13.0 View Agent, or Horizon 7.10.3 View Agent (ESB).

  5. Run the downloaded VMware-Horizon-Agent-x86_64-7.13.0.exe, or VMware-Horizon-Agent-x86_64-7.10.3.exe.

  6. If you want the URL Content Redirection feature, then you must run the Agent installer with the the following switches: /v URL_FILTERING_ENABLED=1
  7. In the Welcome to the Installation Wizard for VMware Horizon Agent page, click Next.
  8. In the License Agreement page, select I accept the terms, and click Next.
  9. In the Network protocol configuration page, select IPv4, and click Next.
  10. In the Custom Setup page, there are several features not enabled by default. Feel free to enable them.
    1. If you want USB Redirection, then enable that feature.
    2. Horizon 7.2 and newer have VMware Virtualization Pack for Skype for Business. See Configure Skype for Business at VMware Docs for details.
    3. You can install Instant Clone Agent, or View Composer Agent, but not both.

    4. According to Instant-Clone Desktop Pools at VMware Docs, Persona is not supported with Instant Clones.

    5. If you want Scanner Redirection, then enable that feature. Note: Scanner Redirection will impact host density.
    6. Horizon 7.3 through Horizon 7.9 have HTML5 Multimedia Redirection. In Horizon 7.10 and newer, HTML5 Browser Redirection seems to be installed automatically. To enable and configure these features, see HTML5 Redirection in Horizon Group Policy.
    7. Horizon 7.6 and newer have an option for Geolocation Redirection. The feature requires a plugin for Internet Explorer 11 and Horizon Client 4.9. No other browsers are supported. See Configuring Geolocation Redirection at VMware Docs.
    8. Horizon 7.5 and newer have Horizon Performance Tracker, which adds a program to the Agent that can show the user performance of the remote session. You can publish the Tracker.

    9. Horizon 7.7 and newer have a VMware Integrated Printing or VMware Advanced Printing option, which replaces the older ThinPrint technology. VMware Integrated Printing requires Horizon Client 4.10 or newer.
    10. If you enable VMware Integrated Printing, then you must disable Virtual Printing, which is higher in the list.

  11. Click Next when done making selections.
  12. In the Ready to Install the Program page, click Install.
  13. In the Installer Completed page, click Finish.
  14. Click Yes when asked to restart.
  15. Horizon Agent 7.13 and newer let you Modify the features that were selected during installation. In older versions, you must uninstall Horizon Agent and reinstall it.
    • If you click Modify from Apps & features (or Programs and Features), it will tell you to open an elevated command prompt and run the command shown in the window.
    • You can’t change from Manual to Instant Clone or back again using this method.
  16. If you want to know what features were selected during installation, look in HKLM\Software\VMware, Inc.\Installer\Features_HorizonAgent. Or look in the installation log files as detailed at Paul Grevink View Agent, what is installed?

  17. For Horizon Persona (not with Instant Clones), enable the Microsoft Software Shadow Copy Provider service. See Windows 10 with Persona management not syncing at VMware Communities.
  18. If Windows 10 version 1709 with View Composer, you might have to delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Security. See VMware 51518 Production Support for VMware Horizon 7.4, 7.3.2, and 7.2 with Win 10 1709 Semi-Annual Channel (SAC) Guest OS
  19. To verify installation of the URL Content Redirection feature, check for the presence of C:\Program Files\VMware\VMware View\Agent\bin\UrlRedirection.
  20. There’s also a new IE add-on.
  21. URL Content Redirection is configured using group policy.

Install/Upgrade Dynamic Environment Manager (DEM) Agent

Dynamic Environment Manager (DEM) is the new name for User Environment Manager (UEM).

If you are licensed for Dynamic Environment Manager (Horizon Enterprise Edition), install the Dynamic Environment Manager (DEM) Enterprise Agent.

  • DEM Enterprise has the same or more features that has always been included in Horizon Enterprise. DEM Standard is a reduced-feature version for Horizon 8 Standard Edition.
  • Note: UEM 9.1 and newer can also work without Active Directory (Group Policy); see VMware 2148324 Configuring advanced UEM settings in NoAD mode for details.

Windows 10 Compatibility

  • DEM 9.10 and newer support Windows 10 version 1909.
  • UEM 9.8 and newer support Windows 10 version 1903.
  • UEM 9.6 and newer are supported on Windows 10 1809.

To install DEM Agent:

  1. Make sure Prevent access to registry editing tools is not enabled in any GPO since this setting prevents the FlexEngine from operating properly.
  2. Download Dynamic Environment Manager 2009 (aka 10.1) Enterprise, or Dynamic Environment Manager 9.9.0.

  3. Run the extracted VMware Dynamic Environment Manager Enterprise 10.1 x64.msi, or VMware Dynamic Environment Manager 9.9 x64.msi (ESB).

  4. In the Welcome to the VMware Dynamic Environment Manager Enterprise Setup Wizard page, click Next.
  5. In the End-User License Agreement page, check the box next to I accept the terms, and click Next.
  6. In the Destination Folder page, click Next.
  7. The Choose Setup Type page appears. By default, the installer only installs the engine. You can click Custom or Complete to also install the Management Console. The Management Console is typically installed on an administrator workstation, not on a master image.

  8. In the Choose License File page, if installing on a Horizon Agent, then no license file is needed. Click Next.
  9. In the Ready to install VMware Dynamic Environment Manager Enterprise page, click Install.
  10. In the Completed the VMware Dynamic Environment Manager Enterprise Setup Wizard page, click Finish.
  11. If you have PCoIP Zero Clients that map USB devices (e.g. USB drives), then you might have to set the following registry value. (Source = VMware 2151440 Smart card SSO fails when you use User Environment Manager with a zero client)
    • HKLM\Software\VMware, Inc.\VMware VDM\Agent\USB
      • UemFlags (DWORD) = 1

Unity Touch

With the Unity Touch feature, tablet and smart phone users can quickly navigate to a Horizon View desktop application or file from a Unity Touch sidebar. Although end users can specify which favorite applications appear in the sidebar, for added convenience, administrators can configure a default list of favorite applications.

In the Unity Touch sidebar, the favorite applications and favorite files that users specify are stored in the user’s profile. For non-persistent pools, enable Roaming Profiles.

To set the default list of favorite applications:

  1. Navigate to HKLM\Software\Wow6432Node\VMware, Inc.\VMware Unity
  2. Create a string value called FavAppList.
  3. Specify the default favorite applications using format: path-to-app-1|path-to-app-2|path-to-app-3|…. For example:
Programs/Accessories/Accessibility/Speech Recognition.lnk|Programs/VMware/VMware vSphere Client.lnk|Programs/Microsoft Office/Microsoft Office 2010 Tools/Microsoft Office 2010 Language Preferences.lnk

Unity Touch can be disabled by setting HKEY_LOCAL_MACHINE\Software\VMware,Inc.\VMware Unity\enabled to 0.

For more information, see Configure Favorite Applications Displayed by Unity Touch at VMware Docs.

Composer – Rearm

By default, when View Composer creates linked clones and runs QuikPrep, one of the tasks is to rearm licensing. You can prevent rearm by setting the following registry key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmware-viewcomposer-ga
    • SkipLicenseActivation  (DWORD) = 0x1

Dynamic PCoIP Policies

If you wish to change PCoIP Policies (e.g. clipboard redirection, client printers, etc.) based on how the user connects, see VMware Blog Post VMware Horizon View Secret Weapon. The article describes configuring VMware Horizon View Script Host service to run a script to change PCoIP configuration based on the Connection Server that the user connected through. Full script is included in the article.

VMware OS Optimization Tool

  1. See VMware Windows Operating System Optimization Tool Guide for details on this tool.
  2. Download the VMware OS Optimization Tool VMware fling.
  3. Run the extracted VMwareOSOptimizationTool.exe.
  4. On the Optimize tab, choose a template.
  5. Then click Analyze on the bottom of the window.
  6. On the Optimize tab, review the optimizations, and make changes as desired. Then on the bottom left, click Optimize.
  7. The History tab lets you rollback the optimizations.
  8. The Finalize tab contains tasks that should be run every time you seal your master image.

Additional Optimizations

Additional Windows 10 Optimizations

Additional Windows 7 Optimizations

Microsoft has compiled a list of links to various optimization guides.

It’s a common practice to optimize a Windows 7 virtual machine (VM) template (or image) specifically for VDI use. Usually such customizations include the following.

  • Minimize the footprint, e.g. disable some features and services that are not required when the OS is used in “stateless” or “non-persistent” fashion. This is especially true for disk-intensive workloads since disk I/O is a common bottleneck for VDI deployment. (Especially if there are multiple VMs with the same I/O patterns that are timely aligned).
  • Lock down user interface (e.g. optimize for specific task workers).

With that said the certain practices are quite debatable and vary between actual real-world deployments. Exact choices whether to disable this or that particular component depend on customer requirements and VDI usage patterns. E.g. in personalized virtual desktop scenario there’s much less things to disable since the machine is not completely “stateless”. Some customers rely heavily on particular UI functions and other can relatively easily trade them off for the sake of performance or standardization (thus enhance supportability and potentially security). This is one of the primary reasons why Microsoft doesn’t publish any “VDI Tuning” guide officially.

Though there are a number of such papers and even tools published either by the community or third parties. This Wiki page is aimed to serve as a consolidated and comprehensive list of such resources.

Daniel Ruiz XenDesktop Windows 7 Optimization and GPO’s Settings

Microsoft Whitepaper Performance Optimization Guidelines for Windows 7 Desktop Virtualization

Snapshot

  1. Make sure the master virtual desktop is configured for DHCP.
  2. If connected to the console, run ipconfig /release.
  3. Run antivirus sealing tasks:
  4. Base Image Script Framework (BIS-F) automates many image sealing tasks. The script is configurable using Group Policy.
  5. Shutdown the master virtual desktop.
  6. Edit the Settings of the master virtual machine and disconnect the CD-ROM. Make sure no ISO is configured in the virtual machine.
  7. Take a snapshot of the master virtual desktop. View Composer requires a snapshot.

Related Pages

137 thoughts on “VMware Horizon 7.13 – Master Virtual Desktop”

      1. Thank you, do you also have a fix for the new standard photo app? I cant even download apps from the store, because a gpo from the opt tool disable it. A roll back doesnt help.

  1. Hi Carl,

    I have been attempting to provision a new horizon Linked Clones Persistent desktop pool on vSAN for weeks now. I am running Windows 10 Enterprise Edition version 10.0 (Build 10240). I have followed your instructions to a T and the pool fails to initialize. The virtual machines(s) remain in the customization phase for over an hour until it eventually fails.

    When looking at the VM log files, I see a Customization Error 18 : Failed to join to the domain. When logging on to the cloned machine, I see that the computer is indeed joined to the domain and am able to logon to the server with domain credentials and access domain joined resources. The master VM for the pool is configured with DHCP, released IP address, correct settings on the agent, etc. I am using Quick Prep (not SysPrep). I have reviewed every article I can find leading to that specific error message and nothing is assisting with a resolution. Is there anything that stands out to you?

    I have disabled the windows firewall for testing purposes on all servers, verified that the proper ports are opened on Composer server and View Connection server and also ensure that the domain account in Horizon View possess the proper permissions. There is no DVD drive mounted to the master VM.

    I am working on getting the most recent copy of Windows 10, but it is taking some time through the proper channels. Could it simply be the compatibility of the Windows 10 build that I have? Or something else?

    I have been beating my head against the wall trying to get this to work. Please let me know if you can point me in the right direction. I sincerely appreciate your time.

  2. Is there a best practice for updating Gold Masters? We are having a problem with getting multiple ghosted VMDK’s and we have to consolidate often.

    Before creating new snaps we make sure that there are no existing connections for provisioned VM’s. Short of deleting the pool and recreating it, which we don’t want to do, we are kind of at a loss of how to prevent them.

    I have called VMware and they have not been any help as I keep getting sent from Tech support to Horizon View support then back to Tech support…..

      1. No, this is with the GM’s themselves

        As you know when you take a snapshot of a VM it creates a “delta” file with a name similar to the following:
        -000001.vmdk
        -000002.vmdk

        The number increments based on the number of snapshots.

        Our issue is that the number of Delta VMDK’s in the GM folder keep growing. For example

        If we have a GM with 2 snapshots you would expect to see three VMDK files, one for the primary and one for each snap. We have discovered that after updating our GM’s, and keeping the same number of snapshots, we will end up with multiple extra .VMDK files. The primary, the two from the original snaps, and up to two additional.

        So if the GM has 2 snaps we will end up with up to 5 VMDK’s. Before we noticed this issue we had some GM’s with 45 or 50+ VMDK Delta files.

        To clean them up we have to Storage motion the GM to a different datastore, and the run a consolidation. After storage motioning the GM a folder is left behind on the original datastore with multiple ghosted VMDK’s. These have to be deleted using the cmd line.

        I thought that I had a solution by having the people doing the updating disable the provisioning and the pools that are using that GM. Then making sure that all the provisioned machines are deleted and that there are not any existing connections to either of the pools that use the VM. However, this last round of updates resulted in ghosted VMDK’s again.

        JAMO

  3. Hi

    we have a problem with the sidebar in HTML5 access, the copy & paste window is not working anymore. It looks like it´s disabled and nothing happens if i click on it…how can i get this copy and paste window back?

Leave a Reply