This article details Horizon pool configuration for Virtual Desktops. RDS Farms and pools are detailed in a separate article at https://www.carlstalhood.com/vmware-horizon-7-rds-farmspools/.
Navigation
This post applies to all VMware Horizon 7 versions including 7.13 (ESB) and 7.10.3 (ESB).
- Change Log
- Non-Persistent – Instant Clone vs Composer
- Infrastructure Prep
- Floating (Non-Persistent) Desktop Pool
- Entitle Virtual Desktops
- Add Machine to Pool
- Update a Pool
- Host Maintenance – Instant Clones
Change Log
- 2019 Jul 6 – updated Horizon Console instructions for Horizon 7.9
- 2019 Jan 23 – Infrastructure Prep – added link to Upgrade Instant-Clone Desktop Pools at VMware Docs – if vCenter 6.7, must upgrade hosts to ESXi 6.7.
- 2018 June 7 – added Horizon Console instructions for creating an Instant Clone pool.
- Added Horizon 7.5 Desktop shortcut option to Category Folder in Pool Settings. Horizon Admin only (not Horizon Console).
- 2018 Mar 7 – in the Create Pool section, added link to Adam Gleeson’s limitations of VMware Horizon Virtual Desktop Session Collaboration
- 2018 Jan 28 – in Create Pool section, added link to Aresh Sarkari Automating Desktop Pool creation using PowerCLI – VMware Horizon 7.x
- 2018 Jan 7 – in the Create Pool section, added the Session Collaboration checkbox in Pool Settings.
Non-Persistent – Instant Clone vs Composer
In general, use Instant Clone, if possible. Here are some advantages of Instant Clone over Composer:
- No Composer server needed.
- Faster provisioning and recompose, and lower IOPS during these operations.
- If multiple datastores, rebalance is automatic.
- With Composer, rebalance is a manual operation.
- Composer features like Disposable Disks and disk space reclamation are not needed with Instant Clones.
Requirements for Instant Clones:
- Horizon Enterprise licenses
- All editions of Horizon 7.13 includes Instant Clone licensing. Since Composer was removed from Horizon 8, start migrating to Instant Clones.
- ESXi 6 Update 1 or newer
- Virtual Machine hardware version 11 or newer
- View Storage Accelerator must be enabled
Notes on Instant Clones:
- Horizon 7.9 and newer support delaying desktop refresh (not recommended), just like you can with Composer.
- Horizon 7.3 and newer support dedicated desktop pools.
- Horizon 7.1 and newer support Linked Clones for RDS Pools.
- The master VM snapshot is copied to every LUN containing instant clones. Composer does the same.
- Instant Clone pools create “Parent” machines on each ESXi host for each datastore. These “parent” machines are powered on and consume CPU/Memory/Disk resources. If you have six hosts and three datastores containing instant clones, then Horizon creates 18 parent virtual machines.
- For lower density pools, Horizon 7.13 supports Smart Provisioning, which eliminates the need for “Parent” machines when there are less than 12 single-pool VMs per host. See the Smart Provisioning YouTube video for an overview.
- Prior to Horizon 7.13, Instant Clone pools always create Parent machines no matter the size of the Instant Clone pool.
- Composer does not need parent virtual machines.
- Persistent disks are not supported with Instant Clones
- An alternative is VMware App Volumes Writable Volumes
- Persona is not supported with Instant Clones.
- See Instant-Clone Desktop Pools at VMware Docs.
- Also see VMware Technical White Paper VMware Horizon 7 Instant-Clone Desktops and RDSH Servers
Infrastructure Prep
- Each desktop pool points to one vSphere cluster.
- See 2150348 VMware Horizon 7 sizing limits and recommendations for maximum cluster size and maximum number of virtual machines per cluster.
- Ensure vSwitch has sufficient ports for the new virtual desktops.
- Instant clones require static port binding with the elastic port allocation. Do not change the port binding to ephemeral.
- Ensure the VLAN has enough DHCP addresses for the desktop pool.
- Lower the DHCP lease time too.
- DHCP should be highly available (e.g. Windows DHCP Failover)
- Enable DNS Scavenging.
- See 2005210 Unable to connect to linked clone pools after recomposing when using secure only dynamic updates with DNS to change permissions on DNS Zone so the virtual desktops can update their DNS records after a Push Image. 💡
- KMS Licensing is required – MAK licensing is not supported
- The virtual desktop pools will use the same hardware specs (e.g. vCPUs, memory size, network label, GPU) specified on the master virtual desktop. Adjust accordingly.
- The master image should be in the same vSphere cluster where the linked clone virtual desktops will be created.
- If Instant Clone:
- ESXi must be version 6 update 1 or newer
- Master VM must be version hardware version 11 or newer
- In Horizon Administrator, add Instant Clone Domain Accounts
- In Horizon Administrator, enable View Storage Accelerator on your vCenter connection.
- If you upgrade vCenter to 6.7, then you must upgrade your ESXi hosts to 6.7 at the same time. Afterwards, take a new snapshot of the master image and perform a push operation. See Upgrade Instant-Clone Desktop Pools at VMware Docs.
Disk space
- One or more LUNs (datastores) for storage of the virtual desktops.
- See 2150348 VMware Horizon 7 sizing limits and recommendations for maximum virtual machines per datastore.
- By default, Replicas are copied to each LUN that contains virtual desktops.
- It’s possible to place the Replica and the linked clones on separate LUNs. If you use a dedicated Replica LUN, then there is only one copy of the Replica no matter how many LUNs are used for storing virtual desktops.
- Note: NFS VAAI requires the Replica to be copied to each virtual desktop LUN.
- .vswp files – Plan for disk space for memory swap and graphics memory overhead. If the master virtual desktop has 4 GB of RAM configured and if none of its memory is reserved then each linked clone will have a 4 GB .vswp file.
- To reduce the size of the .vswp files, edit each virtual desktop and reserve its memory. Whatever memory is reserved will be subtracted from the .vswp file size.
- Linked clone Delta disks – Delta disks start small whenever the virtual desktop boots and grow until the virtual desktop is refreshed. To keep delta disks small, refresh the virtual desktops immediately after the user logs off. Otherwise, the delta disk could potentially grow to the same size as the C: drive.
- If Composer:
- Persistent disks can be used to store the user’s profile (but not user-installed applications). To enable Persistent disks, the pool must be Dedicated Assignment. You can place the persistent disks on a LUN that is separate from the linked clones LUN. How do you back up the persistent disks? A better option is to use VMware User Environment Manager instead of Persistent disks.
- Disposable disks. In Dedicated Assignment pools, you have the option of creating Disposable Disks. These disks are always stored with the virtual desktop (you can’t choose a dedicated disposable disk LUN). If you’re planning to frequently refresh the desktops, there’s no point in using Disposable disks.
Floating (Non-Persistent) Automatic Linked Clone Desktop Pool
Master Image Preparation
Do the following on the master image that the virtual desktops will link to:
- Video Memory – if Instant Clones, shut down the master, Edit Settings (hardware) in vSphere client, expand Video card, and set video memory. More video memory means more client monitors. The maximum number and maximum resolution of client monitors depends on the ESXi version, the Horizon version, and the Windows version with newest versions providing the greatest number of client monitors. For example, Horizon 7.9 supports six monitors in Windows 10 version 1803 and later.
- DHCP – Make sure the master VM is configured for DHCP.
- Join domain – Join the master VM to the domain.
- Computer Group Policy – Make sure the Master VM is in the same OU as the Linked Clones so the Master VM will get the computer-level GPO settings. Run gpupdate on the master after moving the VM to the correct OU. New Instant Clones do not immediately refresh group policy so the group policy settings must already be applied to the master VM. See VMware 2150495 Computer-based Global Policy Objects (GPOs) that require a reboot to take effect are not applied on instant clones.
- KMS Licensing is required.
- Provisioning Agent – When installing Horizon Agent, select the imaging component you intend to use. You can install Instant Clone, or Composer, but not both.
- All editions of Horizon 7.13 includes Instant Clone licensing. Since Composer was removed from Horizon 8, start migrating to Instant Clones.
- If Instant Clone, Persona must be disabled.
- Snapshot – Shut down the master image and take a new snapshot.
Floating Pool – Horizon Console
In Horizon 7.5 and newer, you can use the new Horizon Console (https://ConnectionServerFQDN/newadmin) to create an Instant Clone pool.
In Horizon 7.8 and newer, you can use the new Horizon Console (https://ConnectionServerFQDN/newadmin) to create a Composer pool, including Persistent Disks.
If prefer to use Horizon Administrator, then skip ahead to Floating Pool – Horizon Administrator.
- Login to Horizon Console (https://ConnectionServerFQDN/newadmin)
- On the left, under Inventory, click Desktops.
- In Horizon Console 7.10 and newer, on the right, if you select an existing pool, you can click Duplicate to copy the settings to a new pool.
- On the right, click Add.
- In the Type page, select Automated desktop pool.
- In the vCenter Server page, select Instant Clone, select a vCenter server, and click Next.
- In the User Assignment page, select Floating, and click Next.
- In the Storage Optimization page, if you want to use storage tiering, check the box for Select separate datastores for replica and OS disk. Click Next.
- In the Desktop Pool Identification page, do the following:
- Give the pool a unique ID, which is not shown to the users. Horizon creates a vCenter VM folder with the same name as the Pool ID.
- Enter a Display name, which is shown to the users.
- If you intend to use Identity Manager, then leave Access group set to /. Otherwise, if you intend to delegate administration of this pool, then select an Access group that the delegated administrators have been assigned to.
- Click Next.
- In the Provisioning Settings page, do the following:
- in Virtual Machine Naming, enter a Naming Pattern. You can use {n:fixed=3} to specify the location for incremented numerals in the machine names. Make sure the naming pattern does not conflict with any existing machines.
- In Desktop Pool Sizing, enter the maximum number of desktops to create. Ensure that the DHCP scope has enough addresses for the Max number of desktops specified here.
- Select Provision all machines up-front to create all of the machines now.
- Or select Provision machines on demand, which tells Horizon to create the machines (up to the maximum) as users connect.
- If you’re not creating all machines up-front, then specify the Number of spare (powered on) machines. As users connect, Horizon creates more machines to try to keep this number of spare machines running and waiting for a new connection.
- Click Next.
- In the vCenter Settings page, most of these are self-explanatory. Click Browse next to each option, and make your selection.
- If the Parent VM (aka Master VM) is not showing up in the list, then check the box next to Show all parent VMs and click the … next to the VM to see the issue.
- Instant Clones monitors/resolution – If Instant Clones, the number of monitors configured on the Master Image (snapshot) is displayed. If not correct, delete the snapshot, edit the master VM’s Hardware Settings, expand video card, make your desired changes, and take another snapshot.
- Scroll down for more settings.
- Datastores – select one or more datastores on which the virtual desktops will be placed.
- If you selected to put Replica on a different datastore, then you’ll have another Browse button for Replica disk datastores.
- If you selected to put Replica on a different datastore, then you’ll have another Browse button for Replica disk datastores.
- When selecting Networks, you can use the Network from the parent image, or uncheck the box and select a different network.
- Click Next when done.
- In the Desktop Pool Settings page:
- You can select a Category Folder where the published icon will be placed on the client’s Start Menu and/or Desktop. This applies to Horizon Client 4.6 and newer. See Create Shortcuts for a Desktop Pool at VMware Docs.
- Change the selection to Select a category folder from the folder list.
- You can type in a new category, or select an existing one.
- Newer versions of Horizon have an option to put the icon on desktop or Start Menu.
- Then click Submit.
- In the Desktop Pool Settings page, Horizon 7.9 and newer let you select a Session Type, which means you can optionally publish applications from virtual desktops.
- Change the selection for Automatically logoff after disconnect to After, and specify a disconnect timer.
- Note: In Horizon 7.10 or newer, you can also use Group Policy to configure this. The GPO overrides the pool setting. Install the Horizon 7.10 GPO Templates if you haven’t already. Edit a GPO that applies to the Horizon Agents. Find the Disconnect Session Time Limit (VDI) setting at VMware View Agent Configuration > Agent Configuration.
- Horizon 7.10 also has an Idle Time Until Disconnect (VDI) for virtual desktops. RDSH idle timer is configured using Microsoft RDSH GPO settings, not Horizon GPO settings.
- Note: In Horizon 7.10 or newer, you can also use Group Policy to configure this. The GPO overrides the pool setting. Install the Horizon 7.10 GPO Templates if you haven’t already. Edit a GPO that applies to the Horizon Agents. Find the Disconnect Session Time Limit (VDI) setting at VMware View Agent Configuration > Agent Configuration.
- You can allow users to restart their machines.
- If you choose Dedicated assignment instead of Floating assignment, there’s an option for Refresh OS disk after logoff. Leaving it set to Always is strongly recommended. The other options cause the delta disk to grow, and will cause data loss surprise for the users when you later push a new image. Instant Clones floating assignment pools always refresh on logoff.
- Reclaim VM disk space is also an option for Dedicated assignment pools. Floating assignment pools always refresh on logoff so there’s no need to reclaim disk space.
- You can select a Category Folder where the published icon will be placed on the client’s Start Menu and/or Desktop. This applies to Horizon Client 4.6 and newer. See Create Shortcuts for a Desktop Pool at VMware Docs.
- Click Next.
- In the Remote Display Settings page:
- In 3D Renderer, there’s an option for NVIDIA GRID VGPU if you have GPUs installed.
- Check the box next to HTML Access.
- There’s an Allow Session Collaboration checkbox, which adds a VMware Horizon Collaboration icon in the system tray of the remote desktop, which lets you invite users to collaborate. See Session Collaboration for details.
- Click Next.
- In the Guest Customization page,
- Next to AD container, click Browse, and select the OU where virtual desktop computer objects will be placed. You can type (paste) into the AD container field.
- Consider checking the box next to Allow reuse of pre-existing computer accounts.
- Next to AD container, click Browse, and select the OU where virtual desktop computer objects will be placed. You can type (paste) into the AD container field.
- Click Next.
- In the Ready to Complete page, you may entitle users now, or leave it unchecked and to it later. Click Submit.
If you opted to add entitlements now:
- In the Add Entitlements window, click Add.
- Find a group that will have permission to log into these desktops, and click OK.
- Then click OK.
To check the status of the virtual desktops:
- Go to Inventory > Desktops.
- You might have to click the refresh icon on the top right to see the new pool.
- Click the link for the pool name.
- On the Summary page, if you scroll down, the vCenter Server section has a State field where you can see the status of the pool creation process. It takes several minutes to publish the master image snapshot. After the snapshot is copied to the Replica, vSphere creates a digest file for View Storage Accelerator, which takes a few more minutes.
- Horizon Console 7.11 and newer has a Pending Image progress bar that doesn’t update automatically. To refresh it, scroll up and click the refresh icon.
- You can watch the progress in vSphere Client’s Recent Tasks list.
- Eventually the pool’s tabs named Machines and Machines (InstantClone Details) will show the new machines.
If you wish to automate the creation of the pool, Aresh Sarkari at Automating Desktop Pool creation using PowerCLI – VMware Horizon 7.x explains New-HVPool -spec 'C:\temp\DesktopPool\LinkedClone.json'
and the contents of the JSON file.
Floating Pool – Horizon Administrator
- In View Administrator, on the left, expand Catalog, and click Desktop Pools.
- On the right, you can clone an existing pool. This action copies many of the settings from the existing pool into the new pool.
- Or just click Add.
- In the Type page, select Automated Desktop Pool, and click Next.
- In the User Assignment page, select Floating, and click Next.
- In the vCenter Server page, select either Instant clones, or View Composer linked clones.
- All editions of Horizon 7.13 includes Instant Clone licensing. Since Composer was removed from Horizon 8, start migrating to Instant Clones.
- Select the vCenter server, and click Next.
- Pool name – In the Desktop Pool Identification page, enter a name for the pool. Horizon creates a vCenter VM folder with the same name as the Pool ID.
- Display name is the name of the icon displayed in Horizon Client.
- Access Group – Assign the pool to an Access group to restrict delegated administration. Note: If you intend to integrate with VMware Identity Manager (aka Workspace ONE), then make sure you select the root (/) Access group. Other Access Groups won’t work. Click Next.
- In the Pool Settings page, do the following:
- Horizon 7.3 lets you select a Category Folder where the published icon will be placed on the client’s Start Menu. This applies to Horizon Client 4.6 and newer. See Create Shortcuts for a Desktop Pool at VMware Docs.
- Horizon 7.5 adds an option to put the shortcut on the endpoint’s Desktop.
- Change the selection for Automatically logoff after disconnect to After, and specify a disconnect timer.
- If View Composer, change the selection for Delete or refresh desktop on logoff to Refresh Immediately. Instant Clones always refresh after logoff.
- Horizon 7.1 and newer allows users to restart machines gracefully, instead of a reset.
- Scroll down.
- In the Remote Display Protocol section, select a Default display protocol. New in Horizon 7 is VMware Blast.
- In Horizon 7.3.1 and newer, if you set the Default display protocol to PCoIP, then HTML5 Blast won’t work unless Allow users to choose protocol is set to Yes. See VMware Communities Upgraded from 7.0.1 to 7.3.1, getting “You cannot access your applications or desktops”… error.
- Composer and Instant Clone have different options for 3D Renderer. Horizon 7.1 adds an option for NVIDIA GRID VGPU when creating Instant Clones.
- Monitors/Resolution – If Composer, increase the number of monitors and resolution. This causes more video memory to be allocated to the VMs. If Instant Clone, these settings are configured on the Master VM’s settings in vSphere Client.
- Check the box next to HTML Access.
- Horizon 7.4 adds the Allow Session Collaboration checkbox, which adds a VMware Horizon Collaboration icon in the system tray of the remote desktop, which lets you invite users to collaborate. See Session Collaboration for details.
- Click Next.
- Horizon 7.3 lets you select a Category Folder where the published icon will be placed on the client’s Start Menu. This applies to Horizon Client 4.6 and newer. See Create Shortcuts for a Desktop Pool at VMware Docs.
- In the Provisioning Settings page, enter a naming pattern. You can use {n:fixed=3} to specify the location for the incremented numerals. Make sure the naming pattern does not conflict with any existing machines. Note: Instant Clones does not support manual machine names.
- Enter the maximum number of desktops to create. You can create all of them now or wait to create them as users connect. When a user connects to one of these desktops, Horizon immediately creates another desktop (up to the maximum) and powers it on.
- In Horizon 6.2 and newer, the maximum number of desktops per pool is 2,000. Ensure that the DHCP scope has enough addresses for the Max number of desktops specified here.
- Enter the number of spare (idle, unassigned, unused) desktops you want powered on. Horizon maintains this number up to the maximum number of desktops.
- Click Next.
- If Horizon Composer, in the Disposable File Redirection page, select Do not redirect disposable files, and click Next. Since we’re refreshing the desktops on logoff, there’s no need for a separate disposable disk.
- In the Storage Optimization page, if you want to use storage tiering, check the box for Select separate datastores for replica and OS disk. Click Next.
- In the vCenter Settings page, most of these are self-explanatory. Click Browse next to each option, and make your selection.
- Horizon 7.1 adds the ability to select multiple Networks for the Instant Clones.
- If the Parent VM is not showing up in the list then check the box next to Show all parent VMs and click the … next to the VM to see the issue.
- Instant Clones monitors/resolution – If Instant Clones, the number of monitors configured on the Master Image (snapshot) is displayed. If not correct, delete the snapshot, edit the master VM’s Hardware Settings, expand video card, make your desired changes, and take another snapshot.
- Datastores – select one or more datastores on which the virtual desktops will be placed.
- If Composer – select your Storage Overcommit preference. Since you are refreshing desktops on every logoff, they should stay small, so Unbounded is probably acceptable. VMware recommends no more than 140 virtual desktops per VAAI-enabled LUN. If the LUN is not VAAI enabled, 64 is the maximum. If Instant Clone, Unbounded is the only option. Click OK when done.
- For Select Replica Disk Datastores, select one datastore for the replica, and then click OK.
- Then click Next.
- If Instant Clone, View Storage Accelerator and Transparent Page Sharing are enabled by default and can’t be disabled. Storage reclamation doesn’t make sense for Instant Clone.
- If Composer, in the Advanced Storage Options page, be aware of the following:
- View Storage Accelerator creates digest files, which consumes disk space. Creation of the digest files requires IOPS. Make sure to set the blackout times so that this digest creation does not happen during peak hours.
- Reclaim VM disk space is not useful for non-persistent desktops.
- If you scroll down, there’s a new Transparent Page Sharing Scope. The default is no sharing. Use one of the other options to enable sharing. Click Next.
- In the Guest Customization page, next to AD container, click Browse, and select the OU where virtual desktop computer objects will be placed. Horizon 7.3 lets you type (paste) into the AD container field.
- Consider checking the box next to Allow reuse of pre-existing computer accounts. Click Next.
- In the Ready to Complete page, you may entitle users now or later. Click Finish.
- To check the status of the virtual desktops, go to Catalog > Desktop Pools.
- Double-click the pool name.
- If you scroll down, the vCenter Server section has a State field.
- vSphere Client shows recent tasks.
- On the Inventory tab, click Machines (View Composer or InstantClone Details). There’s a refresh button.
- You can also view the status of the desktops by looking at the Dashboard.
- Your VMs should eventually have a status of Available.
- If you encounter issues with View Composer, see VMware 2087379 VMware Horizon View Composer help center
- If Instant Clone, the Master VM and the snapshot used by the Instant Clones must not be deleted.
Entitle Virtual Desktops
Horizon Console
This section uses the new Horizon Console to add a entitle a Desktop Pool. If you prefer to use Horizon Administrator, then skip to the next section.
To make a pool accessible by a user, it must be entitled.
- In Horizon Console (https://ConnectionServerFQDN/newadmin), go to Inventory > Desktops.
- Click the link for a pool name.
- On the Summary tab, click the Entitlements drop-down, and then click Add entitlement. Or you can go to pool’s Entitlements tab and add from there.
- In the Add Entitlements window, click Add.
- Find a group that will have permission to log into these desktops, and click OK.
- Then click OK.
Horizon Administrator
To make a pool accessible by a user, it must be entitled.
- Go to Catalog > Desktop Pools.
- Double-click the pool name.
- On the Summary tab, click Entitlements, and then Add entitlement.
- In the Add Entitlements window, click Add.
- Find a group that will have permission to log into these desktops, and click OK.
- Then click OK.
- For a Persistent pool, go to the Inventory tab to see the desktops. Select a desktop and under More Commands click Assign User.
- Find the user and click OK. Repeat to assign users to additional desktops.
Add Machine to Pool
Horizon Console
This section uses Horizon Console to add a machine to an Instant Clone Pool. If you prefer to use Horizon Administrator, then skip to the next section.
- In Horizon Console (https://ConnectionServerFQDN/newadmin), on the left, expand Inventory, and click Desktops.
- On the right, highlight an existing Desktop Pool, and click Edit.
- Switch to the Provisioning Settings tab, scroll down, and change the Max number of machines. Then click OK.
- With Instant Clones, this won’t take very long.
- If you open the pool, the tabs named Machines and Machines (InstantClone Details) show the new machines.
Horizon Administrator
- On the left, expand Catalog, and click Desktop Pools.
- On the right, highlight an existing Automated Desktop Pool, and click Edit.
- Switch to the Provisioning Settings tab, and change the Max number of machines. Then click OK.
- With Instant Clones, this won’t take very long.
- With Composer, it might take a few minutes for the machine to boot a couple times while running QuickPrep.
- The pool now has new machines.
Update a Pool
Master Image Preparation
- Power on the master/parent virtual desktop.
- After making your changes, shut down the master virtual desktop.
- Right-click the virtual machine and take snapshot. You must create a new snapshot.
- You’ll need to periodically delete the older snapshots. Right-click the master VM, and click Manage Snapshots.
- Delete one or more of the snapshots.
Horizon Console
This section uses Horizon Console. If you prefer Horizon Administrator, then skip to the next section.
- In Horizon Console, go to Inventory > Desktops.
- Click the link for a pool name.
- For Instant Clones, on the Summary tab, click Maintain, and then click Schedule.
- In the Image page, select the new snapshot. Notice the snapshot’s monitor/resolution settings. Click Next.
- In the Scheduling page, decide when to apply this new image. If you select Force users to log off, notice you can customize the logoff message in Global Settings. Click Next.
- In the Ready to Complete page, click Finish.
- The pool’s Summary tab, near the bottom, indicates that the image is being pushed.
- You can click the tab named Machines (InstantClone Details) to check on the status of the push task. Notice the Pending Image.
- The snapshot is copied to each datastore.
- The snapshot is attached to a Replica, powered on, then powered off. Digest is then computed.
- Then the Replica is attached to a parent, and the parent is powered on. This all takes a bit of time. But the existing Instant Clones remain accessible until the Replica preparation is complete.
- Once Replicas are prepared, each machine is rebooted once.
- Eventually the Pending Image field will be cleared and the desktops are available again.
Horizon Administrator
- In View Administrator, go to Inventory > Pools.
- Double-click a pool name.
- For Instant Clones, on the Summary tab, click Push Image, and then click Schedule.
- Or if Composer, click View Composer, and then click Recompose.
- In the Image page, select the new snapshot. Notice the snapshot’s monitor/resolution settings. Click Next.
- In the Scheduling page, decide when to apply this new image, and then click Next.
- In the Ready to Complete page, click Finish.
- On the Inventory tab, you can click Machines (InstantClone Details) or Desktops (View Composer Details) to check on the status of the push/recompose task. Notice the Pending Image.
- For both provisioning methods, the snapshot is copied to each datastore.
- For Instant Clone, the snapshot is attached to a Replica, powered on, then powered off. Digest is then computed. Then the Replica is attached to a parent, and the parent is powered on. This takes a bit of time. But the Instant Clones remain accessible until the Replica preparation is complete.
- Once Replicas are prepared, for Instant Clones, each machine is rebooted once. While with Composer, each virtual machine is rebooted three times, which can be painful. Composer consumes considerable IOPS and time during Recompose operation. To speed up Recompose, switch to Instant Clones.
- Eventually the Pending Image field will be cleared and the desktops are available again.
Host Maintenance – Instant Clones
In Horizon 7.1 and newer, ESXi hosts running Instant Clones can be placed into maintenance mode without any special instructions.
Instant-Clone Maintenance Utilities at VMware Docs:
- IcUnprotect.cmd – use this utility to unprotect folders and VMs, delete VMs, and detect VMs whose master image or snapshot is deleted.
- IcMaint.cmd – This command deletes the master images, which are the parent VMs in vCenter Server, from the ESXi host, so that the host can be put into maintenance mode. In Horizon 7.0.3, this utility is the only method to prepare a Instant Clone ESXi host for maintenance mode. Also see VMware 2144808 Entering and exiting maintenance mode for an ESXi host that has Horizon instant clones.
- IcCleanup.cmd – use this utility to unprotect and delete some or all of the internal VMs created by instant clones. This command is available in Horizon 7.10 and newer.
Related Pages
- Back to VMware Horizon 7
If a user installs an application on a non persistant VDI in horizon 7 ,is it possible to see event in a log file somewhere?
MSI app installs usually write to Event Log. Other apps might install only to the user’s profile, and you would need a change detection tool to see them.
that event wouldnt be recorded in the connection server logs?
No. It would be on the Horizon Agent machine. You could install an Event collection tool (e.g., Splunk) and then search your syslog for the event.
Is it possible to tell what cp-template virtual machines in vcenter are asociated with which instant clone VDI pools or RDSH Farms?
I think iccleanup can show you https://docs.vmware.com/en/VMware-Horizon/2309/virtual-desktops/GUID-6025D684-2E05-4857-9C24-18F16DDC38FD.html
Is there a way to find out why when completing an install the adding to pool fails?
Are you building a manual machine that goes in a manual pool? If so, you need to manually add it to the manual pool.
Otherwise, what issue are you seeing?
We’re having problems activating instant clones on 7.13 after switching from Composer. Yes, using KMS server and quickprep. Any advice or things to check?
Active directory-based activation is more reliable than KMS.
Hello,
I hust want to ask a question.
I’m working with linked clones, so each user have it’s persistent disk D:\.
I want to share persistent disk only to domain admins. Is this possible? and how can I achieved that?
Actually I already tried a lot. The best way (and maybe the easiest way for me) is with a powershell script, which first share the D:\ to “everyone”, and then grant full access to “domain admins”, and remove access from “Everyone”. But since it’s need administrators privilages, cannot run through GPO at user logon (Logon script).
Any thoughts or different approaches?
Thank you
DEM has a Privilege Elevation feature.
Computer startup scripts run as local system.
Isn’t D$ already shared?
I’m not using DEM.
I’ve tried computer startup scripts without any luck. My script is working when I run it manual on user’s vdi using my credentials when prompt, so it’s not script’s issue.
I don’t know what I’m doing wrong.
No, it’s not!
Thanks for the detailed article. I’ve been having issues with spin off new VDIs. the newly provisioned VDI has the hostname of Master Image. What could be possibly the issue here.
Horizon 7.12
Windows 10 20H2
Rejoining domain
Renaming Master image
flush dns
ipconfig release
Change NIC to E1000 o vmxnet 3
all these are tried
Carl,
Your articles have been so helpful – thank you. I am sure you have encountered this issue so I am hoping you can help!
Microsoft released a patch about 6 months ago that disables the local administrator account on Windows machines after sysprep. This is completely stopped me from being able to provision new machines with view composer. I have created another local administrator account and configured the customization template to use this account for sysprep. However, when I provision the VMs with a snapshot using this account, the customization hangs for hours and eventually fails. When logging on to the newly provisioned VM that is stuck in customization with the local administrator account, the first logon does nothing – it returns me to the logon screen. I logon a second time and it is successful. The first thing I check is the computer name and see that it is the same as the parent VM. It does not change to the computer name defined in the Horizon desktop pool creation settings.
When I provision VMs without the cumulative update and with the regular local administrator account, everything works seamlessly. The computer name changes, computer is joined to the domain as expected and the customization is successful.
To summarize: When I install the patch and run a recompose, the customization fails because the administrator account is disabled during sysprep.
When I do not have the patch installed and use built in local administrator account, guest customization renames VM as expected, joins computer to domain, and customization successful.
When use a new local administrator account for guest customization, the computer name is not changed and the computer is not joined to the domain.
I need to get this working using the recent cumulative updates as this is Microsoft’s way forward for security. Do you have any ideas on how to work around this ? Anything creative I can try? This has been the bane of my existence for months.
Horizon View 7.13
Windows 10 2004
Patch that breaks everything: KB5001330 (previous CUs up to about 6 months ago also do the same thing and disable the built-in administrator account regardless of what the name is, renaming it does not change the behavior. It still gets disabled, likely a registry setting disabling the built-in admin)
UAC is disabled in registry
I would SINCERELY appreciate any tips you might be able to share. Not being able to patch our machines is no bueno.
THANK YOU!!
Are you using a custom sysprep.xml file?
Does your image have an existing “C:\Windows\Panther\unattend.xml”?
Yay! Thank you for responding!! No to custom sysprep.xml. Using a regular customization template from vCenter.
I do have an unattend.xml. Do I need to make any changes to it?
true
true
SkipUserOOBE> tue
1
In looking at the XML, it shows the administrator account as “Administrator” – not the new one that I created. Is the VMware customization template supposed to update it? I see the password is updating here but no the administrator account.
Thanks again!
Try deleting the unattend.xml and then try again.
In looking at the parent VM, there is no unattend.xml. It is being created when vCenter composes the new VM. So the parent VM has no unattend.xml, but the newly composed vm does. Not sure what to do about this one
I am trying a custom answer file now. I manually set the administrator account to the new admin account rather than the built in admin as windows automatically disables it now and it cannot be used for guest customization
I copied the unattend.xml from a VM that was provisioned by vCenter and updated the admin name. Only issue I see is that that the answer file has the vm name embedded. Will every VM in the pool be named with this computer name? They need to have unique names.. Will Horizon rename the computers based on the desktop pool settings? Or will it take from the answer file? Can I just delete the computername line in the answer file?
Hey Carl- it’s been several months of troubleshooting and there’s still no way around this. I could really benefit from your expertise. Installing any of the Windows 10 patches disable the local built-in administrator account which prevents provisioning VMs completely. It appears that Horizon can only use the original built-in account. You can’t create another administrator account and set that in the customization settings, that still fails. Custom answer files fail. Everything fails. Super defeated. Surely I cannot be the only one who has experienced this issue. Have you heard of this before or maybe some sort of fix?
Really really appreciate your help…
Are you able to create a new local admin account? If the machine is domain-joined, can you login with a domain account that has local admin privileges?
See https://kb.vmware.com/s/article/2034622
Hi Carl,
I can create a new admin account and assign that to the vCenter policy used for provisioning, but it fails. Horizon will ONLY complete customization when using the built-in administrator account. So essentially, all of the cumulative updates from Microsoft post April 2021 disable the built in administrator account and thus Horizon will never work again.
I did a few things to make it further….. I was able to run a batch file via a scheduled task with the new administrator account that re-enables the build-in administrator account at startup. Took some finess but eventually got it to execute. Boom – one problem solved. But then there was another problem. For some reason, you needed to logon twice. Meaning, you are prompted at the logon screen to login with the administrator account, you type in password, logon, it spins, then returns you to the logon screen. Doing some research, I found this fix: https://blog.techinline.com/2017/10/18/how-to-fix-double-login-issue-on-windows-10-fall-creators-update/
I applied that and the double logon went away. AND the built in administrator account was enabled at boot – so I thought I was in the clear. Wrong. Did another reprovision, and it fails again. There are no errors in any logs showing why. I logon to one of the VMs that is stuck in customization (eventually fails) and it still has the same name as the parent VM. Meaning View Composer was never able to logon after systprep and run any customization.
Normally (before installing the patch then reenabling the admin account via batch file…..) it performs the recompose without issue.
I have also disabled UAC if that helps… I am really vexed here. This problem has been a plague ever since Microsoft including disabling the built in admin with the patch…. Do you happen to know of any logs I can pull that might be helpful? I have checked the VMware logs on the VM that fails, the Horizon logs, and View Composer logs. They’re not very intuitive. There is no information available online for this. Have you heard about this issue at all before? I have a hard time thinking I am the only one to ever install this patch and use Windows 10 2004 with Horizon 7.13.
Thanks for bearing with me and for the help.
Hello, I’m having problems when the horizon connection server or the entire esxi shutdown. Currently testing so all vm and server are virtualize in the same esxi server. So when the esxi reboots everything goes down. And when it comes back up. All the desktop pool seems to get agent unknown status or the error status. It will not connect to the horizon connection server once everything comes back on. What should I look for to find out why the status become unknown or error? I’ve tried to deploy a new desktop pool but get the same thing. I tried to update and reinstall the agent still no connection. It seem my only solution currently is reinstalling the horizon connection server then I’m able to create a new desktop pool and the agent communications is back to available. What should I check? This happens when horizon connection server restarts. Thank you
Hi Carl,
Do you have step by step procedure also in managing user profile for VDI floating assignment?
My preference is FSLogix. See https://www.carlstalhood.com/horizon-group-policy-and-profiles/#roamingoverview
Carl,
Great post as usual. We made the switch to instant clones, however we have noticed our clones are losing AD Trust everyday. AD team says they do not see anything unusual, is there any other settings I should check?
Dear Carl,
We are running vmware horizon 7.12 with linked clones, with 3 datastores, 1000 machines. Some of the machines are showing two datastores and their persistant and disposable disks are in one datstore and Os disk is in another datastore. Other machines showing 1 data store and both disposable and Os disks are on one data store. I just need to check which option is better why their are two behaviours. All pools settings are same.
Can you please guide how to fix this issue. Do we need to keep Persistant, dsiposable and Os disk on the same store and how.
For current machines where disks are in different data stores how to fix them.
Many thanks
If you edit the pool, there are settings for “Select separate datastores for persistent and OS disks” and “Select separate datastores for replica and OS disks”.
Using linked clones for persistent machines is not advisable. If you want to keep all of the applications and settings, then I would right-click each linked clone and clone it to a new full clone. Then add the full clones to a manual pool. Delete the linked clones when done.
If you don’t care about retaining apps and settings, then simply delete the pools and recreate them.
Instant clone master VM with “Reserve All Guest memory” option enabled. When we create a new instant clone pool, all the cloned VM’s created using the master VM snapshot are creating without “Reserve All GuestMemory” option. Is there a way to achieve this ? Does Post-synchronization script option will help ?
Hello. I’m currently working on a VMware Horizon 7 Administrator (7.12.0 build – 15770369) system and I do not see the option in step 30 to select an Organizational Unit in Active Directory. Is that no longer an option?
Hi Carl,
First of all, great blog!
I’m trying to set up a master image for a Horizon 7.51 linked clones pool and have a few questions.
1. Should i run quick prep from the generalize tab in the OS optimization tool before i finalize and recompose pool? Or is it enough with the quick prep that runs during recompose?
2. Should i join the master image to the domain? I can see benefits from doing so but also problems that can arise.
The new Finalize tab is intended to be run when sealing your master image for a Recompose. QuickPrep just changes the machine name and joins it to the domain.
I usually join the master to the domain so computer-level group policies are applied so I can avoid timing issues later on the linked clones.
Thank for the reply!
Right now to join golden image to the domain is the only way that works. If I don’t join it to the domain, and then recompose, the local administrator account stays logged in to the console session of the machine and blocks other users to log in. Maybe it’s some pool setting I missed or a quick prep issue.
If possible pls create post about Horizon ADAM And how to back and restore and horizon config and how replication works that’s would very helpful and if it’s already created pls help me with the link
All Connection Servers in a single pod automatically replicate their ADAM with each other.
Each Connection Server automatically dumps the LDAP database to disk every day. Go to Horizon Console > Servers > Connection Server > Edit > Backup tab.
Hello,
would it be possible to have your advice, about a vm master in windows 10.
What is the recommended order for installating the products bellow :
Vmtools
View agent 7.11
App volume agent
Dem agent
Nvidia tesla drivers (m10)
See https://kb.vmware.com/s/article/2118048. GPU is usually installed last.
Is it possible to push an image to a group of machines within a desktop pool instead of the entire pool?
I pushed an image previously while users were logged into the desktop. I just made another change to the image and need to push it to the pool again but cannot because of the pending operation. There are about 10 desktops available that were updated originally. Is there a way to select those 10 and push the new image to?
Hello, Carl.
Is there a maximum number of desktop pools that can be created in Horizon 7?
So what we’re talking about here is not a VM, but a VM-in-the-box desktop pool.
It’s an automated pool.
If i create farm in 2 local datastores (2 esxi hosts), and Horizon create vm on only one datastore.
What happend if this host fault ? Horizon automate re-create vm on second host ?
Automated farm? Did you select both datastores in the farm? Is your gold image on shared storage accessible from both hosts?
Hello Carl,
I am trying to get a better understanding of how the “Desktop Pool Sizing” and “Provisioning Timing” settings work and hoping you can help.
We are considering changing the Provisioning Timing to “Provision machines on demand” instead of “Provision all machines up-front” but am struggling with what “Provision machines on demand” actually means.
Lets say we have a total/max of 30 machines for the pool with the number of spare (powered on) machines being 15. What would the Min number of machines under Provision machines on demand need to be?
Also, what is the “Best Practice” for Provisioning Timing – on demand or up-front? Since the Instant Clones machines are created so quickly, why would we NOT use on demand?
Thank you for your input!
The main concern with “on demand” is capacity planning. If you have hardware assigned for virtual desktops, why not consume the hardware now? Or if you don’t have enough hardware for the maximum number of machines, do you want to allow Horizon to create machines without your approval?
I think “spare” machines regards the number of machines powered on and not necessarily the number of machines that it creates. I think it creates “minimum” or “spare”, whichever is larger, up to the maximum.
Hello,
Is there a Best Practice for Provisioning Timing, whether the desktops are on demand or up-front?
For on-prem hardware, it depends if your hardware is dedicated to one pool or not. If so, then I would provision up front. If there’s variability in usage of your pools then on-demand might be more appropriate.
For Instant Clone – do we need to join the Parent vm to Domain ? can I try Instant clone with Windows 10 trial edition ?
The actual instant clones will certainly be joined to the domain. I usually join the master to the domain.
I think QuickPrep tries to rearm KMS licensing. You might have to turn that off.
Hi, thanks so much for putting iit together. When I am looking to create the pool. I do not see the “Instant Clone” as an option. the only option I see is “Full virtual machines. This is when I go to add pool and on second step “vcenter server” . Any help would be appreciated. Running vsphere 6.5 / horzion 7.5
What is your Horizon licensing? Enterprise Edition?
Did you configure an Instant Clone Domain Admin?
Hi Carl,
I did configure the Instant Clone Domain Admin. I do have an enterprise license. however when I go to the horizon 7 admin page I am seeing a number of options as “Disabled”. Guess I will have to get vmware involved. Thank you for the quick response
I had the same issue, I had to go to the admin console and apply the enterprise licensed.
Nice article , but still confused about where to store user profiles and data .. is it OK to store it on SAS 15 K and replica on SSD, and if i used Persona how to avoid IOPs issue?
Hi Carl,
I need your input for unmanaged desktops using Manual pool..basically to access it from outside of the network.
I have followed all the guidelines and still cannot connect to the desktops.
Here is what I have done:
1. Install the agent on the machine.
2. Entered outside VIP(Site for connection servers) not the connection server. The agent suggested to add some ports to Netscaler.
3. Added all the ports to the VIP (blaster, 389, 3389, and others)
4. Created a manual pool and added only one machine
5. Added entitlement
6. Everything looked good, the desktop got published
7. Tried to access it and couldn’t.
What am I missing?
As always, your input is greatly appreciated.
Cheers
“Like Composer, the master VM snapshot is copied to every LUN containing linked clones.” is it right?
Are you asking about Instant Clones? If you don’t choose separate datastore for Replica, then yes. This also applies to Composer. https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/techpaper/vmware-horizon-view-instant-clone-technology.pdf#page6