VMware Horizon 2309: Master Virtual Desktop

Last Modified: Oct 30, 2023 @ 4:11 am

155 Comments

Navigation

Use this post to build a virtual desktop that will be used as the parent image (aka source image, aka master image, aka gold image) for additional virtual desktops. There’s a separate article for RDS Session Host.

This post applies to all VMware Horizon versions 2006 (aka 8.0) and newer.

💡 = Recently Updated

Change Log

Virtual Hardware

Lieven D’hoore has a desktop VM build checklist at VMware Horizon View – Windows 10 Golden Image Creation

  1. The virtual desktop pools will use the same hardware specs (e.g., vCPUs, memory size, network label) specified on the master virtual desktop. Adjust accordingly.
  2. For New Hard disk, consider setting Thin provision.
  3. Make sure the virtual desktop is using a SCSI controller.
  4. The master virtual desktop should be configured with a VMXNET 3 network adapter.
  5. When building the master virtual desktop, you will probably boot from an ISO.
  6. Before using Horizon Administrator to create a pool based off of this master image, ensure the CD/DVD drive points to Client Device and is not Connected. The important part is to make sure ISO file is not configured.
  7. There’s no need for the Floppy drive so remove it.
  8. If you have any Serial ports, remove them.

Windows

VMware TechZone Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop

Preparation

Power Options

  1. Run Power Options. Right-click the Start Menu to access Power Options.
  2. Click Additional power settings.
  3. Select Ultimate Performance, or click the arrow to show more plans, and select High performance.
  4. Next to the power plan, click Change plan settings.
  5. Change the selection for Turn off the display to Never, and click Save changes.
  6. You can also configure these setting using group policy.

System Settings

  1. Domain Join. Use sysdm.cpl to join the machine to the domain. Also see VMware 2150495 Computer-based Global Policy Objects (GPOs) that require reboot are not applied on instant clones.
  2. In System control panel applet (sysdm.cpl), on the Remote tab, enable Remote Desktop.
  3. Activate Windows with a KMS license if not already activated. Note: only KMS is supported with Instant Clones.

Install Applications

Install applications locally if you want them to be available on all virtual desktops created based on this master virtual desktop.

Or you can use a Layering product (e.g. VMware App Volumes, Microsoft MSI-X App Attach, Liquidware FlexApp) or App Streaming (e.g. ThinApp, Microsoft App-V). Note: logins are fastest if apps are installed in the master image. All app layering/streaming technologies introduce a logon delay. You can use Microsoft FSLogix App Masking to hide applications and Start Menu shortcuts that users should not see.

Antivirus

VMware Tech Zone Antivirus Considerations in a VMware Horizon Environment contains exclusions for Horizon View, App Volumes, Dynamic Environment Manager, ThinApp, etc.

Microsoft’s virus scanning recommendations (e.g., exclude group policy files) – http://support.microsoft.com/kb/822158.

Carbon Black

Interoperability of VMware Carbon Black and Horizon (79180)

Symantec

Symantec links:

Trend Micro

Trend Micro Links:

Sophos

Sophos Endpoint Security and Control: Best Practice for running Sophos on virtual systems: we’ve amassed the following practical information about how you can optimize our software to work with this technology.

Sophos Endpoint Security and Control: Installation and configuration considerations for Sophos Anti-Virus on a Remote Desktop Services server: It maybe desirable to disable the Sophos AutoUpdate shield icon

Sophos Endpoint Security and Control: How to include current version of Sophos in a disk image for cloned virtual machines: This procedure will make sure that the produced target/cloned computers:

  • Get their distinct identity with Enterprise Console, under which they can be subsequently managed.
  • Have the desired version of Sophos Anti-Virus already installed and configured on the created image.

Palo Alto Traps

  • Install Traps Agent for Windows:
    • Virtual desktop infrastructure (VDI) installation—Intended for non-persistent endpoints that replicate (also referred to as spawn) from a golden image which has Traps installed.
    • Temporary session—Intended for either physical or virtual endpoints (such as a Remote Desktop Server) that repeatedly revert to a snapshot (or image) on which Traps is not installed.

Windows Defender Antivirus

Configuring Microsoft Defender Antivirus for non-persistent VDI machines – Microsoft Blog

Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment – Microsoft Docs

Onboarding and servicing non-persistent VDI machines with Microsoft Defender ATP

For Instant Clones, Defender ATP on-boarding script should run as ClonePrep post-sync script. See Tristan Tyson On-boarding VMware Horizon View Instant-Clone VDI Pools into Microsoft Defender Advanced Threat Protection.

Cylance

CTX232722 Unable to launch application with Cylance Memory Protection Enabled. Cylance must be run in compatibility mode in order to the VDA and Cylance to run on the same machine. See the article for detailed instructions.

Horizon Agent

Horizon Agent Installation/Upgrade

Install Horizon Agent on the master virtual desktop. Upgrades are performed in-place.

  1. Latency – In Horizon 2111 (8.4) and newer, maximum latency between Horizon Agent machine and Connection Server is 120ms. Older versions of Horizon have lower maximum latencies.
  2. See VMware 2149393 Supported Windows 10 Guest Operating Systems for Horizon Agent and Remote Experience, for Horizon 8 2006 and Later
  3. VMware Tools – Only install Horizon Agent after you install VMware Tools.
    1. The latest versions of VMware Tools resolve security vulnerabilities.
    2. If you need to update VMware Tools, uninstall Horizon Agent, upgrade VMware Tools, and then reinstall Horizon Agent.
    3. See VMware Product Interoperability Matrices for supported versions of VMware Tools with different versions of Horizon Agent.
    4. If VMware Tools 11.x, VMware recommends running the following: (source = VMware 78434 Performance issues for Horizon 7 when using VMware VMTools 11.x) 
      C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe" config set appinfo disabled true
  4. Horizon 2309 (8.11) is the latest version.
  5. Horizon 2212 (8.8) is an Extended Service Branch, which is supported for three years from its January 2023 release date. The Agent was not updated for version 8.8.1.
  6. Horizon 2111.2(8.4.2) is an Extended Service Branch, which is supported for three years from its December 2021 release date.
  7. Download Horizon Agent 2309 (8.11), Horizon Agent 2212 (8.8) ESB, or Horizon Agent 2111.2 (8.4.2) ESB.

  8. Run the downloaded VMware-Horizon-Agent-x86_64-2309-8.11.0.exe or VMware-Horizon-Agent-x86_64-2212-8.8.0.exe.
  9. If you want the URL Content Redirection feature, then you must run the Agent installer with the following switches: /v URL_FILTERING_ENABLED=1
  10. If you want the UNC Path Redirection feature in 8.7 and newer, then you must run the Agent installer with the following switches: /v ENABLE_UNC_REDIRECTION=1. You can combine the two switches.
  11. In the Welcome to the Installation Wizard for VMware Horizon Agent page, click Next.
  12. In the License Agreement page, select I accept the General terms, and click Next.
  13. In the Network protocol configuration page, select IPv4, and click Next.
  14. In the Custom Setup page, there are several features not enabled by default. Horizon Smart Policies in Dynamic Environment Manager (DEM) can control some of these features but only if the features are installed.
    1. If you want USB Redirection, then enable that feature.
    2. Horizon Agent 2006 (8.0) and newer does not include Persona.
    3. If you want Scanner Redirection, then enable that feature. Note: Scanner Redirection will impact host density.
    4. Horizon Performance Tracker adds a program to the Agent that can show the user performance of the remote session. You can publish the Tracker.

    5. Horizon 2006 (8.0) and newer no longer include ThinPrint (aka Virtual Printing). VMware Integrated Printing is the replacement for ThinPrint and requires Horizon Client 4.10 or newer.
    6. In Horizon 2206 and newer, Storage Drive Redirection provides faster performance than Client Drive Redirection.
  15. Click Next when done making selections.
  16. If you see the Remote Desktop Protocol Configuration screen, then select Enable and click Next.
  17. In the Ready to Install the Program page, Horizon Agent 2306 and newer have an option to Automatically restart system on successful completion. Click Install.
  18. In the Installer Completed page, click Finish.
  19. Click Yes when asked to restart.
  20. If you want to know what features were selected during installation, look in HKLM\Software\VMware, Inc.\Installer\Features_HorizonAgent. Or look in the installation log files as detailed at Paul Grevink View Agent, what is installed?

  21. To verify installation of the URL Content Redirection feature, check for the presence of C:\Program Files\VMware\VMware View\Agent\bin\UrlRedirection.
  22. There’s also an IE add-on.
  23. URL Content Redirection is configured using group policy.
  24. To verify installation of the UNC Content Redirection feature, check for the presence of C:\Program Files\VMware\VMware View\Agent\bin\UncRedirection.

Install/Upgrade Dynamic Environment Manager (DEM) Agent

All editions of Horizon 2006 (8.0) and newer are entitled to Dynamic Environment Management (DEM).

  • Horizon Standard Edition and Horizon Advanced Edition are entitled to DEM Standard Edition, which only has personalization features that replace Persona. If you are using FSLogix Profile Containers for profiles, then you probably don’t need DEM Standard Edition.
  • Horizon Enterprise Edition is entitled to DEM Enterprise Edition, which has all DEM features, including Smart Policies, Privilege Elevation, etc.

DEM 2006 and newer Agents (FlexEngines) require additional configuration to enable DEM Computer Settings. You can either configure registry settings on each DEM Agent machine, or in DEM Agent 2103 and newer you can use an installer command-line switch. Both are detailed at Perform Installation with Computer Environment Settings Support at VMware Docs.

  • Group Policy Preferences can push these registry keys to the Horizon Agent machines. Or you can manually modify the registry in your master images. The minimum registry values are Enabled and ConfigFilePath as detailed at Perform Installation with Computer Environment Settings Support at VMware Docs. For the list of additional registry values, see FlexEngine Configuration for Computer Environment Settings at VMware Docs.
  • Command line install looks something like below. The command line installer switch sets the same ConfigFilePath and Enabled registry values as shown above. 
    msiexec /i "\\fs01\bin\VMware\DEM\VMware-DEM-Enterprise-2309-10.11-GA\VMware Dynamic Environment Manager Enterprise 2309 10.11 x64.msi" /qn COMPENVCONFIGFILEPATH=\\fs01\DEMConfig\general

To install DEM Agent:

  1. Windows 10 Compatibility – See VMware 57386 VMware Dynamic Environment Manager and Windows 10 Versions Support Matrix
  2. Make sure Prevent access to registry editing tools is not enabled in any GPO since this setting prevents the FlexEngine from operating properly.
  3. DEM 2309 (10.11) is the latest release.
    1. Horizon 2212 (8.8) ESB release comes with DEM 2212 (10.8).
    2. Horizon 2111.2 (8.4.2) ESB comes with DEM 2203.
  4. Based on your entitlement, download either DEM 2309 (10.11) Enterprise Edition, or DEM 2309 (10.11) Standard Edition. For ESB Horizon, download the DEM version included with your ESB version of Horizon.

  5. Run the extracted VMware Dynamic Environment Manager Enterprise 2309 10.11 x64.msi.
  6. In the Welcome to the VMware Dynamic Environment Manager Enterprise Setup Wizard page, click Next.
  7. In the End-User License Agreement page, check the box next to I accept the terms, and click Next.
  8. In the Destination Folder page, click Next.
  9. In Choose Setup Type page, click Custom.
  10. In the Custom Setup page, click Next. Note: the DEM Management Console is typically installed on an administrator’s machine.
  11. In DEM 2111 and older, in the Choose License File page, if installing on a Horizon Agent, then no license file is needed. DEM 2203 and newer no longer ask for licenses since DEM Console installs the DEM license in the DEM Configuration Share. Click Next.
  12. In the Ready to install VMware Dynamic Environment Manager Enterprise page, click Install.
  13. In the Completed the VMware Dynamic Environment Manager Enterprise Setup Wizard page, click Finish.
  14. If you have PCoIP Zero Clients that map USB devices (e.g. USB drives), then you might have to set the following registry value. (Source = VMware 2151440 Smart card SSO fails when you use User Environment Manager with a zero client)
    • HKLM\Software\VMware, Inc.\VMware VDM\Agent\USB
      • UemFlags (DWORD) = 1
  15. DEM is enabled using Group Policy and configured using the DEM Management Console.

Logon Monitoring

See VMware 93158 Information about changes in logon timing data format in Horizon form Horizon 8 2111 and Later.

By default, in services.msc, the VMware Horizon View Logon Monitor service is not running. Set it to Automatic and start it.

The logon logs are stored at C:\programdata\VMware\VMware Logon Monitor\Logs on each Horizon Agent.

Inside each session log file are logon time statistics.

Unity Touch

With the Unity Touch feature, tablet and smart phone users can quickly navigate to a Horizon View desktop application or file from a Unity Touch sidebar. Although end users can specify which favorite applications appear in the sidebar, for added convenience, administrators can configure a default list of favorite applications.

In the Unity Touch sidebar, the favorite applications and favorite files that users specify are stored in the user’s profile. For non-persistent pools, enable Roaming Profiles.

To set the default list of favorite applications:

  1. Navigate to HKLM\Software\Wow6432Node\VMware, Inc.\VMware Unity
  2. Create a string value called FavAppList.
  3. Specify the default favorite applications using format: path-to-app-1|path-to-app-2|path-to-app-3|…. For example:
Programs/Accessories/Accessibility/Speech Recognition.lnk|Programs/VMware/VMware vSphere Client.lnk|Programs/Microsoft Office/Microsoft Office 2010 Tools/Microsoft Office 2010 Language Preferences.lnk

Unity Touch can be disabled by setting HKEY_LOCAL_MACHINE\Software\VMware,Inc.\VMware Unity\enabled to 0.

For more information, see Configure Favorite Applications Displayed by Unity Touch at VMware Docs.

ClonePrep – Rearm

By default, when Horizon creates Instant Clones, one of the tasks that ClonePrep performs is to rearm licensing. You can prevent rearm by setting the following registry key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmware-viewcomposer-ga
    • SkipLicenseActivation  (DWORD) = 0x1

Dynamic PCoIP Policies

If you wish to change PCoIP Policies (e.g., clipboard redirection, client printers, etc.) based on how the user connects, see Managing VMware Horizon View Secret Weapon with Puppet Enterprise. The article describes using Puppet to change PCoIP settings. You can also configure VMware Horizon View Script Host service to run a script to change PCoIP configuration based on the Connection Server that the user connected through.

Microsoft FSLogix

Why FSLogix?

Microsoft FSLogix has two major features:

  • Profile Container is an alternative to VMware DEM Personalization.
  • App Masking is an alternative to VMware App Volumes.

DEM has three categories of features: Personalization, User Settings, and Computer Settings. FSLogix Profile Container only replaces the Personalization feature set. You typically do FSLogix Profile Container for profiles and use DEM for User Settings and Computer Settings. Here are some advantages of FSLogix Profile Container over DEM Personalization:

  • FSLogix Profile Container saves the entire profile but DEM Personalization requires you to specify each setting location that you want to save. FSLogix is “set and forget” while DEM Personalization requires tweaking for each application.
  • At logon, DEM Personalization must download and unzip each application’s profile settings, which takes time. FSLogix simply mounts the user’s profile disk, which is faster than DEM Personalization.
  • FSLogix Profile Container has special support for roaming caches and search indexes produced by Microsoft Office products (e.g. Outlook .ost file).
  • FSLogix is owned, developed and supported by Microsoft.

Here are some FSLogix Challenges as compared to DEM Personalization:

  • FSLogix Profile disk consumes significant disk space. The default maximum size for a FSLogix profile disk is 30 GB per user.
  • High Availability for FSLogix Profile disks file share is challenging. The file server High Availability capability must be able to handle .vhdx files that are always open. DFS Replication is not an acceptable HA solution. One option is Microsoft Scale Out File Server (SOFS) cluster. Another option is Nutanix Files.

VMware App Volumes has some drawbacks, including the following:

  • Completely separate infrastructure that must be built, maintained, and troubleshooted.
  • Introduces delays during logon as AppStacks are mounted.
  • AppStacks can sometimes conflict with the base image or other AppStacks.

An alternative approach is to install all apps on the base image and use FSLogix App Masking to hide unauthorized apps from unauthorized users. No delays during logon.

Microsoft FSLogix is free for all Microsoft RDS CALs, Microsoft Virtual Desktop Access per-user CALs, and all Microsoft Enterprise E3/E5 per-user licenses. Notice that per-device licenses are excluded. See Eligibility Requirements at Microsoft Docs.

FSLogix Installation

Do the following to install Microsoft FSLogix on the Horizon Agent machine:

  1. Go to https://docs.microsoft.com/en-us/fslogix/install-ht and click the download link.
  2. Extract the downloaded .zip file.
  3. In the FSLogix \x64\Release folder, run FSLogixAppsSetup.exe.
  4. Check the box next to I agree to the license terms and conditions and click Install.
  5. In the Setup Successful page, click Restart.
  6. Make sure the Windows Search service is set to Automatic and Running.
  7. If Office is already installed, then repair the Office installation after installing and starting the Windows Search Service.

FSLogix is configured through Group Policy or by editing registry values on each FSLogix Agent machine.

VMware OS Optimization Tool

  1. See VMware Windows Operating System Optimization Tool Guide for details on this tool.
  2. Download the VMware OS Optimization Tool. Versions 1.2 and newer support Windows 11 22H2.
  3. Run VMwareOSOptimizationTool-x86_64.exe.
  4. On the Optimize tab, choose a template.
  5. Then click Analyze on the bottom of the window.
  6. Near the top of the window click the Common Options button and make your selections on each of the pages. Click OK when done.

  7. The top right box named Analysis Summary shows the number of optimizations not yet applied.
  8. Review the optimizations and make changes as desired. Then on the bottom right, click Optimize.
  9. The History tab lets you rollback the optimizations.
  10. The Finalize tab contains tasks that should be run every time you seal your parent image.
  11. The Update tab lets you re-enable Windows Update so you can update the parent image.

Additional Optimizations

Additional Windows 10 Optimizations

Snapshot

  1. Make sure the master virtual desktop is configured for DHCP.
  2. If connected to the console, run ipconfig /release.
  3. Run antivirus sealing tasks. For example:
  4. Base Image Script Framework (BIS-F) automates many image sealing tasks. The script is configurable using Group Policy.

  5. Shutdown the master virtual desktop.
  6. Edit the Settings of the master virtual machine and disconnect the CD-ROM. Make sure no ISO is configured in the virtual machine.
  7. Take a snapshot of the master virtual desktop. Instant Clones requires a snapshot.

Related Pages

155 thoughts on “VMware Horizon 2309: Master Virtual Desktop”

  1. Hi,

    Is there a best practice for updating? Especially browsers? Multiple times a week browser updates are released. We have disabled auto-update for browsers through GPO. We manully update the golden image once a month but for browsers this is not enough.
    Is there a way to have some kind of always-on golden image which automatically updates (the browsers) and enrolls the machines from the newly updated image?

    We have considered enabling auto-updates for the browsers but that means for one month long EVERY virtual desktop (around 400 machines) will update the browsers EVERY day with an increasing delta towards the updated golden image which generates a lot of networktraffic.

    Reply

  2. First, thank you so much for sharing your knowledge!

    I’m currently deploying windows 11 22H2 desktop in Horizon 8, but the desktops won’t join to the AD domain. I see Netjoin error (Event ID4079) and VMware Guest Customization errors (Event ID7000 and 7009) in the desktop’s EventLog.

    Not sure how to tackle this issue.

    Reply

    1. Full Clones? If so, are you doing SysPrep Customization Specification? After the machine is created, login as local administrator and try to manually join the domain. What error do you see?

      Reply

      1. Yes, Windows 11 22H2 Enterprise, Full Clone, Automated Desktop Pool, Dedicated Assignment. I can manually join the domain using the service account (which I think is creating the objects in AD) with no issue. I’m using VMware Customizations which is call by the Horizon desktop pool.

        Reviewing the C:\Windows\debug\NetSetup.log that task for joining to domain ends with: NetpDoDomainJoin: status: 0x52e.

        In the Event Viewer: “attempted to join the domain… but failed. The error code 1326.”

        Reply

  3. Just have a quick question on cloneprep – rearm.
    Sorry, I don’t have much knowledge on Windows licensing.
    As far as I understand rearm is used to reset the Windows trail activation.
    if we are using Internal KMS for windows activation then what will be the use of this rearm on instant clone pool?

    Reply

    1. All KMS clients have a Client ID (CMID). KMS Servers count the number of unique CMIDs to determine if the minimum CMID count threshold has been crossed. Some KMS licenses require 5 unique CMIDs while others require 25 unique CMIDs.

      If you don’t run rearm then every Instant Clone will have the same CMID, which KMS sees as a single unique CMID no matter how many Instant Clones you have. To generate unique CMIDs on every cloned machine, you run rearm.

      Reply

      1. Hello Carl,

        In the above cloneprep – rearm you have mentioned to prevent rearm by adding registry key and in here you as saying if we dont run rearm the CMID will be same for all instant clones.

        So what is the best practice, we should prevent or run rearm?

        Reply

        1. If you’ve already cross the KMS Server threshold then it might be OK to skip rearm if you’re having problems. Otherwise, leave it enabled.

          Reply

  4. Hi ,

    I am prepare golden image for w10 21h2. After installing Horizon agent, I get the following error and windows cannot booting;

    ” Could not complete the installation to install windows on this computer restart installation “

    Reply

    1. Did you make sure no Windows Updates were pending before you installed Horizon Agent? For example, maybe Windows Update is trying to upgrade your version of Windows 10. There are GPOs that you can configure to prevent the Windows 10 upgrade.

      Reply

  5. Carl,

    Thanks for this resource it is an absolute life saver, especially when I have had to rebuild our VDI environment.

    Quick question: In the section on “Why FSLogix” is this a typo?
    “Here are some advantages of DEM Profile Container over DEM Personalization:”
    Should that read FSLogix Profile Container?

    Reply

  6. Hello Carl,

    I have a question and I will be pleased if you can share your knowledge.

    I have some users connecting to horizon through internet, with a latency at 120ms average – usually via blast.
    They are complaining that their vms are working slow, and they can notice the delay when working with large files in excel for example, or when opening a program etc.
    We are not talking for something extremely bad, but the feeling of lacking and delay is there, you can see it, you can notice it.

    I have also users at the office, connecting to horizon via office network which they don’t have this kind of issues, so it’s not something on horizon in general.

    My question is, is something that i can do to help them with issue? Any changes on the horizon client, any configuration on the golden image or something whatever?

    Thank you in advance!

    We are using horizon 7.13, windows 10 pro vdi, with agent 7.13.2, with 3 separated servers Connection, composer and database.

    Reply

    1. Does it work better with PCoIP?

      I have users with 300ms latency that are OK with the performance. Newer versions of Horizon might have a better Blast codec.

      Reply

  7. Hello there, first of all, thanks for all your guides regarding Horizon, there always awesome as always! I have a question though – I currently have the problem with a client that uses W11 22H2 as golden Image. When logging on aka when creating the user profile in Windows, the taskbar takes ~30 seconds to load (the taskbar is there, just completely white) before any icons / time appears. It´s frustrating beyond hell – i´ve tried so far:

    – discarded VMware OSOT – apparently the tool is buggy as hell in it´s current state and is known to break stuff
    – rebuilt the GI.. twice
    – checked GPOs – I´m using 1:1 the same GPOs as in your guide
    – Windows Updates are up to date as of this month
    – I didn´t use any removal tool for Windows Apps

    I´ve searched everything, I´´ve tried some fixes, but that didn´t help. Did anyone here had this issue before?

    Best regards from Germany,

    Stefan

    Reply

      1. Just a follow up if anyone is having the same issue: Upgrading the GI from W11 Pro to W11 Enterprise fixed the issue. I don´t get it. Maybe a (buggy) GPO which only works when you have Enterprise?

        Stefan

        Reply

  8. Great article Carl, thank you for all you do. Currently in the middle of a Horizon 8 migration from 7. The customer’s 7 environment uses Composer with Persistent disk and we are going to FSLogix with IC on 8. Is there a smooth migration path or tool at this point to get us from Persistent disk to FSlogix VHDX? Thank you in advanced!

    Reply

  9. Hello,

    Sharing some info on the latest FSLogix 2210 hotfix 1 (2.9.8440.42104) If using appvol and fxlogix profiles, this version appears to break the appvol where various application will not load via appvol. One can roll back to stable fxlogix version (2.9.8228.50276)

    Another fix: and recommended by vmware:

    Steps:
    -Please modify the Horizon Golden Image using an admin command prompt to run the following command:

    reg add “HKLM\SYSTEM\CurrentControlSet\services\svdriver\Instances\App Volumes Instance” /v Altitude /d “132000” /f
    -Take a new snapshot of the Golden Image following the best practices and publish it on a test pool to test.

    The workaround is to reduce svdriver’s altitude to make it lower than frxdrvvt.

    Basically allowing the appvol driver to load first before fxlogix.

    hope this helps others.

    Reply

  10. Hi Carl,
    Thank you for those great articles always up to date. This is my ref guide when I need to upgrade my VM pools, which I use for severals years.
    I have now Instant clones with Windows 10 22H2, fslogix profil containers, folder redirection of user’s data folders, which work as expected.
    I’m about to deploy new pool of Windows 11 22H2. I haven’t found clear documentation if the system could use seemlessly same VHDXs for Windows 10 and Windows 11, at the same time.
    I realy doubt it could work so I have created dedicated Windows11 VHDXs. But it takes storage and users would need to maintain 2 profiles.

    Any experience on this ?

    Reply

  11. Hey all – I haven’t been able to find a ton of information on this, but we are on VMWare Horizon 2209 (slightly older than the version this article covers). I’d like to know what the best practice is for updating golden images with either Windows updates, or third party applications, VMWare Tools, etc.

    We have a few instant clone pools and the current process has been to take a snapshot of the golden image, power it on, take a snapshot, and point the configuration to the new snap – that has caused snapshots to stack up over time. Any insight on best practices for making updates/changes to golden images would be helpful. Disclaimer, I’m new to the company and haven’t worked with Horizon a lot in the past.

    Thanks!!

    Reply

    1. Old snapshots should be deleted periodically.

      Some people do a full clone of their gold image every month to avoid snapshot chains.

      Some people rebuild their gold image every month using an automated process.

      Another option is to leave your gold images running and let SCCM or similar push updates to it. Then snapshot the gold image, push it to the pool, and power on the gold image again.

      Reply

      1. HI There, Thank you so much for all your articles, so helpful. Quick question, we are using Horizon 7.13.1 with instant clones, DEM and FS Logix Profile Containers, all is working well with the exception of one piece of software which once activated , saves it license in C: Program Data . I have tried app volumes, scripts , DEM application profiler etc. to get the license to save but each time a user logs in and gets a new desktop the software goes back to being unlicensed and the key must be entered manually which is not ideal. The only option now is to move the users back to Linked clones, but I understand this may cause issue when we upgrade to Horizon 8. Any suggestions would be appreciated!

        Reply

        1. Do users have Write permission to the Programdata folder? Can you write a script that runs at logoff to save the files to the user’s home directory. Then have another script that restores the files and launches the program. The app’s shortcut would run your script instead of directly launching the executable. I usually test these kinds of scripts by deleting the Programdata content to make sure it asks for license again. Then copy in files that I previously saved to make sure the program no longer asks for licenses. Or maybe the licenses are tied to the machine name or hardware identifier.

          Reply

          1. Thank you Carl, Tried that, works fine on the master image but not on the user machines, so I presume as you said the licenses are tied to the machine name or hardware identifier. Theres no other way round with instant clone is there ?

          2. Instant Clones usually use ClonePrep, which should not change the SID or GUIDs.

            On your clones, if you copy the files manually, does it work? If not, then your application probably requires something unique to that machine.

  12. PSA!!! With Horizon Agent 8.9 the age old practice of using UNC paths for the Printer Driver name in the GPO used to control the Location Based Printing, which is great for pushing printers to clones that are on a print server vs having the clones print direct, WORKS AGAIN!
    You can even export your current list (if you’re still using the 7.x Agent and the old ThinPrint AutoConnect GPO dll from 2014 or whenever it was before they updated the dll to force you to populate the port column and fail to enter backslashes in the printer name) and import it into the new .Net installed LBP GPO!
    DefaultPrinter,IPRange,ClientName,MACAddress,UserGroup,PrinterName,Destination
    false,*,*,*,user*,thinclient*,\\printserver\printer

    Doing so does not require that GPO / Agent setting to allow redirected printers, that’s just for users with Windows using the View Client to forward their own printers into the clone (like RDP does, etc).

    Reply

    1. Correction on my comment, Location Based Printing will fail to match (at least in 8.9) with a mix of characters for client or user/group and a wildcard. My example was user* in there and that will fail. The full username will succeed as will the full remote client name (remote hostname) or the ip range that is presented to VDI (important to note here too that if users are using VPN and are given an IP there that is the IP that will be matched against the rule, not the one on their remote network like their home wifi or something).
      I have a ticket open with support on whether they truly have chosen against supporting wildcards within names or if that was a bug since they use * to mean all clients or users or MAC addresses. Using * to contains for things like client name or MAC is really helpful and fully worked with 7.x’s thinprint GPO.

      Reply

      1. Further correction! All you have to do to make the old wildcards work is to simply add a . in front so if you want a client name to match beginning with IT, the IT* in the old ThinPrint policy becomes IT.* and for ending with X3, *X3 becomes .*X3 and for both IT*X3 becomes IT.*X3 etc. Works on username/groups too so users/groups containing MIS would be .*MIS.* and so on and so forth! All that works WITH the UNC paths for printer drivers!

        Here’s a quick and dirty PowerShell script to help you covert but you should open the result in the GUI to delete any invalid lines and spot check it all!

        ## Get old tpautoconnect GPO values for parsing
        $GPO = “{22B06425-C0BD-4A9A-A71F-E65BC2343A85}”
        $TPrules = (Get-GPRegistryValue -Guid $GPO -Key “HKEY_LOCAL_MACHINE\software\policies\thinprint\tpautoconnect\”).Value

        ## Create a new string array for updating LBP GPO
        [String[]]$tempArry = @()

        ## Loop through the rules looking for client name values
        foreach($r in $TPrules) {
        switch($r.Split(“,”)[2]) {
        ## shouldn’t need $r + “`r`n”
        {-Not $_.Contains(“*”)} {
        if ($_ = ‘ClientName’) {$tempArry += $r; break}
        else {$tempArry += “$r!”; break}
        }
        {$_.Contains(“*”) -and ($_.Split(“*”).GetUpperBound(0) -gt 1)} {
        $m = $_.Replace(“*”,”.*”)
        $tempArry += $r.Replace($_,$m) + “!”; break
        }
        {$_.Contains(“*”) -and ($_.Length -eq 1)} {$tempArry += “$r!”; break}
        {$_.Contains(“*”) -and ($_.Length -gt 1)} {
        $s = $_
        $m = $_.Replace(“*”,”.*”)
        $tempArry += $r.Replace($s,$m) + “!”; break
        }
        }
        }

        ##Write-Output $tempArry

        ## The below command works but can the GPO to error out when open and scrolling due to an invalid header row or something
        Set-GPRegistryValue -Guid $GPO -Key “HKEY_LOCAL_MACHINE\software\policies\VMware, Inc.\VMware VDM\PrintRedir\” -Type MultiString -ValueName “LBPSettingData” -Value $tempArry

        Reply

  13. Great documentation!
    Thank you for this.
    Question – we have an environment where DHCP is NOT allowed. How would we go about automating the delivery of a Horizon Pool to use a range without DHCP?

    Reply

    1. Can you do DHCP with Static Reservations? If not, then persistent full clones might be your only option.

      Reply

  14. Weird issue. Running Horizon 8.8. On a windows 10 21h1 VM, running agent 8.4.1, I have no issues adding it to persistent desktop pool. However, with windows 10 22h2, running agent 8.8, it will not allow me to add it to the pool. Better yet, upgrading a 21h1 image to 22h2, has zero issues in the pool or being removed and added again (it is running agent 8.4.1). Any ideas?

    Reply

    1. There’s a place in the pool wizard to show all machines and not just the valid machines. What reason does it show for not being valid?

      Reply

      1. Hi Carl,

        In that area that you suggest, the machine is greyed out and there are only 3 columns, name, type and path, nothing for status\reason. There is a little info icon, when I click this, 5 possible reason come up for incompatibility, but none of those 5 apply.

        Reply

      2. Figured it out. In my haste, I forgot to add the vGPU setting to the VM. Once I added that I was able to add. Fixed the template so this doesn’t happen again. Cheers.

        Reply

  15. Have you run across an issue with the Horizon 8.8 agent not installing the Blast (devtap) microphone? I’ve installed the agent on newly deployed desktops and it doesn’t install. I’ve had to use 8.4 agent to get the microphone.

    Reply

      1. Figured it out. Sorta of. Blast microphone will show up when asking the desktop via Horizon Client or HTML access just not in console. Can’t find anything in any release note saying this was a change.

        Reply

  16. Great write up as always Carl. This just re-enforces the amount of complexity involved in creating and managing a VDI environment. It is so wraught with pitfalls and configuration issues. Do I use DEM or FsLogix or do I use both? It is mind numbing to me that VMware would make it such that you need to remove the Hor agent before you upgrade Tools. The Hor agent is a nightmare to life cycle manage especially in a static desktop environment like much of ours still is. We’re trying to move a 1k user environment over to instant clones and now are up against the fun of MS O365, One Drive and Azure Active Directory hybrid join with conditional access policies and MFA. Every logon to an instant clone is met with an array of authentication requests including MFA. One drive doesn’t start automatically resulting in the cached MS Auth token being unnavailable thus the Auth requests. This makes the user experience far worse than the static desktop experience. Sorry for the rant.

    Reply

  18. Hello Sir, I follow you all the time.
    You have great and educational posts.

    I couldn’t find where to set the automatic agent upgrade that comes with Horizon 8.
    https://ibb.co/8jjrYTv

    I would be glad if you help.
    Thanks.

    Reply

  19. So this page says to use LSI Logic SAS for the disk. However, the link to the vmware page says to use vmware paravirtual. Which is it?

    Reply

    1. I’m not sure it matters since I suspect there’s very little performance difference. With paravirtual, you must install the driver during the deployment of Windows, which VMware documents how to do. Or deploy Windows 11 22H2, which has the driver built in.

      Reply

  20. Hi Carl,

    is it possible to use 2 AD-Accounts to login into RDS-Desktop?

    example:

    User-1 > Starts Horizon Client
    User-1 > login to RDS-Desktop-1
    User-2 > login to RDS-Desktop-2

    Regards
    Jonatan

    Reply

      1. ok. this is the solution! I was hoping that i can login once into horizon client and then login with different account into the RDS. But this is sufficient too. thank you very much. regards

        Reply

  21. Did anyone get the chance to test out the new VHDX Compact feature in the latest FSlogix release (2.9.8361.52326)? I tried to make it work but my VMs keeps logging off and the .LOCK file is not released. First try, I forgot to turn on the Optimize Drives service, which was clearly stated in the logs. After that, my Test profile didn’t meet the requirements for compaction (the 20% requirement), which was clearly stated in the logs also. So I grew the VHDX by copying a big folder, erased it and then I technically meet the requirements for compaction. It’s where I’m stuck, nothing in the logs why it’s not running and the .LOCK file stays.

    Reply

    1. Hi All,

      Wondering if anyone has ever had this issue – On my new Master images when publishing to a pool the login is fast (around 20-25 seconds) but after “Preparing Windows” Its a black screen for around 5-10 seconds then the desktop and shortcuts all load and everything is good to go. Trying to figure it out but not sure the best way to tackle this one.

      Reply

      1. Black screen is usually logon scripts, client device mappings, drive mappings, etc. You can run procmon.exe during a logon to see what’s happening.

        Reply

    2. In case someone is trying to figure it out, it seems that the Disk Compaction feature of FSLogix (2.9.8440.42104) doesn’t work when you have Cloud Cache enabled but works if you have the single VHD Locations configured. Hoping they will support Cloud Cache option soon as it makes it impossible to maintain our VHD servers without Cloud Cache.

      Reply

  22. Hi Carl,

    Currently spinning up a new Horizon 8 environment. We currently are running 7.13 in our existing environment.

    Would it be an issue to spin up a new pool in the same vCenter/Esxi hosts?

    Reply

  23. I never get my VDI works with PCoIP. Black screen for a while and then disconnected. Followed a number of KB including 1016633 but no luck !

    Reply

    1. Internal? Or through UAG? If through UAG, is both UDP and TCP 4172 open from the client through UAG and then to the Horizon Agent machine? What external address is configured for PCoIP on the UAG? Are you load balancing UAG? If so, does port 4172 go to the same UAG that handled port 443?

      Reply

      1. Both internal and UAG resulting the same. Suppose both tcp/udp 4172 opened correctly. External address is configured as the wan ip address. No load balancing deployed.

        Reply

  24. Dear Carl,

    I am trying to increase the disk size of my instant clone master image but the setting for disk is greyed out.

    I deleted all snapshots but the disk setting is still greyed out and I can’t change the disk size.

    Any idea on how to increase the disk size of an instant clone master image?

    And When I delete older snapshots, VCenter respond almost instantly that it was successful. It does remove the snapshot from the list of snapshots, however it does not really remove the vmdks for the snapshot.

    Reply

    1. Are you doing VVols for your storage?

      The machine is powered off when you try to increase the disk space? You have permissions to increase disk space?

      Reply

  25. We always have UWP apps that fail, there are soms fixes we applied for 20H2, but that does not seem to work anymore. Any tips for UWP apps??

    We use Calculator, Sticky Notes, Photos, Snip & Sketch (I think, I have Dutch OS) and OneNote. UWP apps randomly work for people.

    See also this post https://techcommunity.microsoft.com/t5/azure-virtual-desktop/how-do-we-install-store-apps-the-proper-way/m-p/1270907 and this one:

    https://communities.vmware.com/t5/Dynamic-Environment-Manager/Windows-Store-Apps-in-Windows-10-is-there-a-proper-method/td-p/496158

    I also have a ticket open with Microsoft but it’s a difficult issue.

    Reply

    1. I have no faith in UWP apps so I instead install Old Calculator, Old Sticky Notes, Old Photo Viewer, etc.

      Reply

  26. Please help and point me in the right direction. I understand that my question is a bit off topic of the article, but I don’t know what can be done. I have vSphere 6.7: two ESXi hosts of the latest build 19898906 and vCenter 19832280. Also Horizon connection server 7.0. I need to implement instant clones. I prepared a golden image based on windows 7 SP1 with the latest updates 2022. VMware Tools 12.0. and horizon agent 7.0.3634043. Performed optimization using the VMOSOT utility. Before shutdown executed ipconfig/release. Created a snapshot. During provisioning, cp-template*, cp-replica*, cp-parent* are created in sequence. But after that they are immediately deleted and the error “Initial publish failed: Fault type is VC_FAULT_FATAL – The operation is not supported on the object” is displayed on the connection server. There are no errors from the vSphere side. And since the cloned machines are deleted, I cannot use the debugging mode to analyze the logs. I saw an article on creating a golden image and followed the steps in it. But I can’t fix this error. I hope you can advise.

    Reply

    1. We had this issue before and referring to correspondence with VMware support, it looks like we snapshotted the VM before shutting it down. I can’t tell if that is what you did, but if you didn’t, shut down and create a new snapshot.

      I also found another time getting this error. The vmware KB page doesn’t exist anymore so I can’t provide full context, but at that time I put the host in maintenance mode, which vacated it of all VMs and deleted the problematic cp-parent. Then took the host out of maintenance mode and it operated properly.

      Reply

      1. Thank you for your quick response. I create a snapshot after the virtual machine is turned off.
        Regarding the transfer of the host to maintenance mode, I think that this option does not suit me, since all parent virtual machines are automatically deleted themselves and only folders remain.

        Reply

      1. Carl, thanks for your reply. Judging by the fact that after trying to create a pool, in DHCP I see new IP addresses issued for names in the format it * .mydomain, I can assume that the parent VMs receive addresses. On the virtual machines themselves, I can’t check, as they are deleted almost immediately. There are enough free leases in the DHCP pool. On vSphere, I use a distributed switch with static port allocation.
        I am concerned about one question. Do I have to manually sysprep the golden image before shutting down and taking the snapshot? Because in the old version of VMOSOT there is only an optimization option and no generalize, finalize. And the current optimization tool versions 2111 and 2204 available for download do not work on windows 7 SP1.

        Reply

  27. Using VMWare OS Optimization tool, after Generalize it always does a reboot, and then I run Finalize tasks on next reboot. But the CMID of the instant clones in Horizon 8 is always the same for all the VDI machines and the KMS server reports insufficient count and does not activate the VMs. what am I doing wrong?

    Reply

      1. thank you Carl for the quick reply. I am using sysprep, so after exiting the audit mode it reboots and then I run finalize and then snapshot. Is it correct that it has to reboot after generalize and then after the reboot run finalize?

        Reply

          1. yes, Instant Clones. So in that scenario I can skip Generalize and just run Finalize? I tried with sysprep answer file, but it gets stuck with “Windows could not finish configuring the system…” Thanks again Carl!

          2. Carl:

            I’m also a bit stumped on this one. A few guides elude using the Audit Mode/Sysprep/Generalize as there are inherent issues with the copyprofile=true in WIN10. Do you personally recommend following this model? ITUDA, although dated, doesn’t mention performing the sysprep/generalize task at all and instead goes with a local admin “temp” account – enabling local Administrator thereafter – and then deleting the “temp” local admin account approach.

            I’m of course testing all scenarios but thought to pick your brain if you happened to catch this. Hope I didn’t confuse. TY.

          3. Are you asking about OSOT? No, I don’t do Generalize.

            Or are you asking about VMware’s guide to building a gold image? I don’t do Audit Mode there either. For all user settings, I prefer delivering them through GPO or DEM rather than putting them in the default user profile. Default user profile is difficult to manage.

  28. Hello Carl,

    We are seeing the same issue as Eric with FSLogix on our brand new image build 20H2 where the first logon is fine but all consecutive ones break Start Menu where it’s not clickable at all and the search bar in taskbar doesn’t work either and you cannot click into it. Is anyone else experiencing the same behavior?

    Reply

  30. App Masking does not seem to be working in our environment. It works on the gold image but does not work when the machines are provisioned as instant clones. If I open up the rules manager on the clone as admin and manually apply the rule, it successfully applies it.

    Reply

  32. Hi Carl, Thanks for another great article. I have followed the steps but seeing a blank screen for 25-30 seconds before logon completes. Horizon Logon Monitor shows 22-25 secs for Shell load time which is happening in background during which blank screen is shown. have you faced this issue?

    Reply

      1. Pardon me for asking this, procmon is giving too much of info, is there an easier way to find out relevant logs from procmon PML output file?

        Reply

        1. Some 3rd party monitoring tools can break down the processes running during a logon event.

          In procmon, go to Tools > Process Tree to see what started and ended during the logon event.

          Reply

          1. Thanks Carl for quick input, i have gotten through them and following are some commands that are taking long time –

            31 secs – C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
            13 sec – C:\Windows\System32\mobsync.exe -Embedding
            30 sec – C:\Windows\system32\taskhostw.exe

            But I am really not sure of what are these for and how to disable if at all possible. Please suggest,

          2. Hi Carl, Glad to share that it has been fixed now. The blank screen issue has been identified to a Force Point DLP agent that was there in the image. At the time of user login to VDI, it doesn’t let the FSLogix vhd to mount for some time during which it throws blank screen. Now my login times are under 10 Seconds.

            Thanks for your suggestions here.

  33. Great article Carl,
    We are new to Horizon running version 2111, and are trying to get our heads around the workflow for applying patches to the Windows 10 gold image, and then then publishing it to the pool.
    Would the norm be:
    1. VMware OSOT, Update tab – run through updates
    2. VMware OSOT, Optimize, Finalize
    3. Clone gold image and snapshot. Publish new gold image/snapshot to the pool.
    Should we also be Generalizing the gold image?
    Thanks
    Mark

    Reply

    1. Not Generalize. I think that’s only for new builds since it requires you to be in Audit mode since that tab runs Sysprep.

      Reply

  34. Hi,

    im in the process to deploy Horizon 8 2111 with FSlogix.

    I have a problem with Instant clone in a floating pool. When i log for the first time in the VDI, everything is working. I logged off and log back in and the problem appears. The Windows start menu doesn’t work any more. Its only working in a Dedicated Pool without the refresh of the VDI after logoff.

    Im using Horizon 8 2111, Windows 10 21H2, Vmware DEM 2111 and FSlogix 2.9.7979.62170

    is there something that i need to do with FSlogix or VMware DEM to keep my start menu working?

    thanks

    Reply

    1. Full FSLogix Profile Container should just work, assuming you don’t have a redirections.xml file.

      Did you remove all DEM Personalization settings?

      Reply

      1. Hi,

        I don’t have redirections.xml

        DEM Personalization are empty.

        I already make it work in April 2021 but now its not working.

        I’ve been working on that with multiple combination of software or GPO and nothing is working.

        thanks

        Reply

      2. In my GPO for FSlogix, i have those settings enabled

        – Enable logging
        – Path to Logging files
        – Under Profile Containers, Enabled
        – VHD Location
        – Under Profile Containers/advanced, Prevent login with temporary profile
        – Under Profile Containers/Container and directory naming, Virtual disk type, SID Directory name matching string and pattern string

        In Vmware DEM, im only doing folder redirection

        Reply

        1. The version of Horizon is 2111.1-8.4.0-19066669 for the Agent and 8.4.0-19067837 for the connection server.

          Reply

        2. We are experiencing a very similar issue ? Did you ever find a solution to Windows Start Menu issues ?

          Reply

          1. Out of curiosity, is the start menu inoperable the entire session or just for a period of time? I feel like I went through this 3 years ago and it was just that it took a LONG time for the start menu to build on non-persistents at the beginning of each session. Apologies if you already know this, but you’ll have to create a config file in DEM > Use a Windows Common Setting > Windows 10 Start Menu. What I did was customize the start menu to what most of our users needed to create a predefined settings file, so that the first login for a user wouldn’t take forever, and it had most of what they would need to start off.

          2. Rob,

            We have DEM on the image but all the configs are disabled. We wanted to get everything with FSlogix and use DEM just for a backup for certain configs in case if we need to delete somebody’s profile. It looks like the Start Menu is completely broken for the entire session. The only time it works is when you log in with brand new profile and then all consecutive logons it is not usable

          3. Yes! You should not remove appx pacakges when doing optimizations in osot. I do Not remember which it was exactly . This issue is years old.

  35. Hi, i updated my environment to 2111 and the masters got the 21H2 Build. since then customization stuck..
    the client join the domain but have the DNS name from my master. any ideas?

    Reply

    1. I’ve seen the dns/hostname matching my template in others scenarios and truthfully didn’t really reach any conclusions. What version of vcenter are you on?

      Reply

      1. Hi, thats the problem.. it shouldn´t be the same name. when i rebuild my vdi client the customization should give him a new name. but it did not change and so in my horizon admin the customization timed out and i get a error

        Reply

        1. Oh, I know that’s the problem, I’m just saying I noticed a similar issue and wondered if vcenter could be this issue. Then for some general fact-finding: Vcenter version, Horizon version, what kinds of clones (instant, linked, full)?

          Reply

          1. I did some tests the last 2 days and found out that the issue is related to microsoft appx files.
            When the appx files exist the customization fail.
            We always run a script to delete the appx files but somehow there where some files which couldn´t be deleted because they were installed with a user which was not available. (the user did no login on the master, just a installation with “install as”)

            This problem came with the build 21h2 upgrade but We did a clean up and now everything is working fine again.

  36. Hi Carl,

    This is new comment which is not related to the above article kindly help me out.
    I have Master Image with Autocad which is facing so many issue related to DEM, user everytime login they got installation screen while opening the Autocad and also sometime some plugins are not working they said, even i am also not familiar with Autocad, kindly help me out any AutoCAD software need special attention in DEM

    Horizon view Version – 8.1, Instant Clone and DEM 2009.
    Waiting for reply.

    Reply

    1. Have you tried DEM’s application profiler to determine all of the places that Autocad stores settings so you can make sure DEM is configured to capture all of those locations?

      Another option is to switch to FSLogix, which capture everything without you having to configure anything.

      Reply

      1. Hi Carl, i have tried DEM application profiler and try the same, if any issue will revert back. Thanks for the lead.

        Reply

  37. Has anyone seen issues installing PCOIP-audio.122 drive from Teradici with 8.4 agent?

    the installer does not seem to see the agent.

    Reply

    1. I am having this exact same issue. After VMware Agent is installed, attempting to install pcoip_component_installer_1.2.2.exe halts with message: PCoIP Server not found. Cannot continue with installation. Please install VMware View Agent 4.5 or higher.

      As a potential fix, I am going to install an older version of VMware Agent and install the teradici drivers and remove old agent and install 8.4. I am betting the issue is on teradici’s side as their driver package has not been installed for over 4 years.

      Reply

      1. We’re seeing a huge problem with RAM in-guest with 7.13.1 instant clones. The sessions are freezing on users (not Windows), forcing them to disconnect the entire client and re-login. No problems on 7.12 linked clones 2 weeks ago. We’ve gone from 4gb/VM to 8gb/VM and still having the issue. VMware support is no help. Ugh!

        Reply

        1. Does Task Manager show the process that is consuming the RAM?

          When the users disconnect, do they reconnect to the same session? Or does it start a new session? If same session, then it could be a client-side problem.

          Reply

          1. Anything from Edge to Blast are adding up. Funny thing is that no matter how much ram we give the master image, it always ends up consuming 90% on average. Then there’s a spike and the user gets frozen. Doubtful on client side. We’re using 3-4 different zero clients plus personal PCs and Macs. Moving to Horizon 2006 tonight to see if that alleviates the issue.

        2. Carl is the best and he is the first person to listen to, but for what it’s worth we had a very similar experience as what you’re describing. Check your video driver against the matrix here (https://kb.vmware.com/s/article/2078739), and if your video driver is newer than what is shown, follow the resolution steps and be careful when updating the image.

          Reply

          1. I completely forgot about that KB and those issues. I followed the steps, and we are still having the problem this morning! Connect with me on twitter @philvirtual and maybe we can swap troubleshooting steps.

  39. We just upgraded from 7.11 to Horizon 8 version 2103. Is it normal for the actual VMs in a non-persistent/Instant clone pool to have snapshots on them in this version? I’m seeing these snapshots appear right after the VM is created. I’ve tried re-working the Master Image 3 or 4 times and it’s still happening. Just curious if you have any insight. Thanks!

    Reply

      1. Sorry for the delayed response. Given the impacted user experience we’re currently dealing with, I checked with VMware support. Thought I’d update you. Your theory seems to be correct.

        Their response:
        I have checked for the base-snapshot query and it seems it’s expected behavior in 8.0 and later version because of smart provision feature which creates the VDI without CP-parent.

        Reply

  40. Hi Carl!
    You’re guides are SO awesome and thorough! Thank you so much for being an essential resource for me over the years.
    Do you think you’ll be adding Windows 11 and TPM instructions to this?
    The KMS needed for vCenter to support such encryption has a LOT of gotchyas. We’ve successfully deployed at least a PyKMIP server to get over the hurdle of encryption ability without having to pay for it but could not, for example, easily convert a Windows 10 master image to an encrypted one. Still playing with options there tho. Once available and encrypted we can add the TPM device to get past Windows 11 install / upgrade requirements but not until then.

    Reply

      1. Oh I didn’t realize 7 had a built in provider! Probably is the same underlying implementation and would be way safer to upgrade vSphere to 7 before attempting with the silly Ubuntu appliance we set up in 6.7 u3. Thanks so much!!
        For what it’s worth I was able to clone my Win10 golden image in 6.7 without encryption (as the new VM has no snapshots, a stop gap to performing the encryption) and then convert it to the encrypted policy so my PyKMIP server is indeed working.
        Bypassing TPM seems scary for a production VDI environment. I do need Windows updates to continue to work.
        With encrypted VMs there are a lot of things to consider; vMotion, time it takes to make snapshots, backup software compatibilities, etc. Think it warrants a write up of those in this article? I’d trust something written by you way more than anyone I google lol.

        Reply

        1. I was able to build a gold image with the links above with a vtpm in them just fine. Installed horizon client and snapped it. But with I deploy the pool I get this.

          A specified parameter was not correct: spec.disk.backing.crypto Expected CryptoSpecDecrypt:

          Any ideas?

          Reply

          1. Did you ever get a fix for this? I’m getting the exact same issue…

            spec.disk.backing.crypto Expected CryptoSpecDecrypt:

          4. Although the ESXi 7.0u3c hosts have TPM 2.0 enabled, a Windows 11 VM without vTPM would not install.

          5. I managed to get win11 instant clones working using the vmware workstep for an automated image. Works great and is very easy to update every month now

          6. You said you got it fixed by using “workstep” by VMware. Where can I find more information on this?

  41. Hi Carl, nice article i have few doubts is listed below,

    1. Why we have to choose SCSCI controller instead of SATA, that too any specific on that?
    2. i am using instant clone over here will it affect because of choosing SCSCI controller Master Image?
    3. It is mandatory to join the machine in Domain if i am using instant clone?
    4. After optimization we have to Windows update ?
    5. Software need to install before optimization or after?

    Kindly clarify we have are planning to new environment to deploy.

    Regards

    Reply

    1. Many customers switch to paravirtual intead of LSI Logic.

      I haven’t tried not joining the master to the domain so I don’t know if it works or not. I usually join it so I can make sure GPOs with computer-level settings are applied to my master image.

      No matter when you run optimization, in subsequent months you’ll need to boot your master and update it. That means you will doing installs and updates after optimization is applied. Unless you rebuild your master every month.

      Reply

      1. NOT joining to the domain works perfectly fine. Actually seeing the clones appear in the domain in that case is a sign things are working. However, I have run into KMS licensing issues when Microsoft’s KMS exists purely in the domain (Active Directory-based activation). In that example (the non-domain joined master) a Windows Activation issue will appear if DNS isn’t pointing to the traditional KMS license server (typically a domain joined PC which may have network layer issues in attempts to access) and that’s carried over to the clones which, for a brief moment on user login, will show activation issues until the OS is successfully activated on the domain Active Directory-based activation.
        What we’ve done is kept the master images domain joined but put them in an OU that DOESN’T get any GPOs but so long as you put them in their own OU and don’t have anything in the root (top level) that you don’t want on your master’s that’s good enough too. When the clones get made they get put in an entirely different OU. Best of both worlds, a far as we’re concerned.

        Reply

  42. Carl,
    I’m trying to redeploy a windows pool with an updated template. The VMs in the pool are created successfully, but the guest customization to join the domain doesn’t work anymore. The Machine name shows the correct name for the newly created vm, but the DNS name on all the new VMs show the template hostname. Any thoughts?

    Reply

  43. I can’t able to start the analyse using VMware Optimisation tool.I’m getting below error:

    Error:Selected Template for VMware\windows10 and server 2016 or later.xml can not be loaded

    Reply

    1. I am also experiencing the same issue. “Error: Selected Template file VMware\Winows 10, 11 and Server 2019, 2022.xml” can not load. Input string was not in a correct format. ” This seems typical with a lot of VMware products, i.e. the quality is not there. Does anyone know of an alternative tool to get the job done?

      Reply

  44. When you have a desktop Pool, with a Master VM where the VM’s get their setup from, can you run a new Snapshot over those machines?

    Reply

  45. Hey Carl,

    Thank you so much for the guide, i have managed to install everything but I’m having an issue in the end when i log in with the domain user through the client/browser, I can’t see all the installed applications! its like its not seeing the changes in the master image.

    my local admin applications and settings are not shown in the domain users, any idea what I have done wrong?

    Reply

  46. Hi Carl, I’m installing Horizon Agent 2012-8.1.0-17352461. After the feature selection section there is a dialog box for Remote Desktop Protocol Config in which it states the VMWare Horizon Agent requires the RDP support to be turned on. It also offers a button to decline. What is this protocol actually for, and if it’s required, why offer the option to disable?

    Reply

  48. Good article, good looking.
    I have one question
    After using VMware OSOT during Windows 10 optimization, why is there an additional Microsoft VDI optimization guide?
    Are the values ​​for optimization using VMware OSOT and MS VDI different?

    Reply

    1. You can look at multiple optimization guides/tools and make your own determination as to what optimizations should be applied.

      Reply

      1. Hi Carl. Great article, great tips!
        I have a question, I’ve updated both Connection and Composer to 7.13.2 (from 7.12) and of course Horizon agents to 7.13.2. Since then, I’m getting error while trying to recompose VDIs.
        Error: View Composer agent initialization state error (18): Failed to join the domain (waited 600 seconds)

        Refresh is working as expected, no issues but I need to pass some changes.
        Even created a new pool, (mystiriously) VDIs created as supposed without any problems, but again when trying to recompose that pool I’m getting that error.

        Already checked https://kb.vmware.com/s/article/2006879 and rolled back composer with no luck.
        Also tried a few tips found online without success.

        Any tips on where to look for an answer?? Can you suggest something according to this??

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *