VMware has just released a new version of Horizon 2212. These are some of the features/support introduced:
Horizon 8 version 2212 in conjunction with App Volumes 4 version 2212 introduces Horizon Published Apps on Demand. With this new feature, administrators can use App Volumes applications directly in their instant-clone RDS farms. Now applications can be delivered dynamically to a generic Windows OS as users launch them. This greatly simplifies static image management and gives administrators the ability to reduce their application specific farms. This also brings the Horizon and App Volumes administration consoles closer together, allowing Horizon administrators to add App Volumes Manager servers and entitle applications to users without the need for duplicate entitlements in App Volumes. This feature creates an opportunity to reduce the time-consuming management of application installations on RDS Farms, and enables scenarios such as multiple users being able to use different versions of the same application while logged in to the same RDS Server.
Microsoft MAK licenses are now supported with Instant Clones.
When you create an automated pool of full clone desktops, you can now specify an active directory OU in which computer accounts can be created. Previously, computer accounts would get created in the default OU and administrators would manually move them after pool creation. This feature, which already exists for Instant Clone desktop pools, addresses this pain point for administrators.
Cloud Pod Architecture is supported with IPv6 environments for more security and added address spaces.
Administrators can now generate a CSR configuration file, import a CA-signed certificate to Connection Server, and monitor health of the certificate from Horizon Console.
#The script need:
#List the VMs name where remove e reinstall the agent (file c:\vdi.txt or where you want)
#Share where is the horizon agent installation file and the file agentinstallv8.bat that contain the silent command for installation
#When the script start ask the vCenter Credential and the Admin User Credential for install the Horizon Agent on the VM
#Credential for access to vCenter
$credential = Get-Credential
#Credential with administrator role for install horizon agent
$VMCredential = Get-Credential
#vcenter
$vcenter = "<FQDNvCenter>"
#List of VMs where remove e install new agent version
$VDIs = Get-Content "c:\vdi.txt"
connect-viserver $vcenter -Credential $credential
foreach ($VDI in $VDIs){
$VM = Get-VM -Name $VDI
Write-Host "Start remove agent from $VM"
#Script for verify if the agent is installed
$script = @"
Get-WmiObject Win32_Product -filter "Name='VMware Horizon Agent'" | Select Caption
"@
#Script for remove
$removeapp= @"
wmic Product Where "Name='VMware Horizon Agent'" Call Uninstall /NoInteractive
"@
$value = Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $script -GuestCredential $VMCredential
#Check if horizon agent are install if present the script remove it and reboot the VM
if ($value.ScriptOutput -like "*Horizon*") {
Write-Host "Horizon agent is installed"
Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $removeapp -GuestCredential $VMCredential -RunAsync
While(Test-Connection $VM -Quiet -Count 1){
Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to shut down."
Start-Sleep -sec 1
}
While(!(Test-Connection $VM -Quiet -Count 1)){
Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to come back up."
Start-Sleep -sec 1
}
if ($value.ScriptOutput -cnotlike "*Horizon*") {
Write-Host "Agent removed from $VM and $VM rebooted"
}
}
else {
Write-Host "Horizon agent is not installed on $VM"
}
#####Agent Installation
Write-Host "Start the Horizon Agent installation in $VM"
Sleep 15
#Installation with share change the fileserver,the share name, the labl and the file
$installapp = @"
New-PSDrive -Name "S" -Root "\\vimng03\share" -Persist -PSProvider "FileSystem"
S:\agentinstallv8.bat
"@
Invoke-VMScript -VM $VM -ScriptType powershell -ScriptText $installapp -GuestCredential $VMCredential -RunAsync
While(Test-Connection $VM -Quiet -Count 1){
Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to shut down."
Start-Sleep -sec 1
}
While(!(Test-Connection $VM -Quiet -Count 1)){
Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to come back up."
Start-Sleep -sec 1
}
Write-Host "$VM after installation is UP"
$value = Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $script -GuestCredential $VMCredential
if ($value.ScriptOutput -like "*Horizon*") {
Write-Host "New Horizon agent is installed in $VM"
}
else
{
Write-Host "New Horizon agent is not installed in $VM"
}
}
Disconnect-VIServer $vcenter -Force
Well, in recent weeks we have often talked about how to heal vCenters from the log4j vulnerability. I guess the first thing we all thought was “What a show VMware support released scripts to run to solve the problem …” and then every one to use WinSCP or similar tools/commands to copy the file …. but many will have found it impossible to copy files using the Root user …. but how SSH works but the SCP command does not work! Well, the problem comes from the shell associated with the Root user. It is not the classic BASH but the APPLIANCESH. Then we proceed as follows:
Let’s connect in SSH to the vCenter Virtual Appliance
We access the Bash SHELL with the command SHELL
We enable BASH as the default shell for the root user
After the post where I apply the VMware workaround for mitigating the Log4j exploit on the UAG appliance, now I suggest using this VMware KB to apply the workaround on vCenter.
I needed to copy a folder to virtual machine on the DMZ network segment. The firewall rule blocks any access to VM, well I used the Copy-VMGuestFile Powercli Command.
Connect-VIServer <vcenter server FQDN or IP>
$vm = Get-VM -Name <VM target>
Get-Item “<Source Path>” | Copy-VMGuestFile -Destination “<Destination Path on VM>” -VM $vm -LocalToGuest -GuestUser <User VM Guest> -GuestPassword <Password User VM Guest>
After the first tentative I receive this error:
Copy-VMGuestFile : 09/12/2021 11:08:40 Copy-VMGuestFile The request was aborted: The request was cancelled. At line:1 char:27
Probably it is a time out error and I try to change the WebOperation Timeout Seconds.
Whenever we installed a new vCenter the activity always included integration with Active Directory and normally IWA (Integrated Windows Authentication) was used. Since vSphere 7.0 version this possibility has been deprecated so it is good to start with the integration of the vCenter with Active Directory via LDAP. In our case, we will use LDAPS which uses a certificate
For first the step we need to create the certificate:
Copy the certificate output with —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–
Past on Notepad and save with .crt extension
Now we will go to configure the Identity Sources on vCenter:
Login as Single Sign-On Administrator to vCenter
Navigate to Menu > Administration > Single Sign-On > Configuration
In the Identity Provider tab, open Identity Sources
Click ADD
Select Active Directory over LDAP or OpenLDAP, depending on your directory type.
Fill out the remaining fields as follows: Identity Source Name: Label Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. Example: “DC=pollaio,DC=lan”. Base DN for groups: The Distinguished Name (DN) of the starting point for directory server searches. Domain name: Your domain name. Example: “pollaio.lan” Domain alias: Your NetBIOS name. Example: “pollaio.lan” Username: Domain user with at least browse privileges. Example: “pollaio\administrator”. Connect to: “ldaps://<DC FQDN>”.
Click Browse next to SSL Certificate
Select the .cer file created in before step
Now we are ready to login to the vCenter with domain user (remember to assign the correct permission to domain group or user group)
If you want check the correct use of SSL certificate on the authentication to Active Directory with LDAP connection check the websso.log:
One of the conveniences of administering VMware solutions is being able to use code to create scripts to perform repetitive tasks or automate processes
One of the vSphere Web Client features that can help those new to the PowerCli is the Capture Code, it basically allows you to list and save the Powercli commands of the actions you are doing with the vSphere Web Client.
To activate it just access the vSphere Web Client, from the Menu select Developer Center
Select Code Capture and enable it by placing the “Enable Code Capture” flag on the right (which turns green)
At this point, a space will appear in our frame where the commands will be listed with some operations, such as Clear and start another, Copy and Download
Where the Download option generates you the ps1 file with the Powercli commands of the recorded operations
To start and stop a recording session you can use the buttons:
Or the red button that appears at the top of the WebClient once “Enable Code Capture” is enabled
In an old post, I described how to send ESXi logs to Azure Log Analytics to ingest at Azure Sentinel, now I describe Step to Step how to send vCenter logs.
The first step is to do step by step this configuration:
Protocol and port depend on your infrastructure configuration (you need to enable communication from VCSA to Syslog Gateway Server on the select TCP/UDP port)
and enable send events (it is enabled by default, but a check is a good idea)
Now you can connect to the Syslog Gateway Server and check if the Syslog server received the logs from the VCSA Appliance
Use SSH to connect at the Syslog Gateway Server and use this command
cat /var/log/syslog | grep <fqdn vCenter> | more
in my situation
cat /var/log/syslog | grep vcenter | more
Configure the Log Analytics Agent, installed on Syslog Gateway Server to process the Facility Local0
Connect to Azure Portal and on Azure Log Analytics Service enable the correct facility (local0)
After 10/15 minutes the new configuration will be applied on Syslog Gateway Server (you can check the file /etc/rsyslog.d/95-omsagent.conf on Syslog Gateway)
Change the VMwareESXi function (It was created for ESXi Log check my old post) or create a query custom to parse the log on Azure Log Analytics
Finally, you can query the data on Azure Log Analytics
Syslog | where HostName contains “<FQDN vCenter>”
or optionally you can edit the function create for Ingest ESXi log (check my old POST) and insert the vCenter FQDN Name in the same position where there is the ESXi FQDN Name.
Currently, on Azure Sentinel there are no specific Workbooks for VMware, all queries are to be created