Public CA do not allow internal names and reserved IP address any more

With November 2015 public CAs do not issue new certificates that uses internal names or reserved IP addresses in subjectAltName or in commonName. Furthermore such certificates will be revoked on October 1st, 2016.

Internal names are hostnames that do not end with an Top Level Domain ending (.com, .de, …). For example: .local, .internal. Also NetBIOS names without any domain extension are affected.

Reserved IP addresses are defined by Internet Assigned Numbers Authority (IANA). You can look reservations for IPv4 here  (RFC 1918 range) and IPv6 here (RFC 4193 range).

If you are using an internal CA you are not affected. For more information about this change of public CAs click here. For more information about VMware products click here.

Public CA do not allow internal names and reserved IP address any more

A new way to delete erroneous View Desktops using ViewDbChk

Information about View Linked Clone Desktops are stored in 3 locations: LDAP DB, View Composer DB, vCenter DB. In the past (versions 3.x, 4.x) it happens more often to get orphaned desktops or VMs that shows errors or state “missing”. In more current versions of VMware View at one hand this happens not that often any more and on the other hand it is often self repaired after trying to delete these faulty VMs a second time in GUI. But it is still possible to get an VM that shows errors and you are not able to delete this VMs in the GUI.

I will show how to delete such VMs without deleting the object in every of the 3 locations manually.

Continue reading “A new way to delete erroneous View Desktops using ViewDbChk”

A new way to delete erroneous View Desktops using ViewDbChk

Protect Linked-Clone Replicas and show with Replica a desktop is based on

I had a strange behavior in a vSphere Cluster with View Linked-Clones. The problem was that it was not possible to vMotion a Linked-Clone VM to an other host. The error was like:

Cannot open the disk '/vmfs/volumes/11111111-22222222-3333-444444444444/VDI-1/-VDI-1-000001.vmdk' or one of the snapshot disks it depends on.

I could not find any problems by checking snapshot chains. So I investigated Replica-VMs. vCenter allowed tasks like Power On and Editing which is normally not allowed for Replica-VMs. This state of related Replica-VMs seems to prevent vMotion tasks. I took the following steps to solve the problem.

Continue reading “Protect Linked-Clone Replicas and show with Replica a desktop is based on”

Protect Linked-Clone Replicas and show with Replica a desktop is based on

Some useful notes about KMS and VDI

Here are some very useful links and commands to implement and troubleshoot Microsoft KMS (Office and Windows).

Steps to install KMS for Windows (Link: here):

  1. Install KMS Server, install the KMS Key:
    slmgr.vbs /ipk kms-key
    You should get an success-message after a few seconds. If not, maybe the key is not an KMS Key or the wrong key.
  2. Activate the KMS Server online:
    slmgr.vbs /ato
  3. Check Information about the service
    slmgr.vbs /dlv (less information)
    slmgr.vbs /dli (more information)

Steps to install KMS for Office 2010 (Link in german: here):

  1. Download Office 2010 KMS Host License Pack here and install it on KMS Server. During the installation you fill in you KMS Key for your Office 2010 license.
  2. Check Information about the service
    – slmgr.vbs /dlv all (for Windows and Office)
    slmgr.vbs /dlv bfe7a195-4f8f-4f0b-a622-cf13c7d16864 (just for Office)

Stuff for troubleshooting:

  • Install Volume Activation Management Tool (VAMT) in KSM Server
  • For Windows you need at least 25 devices that tries to activate using KMS to bring KMS to work. For Office you need at least 5.
  • slmgr.vbs /dlv shows this counter (Current counter). It stops counting at the double of the limit (50 respectively 10). It can go down again, if no more unique devices try to activate for some time.
  • These devices have to be unique! Just enrolling 5 View desktops to enable KMS will not work, because the Office-ID for every device is the same!
    •  Display this ID: cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS" /dcmid
    • Rest/Rearm Office 2010: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\ospprearm.exe
  • For VDI, one way to keep KMS working (it stops working when for 180 day the counter of unique devices is beneath the limit of 20 respectively 5) is to enroll your desktops and rearm them afterwards.
  • Event ID 12290 gives information about whats going on, it shows also the ID. More information on this you can find here.
  • When you want to use a master for a different domain using a different KMS server, you should be aware of that KMS client is caching its server.
    • To disable caching, run: slmgr /ckhc
    • To remove caches server, run: slmgr /ckms

    in master VM. So KMS client should use DNS to resolve KMS server again.

Some useful notes about KMS and VDI

Changed procedure in upgrading Connection Server in replicated group

When you upgrade Horizon View, you have to upgrade all Connection Servers within the environment. When you just have one, it is clear you will have a downtime. But even when you have n Connection Servers, you have to stop the View Connection Server services of ALL servers at once! This WAS right, but now you can upgrade one Connection Server after the other, without stopping all services of all servers at once. This new procedure you can find in the current upgrade guide here. Take care you download the latest version of the document (ID EN-001476-01) because previous versions – including EN-001476-00 – still want you to shutdown all services.

Dale Carter wrote an short post about the steps to do an upgrade without any downtime.

Changed procedure in upgrading Connection Server in replicated group