Enabling Flash for IE11 on Windows 2012 R2

The VMware vSphere web client requires Flash 11.5. I’ve noticed some issues with certain versions of Chrome and IE11 on Windows 2012 R2 not being able to open the web client due to either a missing or incorrect Flash version. Luckily, enabling the built in flash player for IE11 is an easy process.

Continue reading

VMware EUC Access Point Single Line PEM

VMware has greatly increased the usefulness of the EUC Access Point with the 2.7.2 version. Included in this version is the ability to handle the Horizon View security server functionality, airwatch functionality including per-app VPN and identity manager reverse proxy.

During the Horizon View setup pieces, there is a requirement to install your SSL certificate and key in a single line. With many guides on the internet showing different ways of accomplishing this, the one way that worked successfully for me each time is the method in the Deploying and Configuring Access Point guide on the VMware website.

To convert from pkcs12 to pem:

openssl pkcs12 -in mycaservercert.pfx -nokeys -out mycaservercert.pem
openssl pkcs12 -in mycaservercert.pfx -nodes -nocerts -out mycaservercert.pem
openssl rsa -in mycaservercertkey.pem -check -out mycaservercertkeyrsa.pem

Open the pem files and remove any unnecessary lines and then run the following command for both the RSA key and the certificate chain.

awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' cert-name.pem

Each of these outputs will then be uploaded in JSON format to the EUC access point

Using postman, do a put using the following link to your access point appliance. Replace “string” with the single line output from the above awk command for the RSA file and the certificate chain.

https://FQDN or IP of EUC Access Point:9443/rest/v1/config/certs/ssl

{
  "privateKeyPem": "string",
  "certChainPem": "string"
}

If all works successfully, you will see the new settings displayed in the bottom output section and status 200 ok displayed as well

Graylog does not yet support multiple LDAP backends

After upgrading to graylog 2.1, I ran into an issue where my LDAP config was not showing up and when entering a new LDAP config nothing saves. Digging through the log files, ran across a log entry indicating:

“Graylog does not yet support multiple LDAP backends”

Continue reading

vRops Upgrade from 6.0.1 to 6.1 fails

While upgrading vRops 6.0.1 to 6.1, the OS upgrade went smoothly, but the application upgrade kept failing at step 4 of 9. Rolling back to the pre-upgrade snapshot and repeating the process replicated the same failure multiple times. VMware has released a KB article to resolve this issue.
Continue reading

The pod is not ready to enable enhanced message security

As part of the Horizon View 6.1 upgrade, there is a new feature to enable enhanced security on the JMS traffic between Security server and Connection Server. For upgrades to 6.1, this feature needs to be enabled. For new installs, its enabled by default.

To enable this after upgrading from a prior version, the setting can be changed in the View Admin page under global settings, security, edit settings. There is a drop down to change from the current version to Enhanced.

When attempting to change this setting, the following message popped up:

The pod is not ready to enable enhanced message security. Click "OK" to force enabling the enhanced mode, or "Cancel" to cancel the operation

Continue reading

Horizon View Client DPI Scaling

I recently ran across an issue with the Horizon View client, on a Surface Pro 3, where the icons and text were so small they were unreadable. I tried the usual fix of checking the disable display scaling on high DPI monitors checkbox, but to no avail. This check box has helped in the past, but isn’t fixing the issues with VMware Horizon View client.

VMware has a registry key that can be added to fix this issue once and for all. This key only works with the 3.4 version of the Horizon View client and enables an experimental DPI Scaling feature.

KEY: HKCU\software\vmware, inc.\vmware vdm\client
Value:  DWORD:  EnableSessionDPIScaling 1

1 = on
0 = off

With this key added, when you connect to a desktop, the screen scales properly.

Adjusting Windows 7 DPI Settings via Registry

In Windows 7, Microsoft has provided us with an option to adjust the size of icons and text on the screen. Normally this is accessed by going into display properties and choosing smaller, medium or larger. These settings are commonly disabled by policy so users cannot adjust them.

Display Settings

Even with these options disabled, these can still be adjusted per user via the registry or Group Policy Preferences. The registry key is applied at login, so the user will need to log off and back for the change to take effect.



 

Key: HKCU\Control Panel\Desktop   
Value:  DWORD: LogPixels
Smaller (100%) = 96 (decimal) = 60 (HEX)
Medium (125%) = 120 (decimal) = 78 (HEX)
Larger (150%) = 144 (decimal) = 90 (HEX)

Setting Windows 7 Best Performance Settings in Parent Image

Windows 7 (along with other versions of windows desktop operating systems) offer the ability to adjust visual affects to help the performance of the operating system.  These settings can be changed in Advanced System Settings –> Advanced tab –> Performance settings and also via the registry.

When setting via the registry, it requires a logoff and re-login for the changes to take affect (or API calls), which in the non persistent VDI world causes some issues.  If setting via group policy, there’s a few keys to adjust in HKCU, but these keys need to be loaded at logon, or the theme and/or windows explorer need to be reloaded.  Luckily there’s a much more elegant way to set these in a parent image without changing the default user.

Continue reading

Disabling Signatures in Outlook 2013

In Outlook 2013, disabling signatures with Group Policy doesn’t work the same as in previous versions. The group policy setting disables adding/updating/deleting new and reply signatures, but leaves the toolbar button active to add an existing signature that was already in place.  In this post i’ll go over how to disable signatures via group policy and how to disable the toolbar button as well.

To disable signatures via group policy, first step is to load the adm or admx templates for outlook.  Once those are loaded, go to administrative templates, Microsoft Outlook 2013, Outlook Options, Mail format.  Under mail format is an option titled “Do not allow signatures for e-mail messages”  Enable this setting and signatures will be disabled for any users this GPO is applied to.  In previous versions of outlook this was all that was needed.  In Outlook 2013, this leaves the button in a new email message active so any existing signatures can still be added.

Continue reading

Creating Filter Groups in Profile Unity

Filter groups in Liquidware Labs Profile Unity are an extremely useful feature for limiting rules and settings for only a certain subset of users or computers. These enable you to target thinapp’s, for instance, to AD groups or OU’s or even specific users rather than to entire pools.  Or Add/Delete a registry key or value if a certain file or service exists.  There’s many different options for filter groups, and i’ll cover a few of them in this post.

Continue reading