Step By Step Install VMware Horizon 8 – Part 4

Hi, today I created an Event database to log Horizon events to a SQL Server instance, making the event data available to analytics software. For example, you can find the following types of events in the database:

  • Alerts that report system failures and errors
  • End-user actions, such as logging and starting desktop and application sessions
  • Administrator actions, such as adding entitlements and creating desktop and application pools
  • Statistical sampling, such as recording the maximum number of users over a 24-hour period.

Prerequisites for Setting Up the Events Database

  • SQL Server instance – This is the database server on which you will create the Events database.
  • Microsoft SQL Server Management Studio 
  • Microsoft SQL Server Configuration Manager  
  • SA credentials ­– To create the necessary logins for the database, you will log in to the SQL Server instance as the sysadmin (SA) or as a user account with SA privileges.

How to install and configure the Events Database?

1- Click on SQL Server Installation and then Click on New SQL server

2- Select Specify a free edition or Enter your product key

3-Acept license Term

4-

5-Select Default and Next

6- Default Server Configuration and Next

7- Select Mixed Mode and enter a password for sa username and add domain administrator account for SQL server administrator

8- Click on Install

9-Finish

10-Install Microsoft SQL Server Management Studio

11- In the Object Explorer, right-click Databases, and select New Database from the submenu. Name the database and click OK.

12- My Database name is Horizon

Finish 🙂

Step By Step Install VMware Horizon 8 – Part 3

Hi, today I want to install Replica Connection Server.

How to install Horizon Replica server?

1- Create two VMs and install two Windows servers and join them to your domain.

Guest OS – Microsoft Windows Server 2019
CPU – 4
Memory – 4 GB
New Hard Disk – 40 GB
New SCSI Controller – LSI Logic SAS
Network Adapter Type – VMXNET3

2- Download Connection server from this link and copy it to connection server’s VM.

3- Welcome page, Next

4- License Agreement, Next

5- Destination Folder

6- Installation Options

Standard installation – Generates a Connection Server instance with a new Horizon LDAP configuration.

Replica installation – Generates a Connection Server instance with a Horizon LDAP configuration that is copied from an existing instance.

Enrollment Server installation – Installs an enrollment server that is required for the True SSO (single sign-on) feature, so that after users log in to VMware Workspace ONE Access, they can connect to a remote desktop or application without having to provide Active Directory credentials. The enrollment server requests the short-lived certificates that are used for authentication.

I select Horizon Replica Server, Next.

7- On the Data Recovery page, enter the password you want to use for recovering data backups of the Connection Server.

8- Enter First Horizon Server HostName

9- On the Firewall Configuration page, accept the default, which is Configure Windows Firewall automatically.

10-  On the Initial Horizon Administrators page, for this exercise and for simplicity, I recommend authorizing an Active Directory domain group.

11- On the User Experience Improvement Program page, you can deselect the Join the VMware Customer Experience Improvement Program option to opt out of the program.

12- On the Ready to Install page, leave the default for the drop-down list, which is General, to indicate that you are deploying the Connection Server in an on-premises environment, and click Install.

12- On the Installer Completed page, click Finish.

13- You can launch the Horizon Console

https://<connection-server-hostname>/admin/

Finish 🙂

Step By Step Install VMware Horizon 8 – Part 1

Hi, today in this post, I decided to explain about how we can install VMware Horizon 8 in high availability mode.

You can find more detailed information about What’s New in this link.

You can find more detailed information about Horizon Administration in this link.

What is my plan:

What is our pre request:

1- Active Directory domain controller – The authentication infrastructure for your setup must include Active Directory, DNS, and DHCP. The Connection Server joins to Active Directory and sets up a lightweight directory service instance for the storage of Horizon configuration information.

2- SQL database Server – This is the database server on which you will create the Events database, which records actions that occur on the Horizon servers. For the example in this post, i used Microsoft SQL Server 2019.

3- VMware vSphere and vCenter Server – you must have a VMware vSphere infrastructure that contains at least one VMware ESXi host and one VMware vCenter Server instance.

4- TLS/SSL certificate – (Optional) By default, Horizon servers include a self-signed certificate that can be used for testing purposes.

5- Network and Storage

What is a Connection Server?

Connection Server acts as a broker for client connections by authenticating and then directing incoming remote desktop user requests to the appropriate virtual desktop, physical desktop, or terminal server. You must run Connection Server on a 32-bit or 64-bit dedicated physical or virtual server.

How to Install Horizon

1- Create two VMs and install two Windows servers and join them to your domain.

Guest OS – Microsoft Windows Server 2019
CPU – 4
Memory – 4 GB
New Hard Disk – 40 GB
New SCSI Controller – LSI Logic SAS
Network Adapter Type – VMXNET3

2- Download Connection server from this link and copy it to connection server’s VM.

3- Welcome page, Next

4- License Agreement, Next

5- Destination Folder

6- Installation Options

Standard installation – Generates a Connection Server instance with a new Horizon LDAP configuration.

Replica installation – Generates a Connection Server instance with a Horizon LDAP configuration that is copied from an existing instance.

Enrollment Server installation – Installs an enrollment server that is required for the True SSO (single sign-on) feature, so that after users log in to VMware Workspace ONE Access, they can connect to a remote desktop or application without having to provide Active Directory credentials. The enrollment server requests the short-lived certificates that are used for authentication.

I select Horizon Standard Server, Next.

7- On the Data Recovery page, enter the password you want to use for recovering data backups of the Connection Server.

8- On the Firewall Configuration page, accept the default, which is Configure Windows Firewall automatically.

9- On the Initial Horizon Administrators page, for this exercise and for simplicity, I recommend authorizing an Active Directory domain group.

10- On the User Experience Improvement Program page, you can deselect the Join the VMware Customer Experience Improvement Program option to opt out of the program.

11- On the Ready to Install page, leave the default for the drop-down list, which is General, to indicate that you are deploying the Connection Server in an on-premises environment, and click Install.

12- On the Installer Completed page, click Finish.

13- You can launch the Horizon Console

https://<connection-server-hostname>/admin/

Finish 🙂

Step By Step Install VMware Horizon 8 – Part 2

Hi, today I want to configure the following thing on Connection Server:

If you don’t see part 1, please click here.

  • Add license
  • Add vCenter

How to add license for Connection Server?

1- Login to Connection Server 

https://<connection-server-hostname>/admin/

2- My domain name is khoshraftar.com. Enter your domain user administrator.

3- Click on VMware Horizon HTML Access

4- go to Settings –> Product Licensing and Usage –> Edit License

Enter the serial number of the product license key and click OK.

Add a vCenter Server Instance

1- In the Horizon Console, navigate to Settings > Servers, which takes you to the vCenter Servers tab, and click the Add button.

2- On the Add vCenter Server page, complete the following text boxes before clicking Next:

  • Server address – Enter the fully qualified domain name (FQDN) of the vCenter Server instance.
  • User Name and Password – Use the format name@domain.com for the name of the vCenter Server user account.
  • You can leave the default settings for the other text boxes.

Finish 🙂

Step By Step Install VMware Horizon 8

Hi, today in this post, I decided to explain about how we can install VMware Horizon 8 in high availability mode.

You can find more detailed information about What’s New in this link.

You can find more detailed information about Horizon Administration in this link.

What is my plan:

We have in

Part 1

How to install Connection server?

Part 2

How to add a license for Connection Server?

How to Add a vCenter Server Instance?

Part 3

How to install Horizon Replica server?

Part 4

How to install and configure the Events Database?

Part 5

How to create a Domain User Account and OUs in AD for Clone Operations?

How to add an instance – Clone Domain Administrator?

Part 6

How to create a Single – User Desktop Pool?

Part 7

How to Create RDSH – Published Desktop and Applications?

Part 8

How to provision Users and Access Desktop and Apps?

Finish 🙂

How to join ESXi to the domain and set Active Directory groups to log in to ESXi via PowerShell.

Hi, Today I want to set the ESXi host to join to the domain and I adjust Active Directory groups to log in to ESXi with domain’s account, through PowerShell.

1- Run PowerShell as Administrator

2- Install VMware powercli

Install-Module VMware.PowerCLI

3- Connect to vCenter

Connect-VIServer -Server "your Server FQDN or IP address" -user "your username"

4- Enter your vCenter username and password

5- Create a variable

$ESXiHost = Get-VMHost

6- Join to Domain

$ESXiHost | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain 
"DomainName" -user "Username" -password "password" -Confirm:$false

7- Add your Active Directory Group that member’s of that group want login to ESXi Host.

$ESXiHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup | Set-AdvancedSetting -Value "Group Name"

For Example:

Connect-VIServer -Server vcenter.khoshraftar.com -User administrator@vsphere.local

$ESXiHost = Get-VMHost

$ESXiHost | Get-VMHostAuthentication | Set-VMHostAuthentication -JoinDomain -Domain khoshraftar.com -user khoshraftar -password *******  -Confirm:$false

$ESXiHost | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup | Set-AdvancedSetting -Value  VirtualizationTeam  

Now, I have a username that is a member of VirtualizationTeam, I can login with it to ESXi UI.

Finish 🙂

How to reset iLO 5 password from ESXi 7 shell

Hi, Today I need to reset forgotten ilo password, and I can’t reset my ESXi host.

If you install ESXi from HPE customized ESXi image, you can use hponcfg application, that exists on ESXi.

First SSH to your ESXi, Then go to this address:

cd /opt/tools
or
cd /opt/hp/tools

Then we need to create an XML file. I used vi tools.

vi resetpassword.xml

You must copy and paste this below information and save and exit.

<RIBCL VERSION="2.0">
<LOGIN USER_LOGIN="Administrator" PASSWORD="yourpassword">
<USER_INFO MODE="write">
<MOD_USER USER_LOGIN="Administrator">
<PASSWORD value="yourpassword"/>
</MOD_USER>
</USER_INFO>
</LOGIN>
</RIBCL>

Then run this command:

./hponcfg -f ./resetpassword.xml

You see a successful message.

Finish 🙂

ESXi 7.0 u3 Not Registering Name With DHCP Server

Hi, Today I set ESXi 7.0 update 3 servers to get an IP address from DHCP server, the host got an IP address, but it didn’t register name with DHCP.

 What is the solution? 

You must open this file in a text editor.

/etc/dhclient-vmk0.conf

Add this line:

send host-name "yourservername";

For Example:

 send host-name "Host-24";

Exit and save the file and reboot the host.

Note: The ; at the end of line is very important, Don’t forget that.

Finish 🙂

How to enable SNMP v3 manually on ESXi 7.0

Hi, I want to enable SNMP v3 manually on my ESXi 7.0.

In ESXi 5.1 and later releases, the SNMP agent adds support for version 3 of the SNMP protocol, offering increased security and improved functionality, including the ability to send informs.

As an alternative to configuring SNMP manually using esxcli commands, you can use host profiles to configure SNMP for an ESXi host. 

By default, the embedded SNMP agent listens on UDP port 161 for polling requests from management systems. You can use the esxcli system snmp set command with the –port option to configure an alternative port. To avoid conflicting with other services, use a UDP port that is not defined in /etc/services.

Procedure

1- (Optional) If you want to change the default port, you could use this command:

esxcli system snmp set --port port

2- Every SNMP v3 agent has an engine ID which serves as a unique identifier for the agent. The engine ID is used with a hashing function to generate keys for authentication and encryption of SNMP v3 messages.
If you do not specify an engine ID, when you enable the SNMP agent, an engine ID is automatically generated.

esxcli system snmp set --engineid id

Here, id is the engine ID and it must be a hexadecimal string between 5 and 32 characters long.

esxcli system snmp set --engineid 80001ADC05876457531638093177

3- SNMPv3 optionally supports authentication and privacy protocols.

Authentication is used to ensure the identity of users. Privacy allows for encryption of SNMP v3 messages to ensure confidentiality of data. These protocols provide a higher level of security than is available in SNMPv1 and SNMPv2c, which use community strings for security.

Both authentication and privacy are optional. However, you must enable authentication to enable privacy.

esxcli system snmp set --authentication protocol

Here, protocol must be either none (for no authentication), SHA1, or MD5.

esxcli system snmp set --privacy protocol

Here, protocol must be either none (for no privacy) or AES128.

esxcli system snmp set -a SHA1 -x AES128

4- You can configure up to 5 users who can access SNMP v3 information. User names must be no more than 32 characters long.

While configuring a user, you generate authentication and privacy hash values based on the user’s authentication and privacy passwords and the SNMP agent’s engine ID. If you change the engine ID, the authentication protocol, or the privacy protocol after configuring users, the users are no longer valid and must be reconfigured.

esxcli system snmp hash --auth-hash secret1 --priv-hash secret2

The produced output might be the following:

Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6

Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97

esxcli system snmp hash -r -A password1 -X password2


Authhash: 08248c6eb8b333e75a29ca0af06b224faa7d22d6
Privhash: 232ba5cbe8c55b8f979455d3c9ca8b48812adb97 

5- Configure the user

esxcli system snmp set --user userid/authhash/privhash/security
esxcli system snmp set --users user1/08248c6eb8b333e75a29ca0af06b224faa7d22d6/232ba5cbe8c55b8f979455d3c9ca8b48812adb97/priv
ParameterDescription
useridThe user name.
authhashThe authentication hash value.
privhashThe privacy hash value.
securityThe level of security enabled for that user, which can be auth (for authentication only), priv (for authentication and privacy), or none (for no authentication or privacy).

6- (Optional) If the ESXi SNMP agent is not enabled, run the following command:

esxcli system snmp set --enable true

7- (Optional) Send a test notification to verify that the agent is configured correctly.

esxcli system snmp test
Finish :-)

Reference:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.monitoring.doc/GUID-2E4B0F2A-11D8-4649-AC6C-99F89CE93026.html

ESXi 7 System Storage Changes

Overview

We’ve reviewed and changed the lay-out for ESXi system storage partitions on its boot device. This is done to be more flexible, and to support other VMware, and 3rd party solutions. Prior to vSphere 7, the ESXi system storage lay-out had several limitations. The partition sizes were fixed and the partition numbers were static, limiting partition management. This effectively restricts the support for large modules, debugging functionality and possible third-party components.

That is why we changed the ESXi system storage partition layout. We have increased the boot bank sizes, and consolidated the system partitions and made them expandable. This article details these changes introduced with vSphere 7 and how that reflects on the boot media requirements to run vSphere 7.

The partition sizes in vSphere 6.x are fixed, with an exception for the scratch partition and the optional VMFS datastore. These are created depending on the used boot media and its capacity.

Consolidated Partition Layout in vSphere 7

To overcome the challenges presented by using this configuration, the boot partitions in vSphere 7 are consolidated.

The ESXi 7 System Storage lay-out only consists of four partitions.

  • System boot
    • Stores boot loader and EFI modules.
    • Type: FAT16
  • Boot-banks (x2)
    • System space to store ESXi boot modules
    • Type: FAT16
  • ESX-OSData
    • Acts as the unified location to store extra (nonboot) modules, system configuration and state, and system virtual machines
    • Type: VMFS-L
    • Should be created on high-endurance storage devices

The OSData partition is divided into two high-level categories of data called ROM-data and RAM-data. Frequently written data, for example, logs, VMFS global traces, vSAN EPD and traces, and live databases are referred to as RAM-data. ROM-data is data written infrequently, for example, VMtools ISOs, configurations, and core dumps.

ESXi 7 System Storage Sizes

Depending the boot media used and if its a fresh installation or upgrade, the capacity used for each partition varies. The only constant here is the system boot partition. If the boot media is larger than 128GB, a VMFS datastore is created automatically to use for storing virtual machine data.

For storage media such as USB or SD devices, the ESX-OSData partition is created on a high-endurance storage device such as an HDD or SSD. When a secondary high-endurance storage device is not available, VMFS-L Locker partition is created on USB or SD devices, but this partition is used only to store ROM-data. RAM-data is stored on a RAM disk.

ESXi 7 System Storage Contents

The sub-systems that require access to the ESXi partitions, access these partitions using the symbolic links. For example: /bootbank and /altbootbank symbolic links are used for accessing the active bootbank and alternative bootbank. The /var/core symbolic link is used to access the core-dumps.

Review the System Storage Lay-out

When examining the partition details in the vSphere Client, you’ll notice the partition lay-out as described in the previous chapters. Use this information to review your boot media capacity and the automatic sizing as configured by the ESXi installer.

A similar view can be found in the CLI of an ESXi host. You’ll notice the partitions being labeled as BOOTBANK1/2 and OSDATA.

You might notice the OSDATA partition being formatted as the Virtual Flash File System (VFFS). When the OSDATA partition is placed on a SDD or NVMe device, VMFS-L is labeled as VFSS.

Boot Media

vSphere supports a wide variety of boot media with a strong recommendation to use high-endurance storage media devices like HDD, SSD and NVMe, or boot from a SAN LUN. To install ESXi 7, these are the recommendations for choosing boot media:

  • 32GB for other boot devices like hard disks, or flash media like SSD or NVMe devices.
  • A boot device must not be shared between ESXi hosts.

Upgrading to from ESXi 6.x to ESXi 7.0 requires a boot device that is a minimum of 4 GB. Review the full vSphere ESXi hardware requirements here. As always, the VMware Compatibility Guide is the source of truth for supported hardware devices.

Legacy SD and USB devices are supported with some limitations listed below, more information in this FAQ.

  • To chose a proper SD or USB boot device, see Knowledge Base article 82515.You must provide an additional VMFS volume of at least 32 GB to store the ESX-OSData volume and required VMFS datastore. If the boot device is larger than 138 GB, the ESXi installer creates a VMFS volume automatically. Delete the VMFS datastore on USB and SD devices immediately after installation to prevent data corruption. For more information how to configure a persistent scratch partition, see Knowledge Base article 1033696.
  • If the VMware Tools partition is stored locally, you must redirect it to the RAM disk. For more information, see Knowledge Base article 83376.
  • You must use an SD flash device that is approved by the server vendor for the particular server model on which you want to install ESXi on an SD flash storage device.

Main Resource

https://core.vmware.com/resource/esxi-system-storage-changes