Posts

Horizon View BLAST error in Chrome browser

We did an update of our Horizon View environment from version 7.4 to version 7.5.1. After the update we noticed something strange. Everything was working except for the BLAST client on the Chrome browser. Other browsers didn’t give errors and worked, but Chrome threw the error: “Failed to connect to the Connection Server”.

After some searching in the VMware knowledge base, I found that the error has something to do with security. The View Security document talks about Cross-Origin Resource Sharing (CORS) as the feature that handles the policies in regard to HTTP request. (https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-security.pdf). This means that when an URL is used that is not the same as the listening domain, or when multiple domains are used, the policies can block access because the actions are considered not secure (like there could be a man in the middle attack).

In our case we have two URL’s to the Connection Servers. The first is a loadbalanced URL (http://ViewDesktop.LocalDomain) and the second is a direct URL to the Connection Server (http://HostName.LocalDomain). We noticed that the direct URL didn’t gave problems, but de loadbalanced URL did. So it seems clear that the problem must have something to do with CORS and in specific with the Chrome browser.

When we read a little bit further in the security documentation we’ll see an explanation for our Chrome problem: “Chrome extension clients set their initial Origin to their own identity. To allow connections to succeed, register the extension by adding a chromeExtension entry to the locked.properties file”.

Now, all CORS related settings are set in the file called locked.properties. You can find the file on your View Connection and Security Servers in the folder C:\Program Files\VMware\VMware View\Server\sslgateway\conf\ and if it doesn’t yet exist, you can simply create it.

So now that we know the problem in the Chrome browser seems to be coming from a security feature, how do we fix the problem? There are multiple solutions to solve this problem, which all include the locked.properties file.

  1. Disable CORS altogether. Not the most elegant solution.
  2. Set the checkOrigin property to “false”. This is probably not the option that you want. Though it works, it disables the security check. (https://kb.vmware.com/s/article/2144768)
  3. Set the balancedHost property to the URL on which you connect. This is a good option as you specify the loadbalanced address that is used by View. (https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-installation/GUID-BFF2E726-A5EB-4105-A0EA-F3D718C5880E.html#GUID-BFF2E726-A5EB-4105-A0EA-F3D718C5880E)
  4. Set the property “chromeExtension.1=bpifadopbphhpkkcfohecfadckmpjmjd” in the locked.properties file. This is the best option for us as it is tailored to the issue that we are facing. (https://docs.vmware.com/en/VMware-Horizon-7/7.5/horizon-security/GUID-94DAC7B8-70A3-4A91-8E70-2B2591B82866.html)

After you’ve set the locked.properties file, you’ll need to reboot the server for the settings to take effect. And after a reboot you’re Chrome errors are gone.

SCOM : Open view direct in console

System Center Operations Manager (SCOM) gives you great insights in your IT infrastructure. (Pro) active monitoring you’re environment enables you to respond quickly to alerts and (maybe) prevent outage.

One way to get informed is by hanging monitors in the “IT room” with dashboards displaying the environment. You can create a “view” in the Management Console displaying the information needed.

Ideally a dedicated machine boots up and displays the view you created. You can start the System Center Operations Manager with the option / ViewName: <viewname> to open the console and show the view.

Microsoft.MOM.UI.Console.exe

However if you start the console with the name of the view you get this error:

The view could not be found

Read more

Do we need 'fancy' features for VDI?

Everyone knows that more and more people are thinking about VDI, or at least they’re talking about VDI. And most of these people don’t really know what they’re talking about, what they really want and what they need. There are more usecases, solutions, alternatives which might be better for most of them.
In this article i’m talking about ‘hosted virtual desktops’, the way most people see VDI. The desktop is a virtual machine running on a hypervisor in the datacenter.

Yesterday I attended a presentation where VMware was talking about VMware View, there product for VDI implementations. In this presentation one of the key-features of VMware View was there ESX plaform, and all the ‘fancy’ features this hypervisor has. And with ‘fancy’ features I mean features like VMotion, High Availability, DRS and Fault Tolerance.
These are all great features and very usefull, in enterprise environments, for servers. In smaller environments these features aren’t necessary or even needed. In fact, in most enterprise environments not all features are really required, there used because “we can”.
Read more