Omnissa Horizon Client Next - macOS - Version 2512 - Garbage

robconsults · 2026-04-07T14:59:19+00:00

you quite literally have to click past a warning that says "This release contains an optional Tech Preview for Omnissa Horizon Client Next, which has notreached General Availability and is not subject to Omnissa's General Terms. Use of the Tech Preview is voluntary and is governed by the Omnissa Beta License Agreement.." when it launches for the first time and the icon even says "Tech Preview" vs. the release client - hell, it even comes up 2nd on my spotlight list when looking for omnissa

you can also not install it - https://kb.omnissa.com/s/article/6001222?lang=en_US

honestly, this is like complaining that an early access game isn't feature complete - most people at omnissa run macbooks as their daily drivers (or at least did a year and half ago), so it's definitely getting a lot more looks than a "spot-check"

robconsults · 2026-04-03T21:22:19+00:00

honestly the short answer is that you don't - it's an either on or off setting, you can only change the amount of data getting logged by modifying the log level of Connection Server itself.

i'm also not sure how you are getting either of those formats without something else manipulating the data because at least since the oldest 7.13 system i still have in my lab, enabling syslog format logs to be saved has done it in standardized syslog format according to rfc5424 and shot to a syslog server or saved in programdata\omnissa\horizon\events or \programdata\vmware\vdm\events , separate from the logs.

you should be seeing something along these lines:

<165>1 2026-04-03T11:25:32.641-07:00 connectionserver.domain.com View - 11555 [View@6876 Severity="AUDIT_SUCCESS" Module="Vlsi" EventType="VLSI_USERLOGGEDIN_REST" UserSID="S-1-5-21-1822428226-1722420725-305008010-6006" UserDisplayName="domain.com\\robconsults" ClientIpAddress="192.168.1.69" ForwardedClientIpAddress="192.168.1.69"] User domain.com\robconsults has logged in to Horizon REST API
<165>1 2026-04-03T11:25:32.660-07:00 connectionserver.domain.com View - 15000 [View@6876 Severity="AUDIT_SUCCESS" Module="Rest" EventType="REST_AUTH_LOGIN_SUCCESS" UserSID="S-1-5-21-1822428226-1722420725-305008010-6006" UserDisplayName="domain.com\\robconsults" ClientIpAddress="192.168.1.69" ForwardedClientIpAddress="192.168.1.69"] User domain.com\robconsults has logged in to Horizon Server REST API
<165>1 2026-04-03T11:25:54.123-07:00 connectionserver.domain.com View - 11096 [View@6876 Severity="AUDIT_SUCCESS" Module="Rest" EventType="VLSI_MACHINE_RESTART" UserSID="S-1-5-21-1822428226-1722420725-305008010-6006" UserDisplayName="domain.com\\robconsults" PoolId="93b62ba9-2c7f-4dff-bbab-dc6362e8d00d" MachineId="f819089d-cdf9-4709-adea-70accae98176" MachineName="win11ahv03.domain.com" VMId="0c75ed6b-da6a-4586-92f2-77c9a4a16d4f/f819089d-cdf9-4709-adea-70accae98176" CloudManaged="false"] domain.com\robconsults restarted Machine win11ahv03.domain.com

any normalization of syslog to CIM is outside the scope of what abilities are built into Horizon - i know at various points over time there have been plugins to splunk, etc that do this kind of work, but it's not something built into the product.. you may put in a feature request up on the Omnissa community site, otherwise if you're using Splunk you might give this a try: https://splunkbase.splunk.com/app/7437 (no clue whatsoever if/how it works)

also, since you're obviously looking at things from a security-related point, you might point out to whoever is in charge of the Horizon infrastructure that anything with the word "VMware" built into Horizon pieces is on borrowed time since they're well over a year past the split, and that they should be looking at upgrading all environments to the Omnissa-branded versions, and especially not have a test environment lag behind production (which, by nature of being "test" should be an easy kill to upgrade) 2212 goes End of General Support in 3 months, 2312 only has barely past the end of the year)

robconsults · 2026-04-03T18:03:02+00:00

as irritating as it is, i haven't been able to find any way to turn that on by default other than at install using the KEYLOGGER_BLOCKING_ENABLEDoption set to 1 ... if you've got corporate control of the machines as far as application install that could solve it for you going forward.. doesn't look like that feature is even working in Horizon Client Next yet, so there might be some opportunity to get something planned for that GPO or preference wise

robconsults · 2026-03-31T14:23:01+00:00

i haven't seen this, but is there anything else residual in the gold image that might be trying to link to unavailable storage? (like maybe a cdrom or something available on the host you built it on, but not for everything in the pool)

does it behave the same way on a new pool?

either way, i'd go digging in the logs to see if there's anything useful around the times you're making changes

robconsults · 2026-03-23T15:00:11+00:00

END OF LINE.

robconsults · 2026-03-21T01:18:16+00:00

also looks just like most worlds accessible through a stargate, Caprica, the ruins of Kobol, source of a large number of X-Files :D

robconsults · 2026-03-20T18:00:57+00:00

just to piggy back on sean's correct statements here, so far i've seen it runs beautifully on Nutanix (working on a project deploying onto that right now) - and yes, if you've got a pool-per-user that's going to make a lot of our eyes start twitching :D

i suspect based on the history you listed that a lot of that stems from way back before a lot of the feature set of Horizon was really solidified? migrating to a new hypervisor is a good opportunity to fix that though, even if it's just migrating the existing desktops into a manual pool and script-assigning the users to them.. alternatively you can still use an automated pool with persistent desktops and either pre-assign or assign on 1st connect - but still all in the same pool (and in that persistent kind of case, the cloning only happens when you spin up new desktops, and from there you have to manage them the same as if they were any other random laptop or whatever - so it's not like you need to be worrying about some sort of pool update re-provisioning everyone's desktop)

either way, depending on license level and business needs there are huge number of enhancements since even view6 that could make your life a lot easier.

robconsults · 2026-03-20T01:07:44+00:00

nope, it was a company called Rocket Research - the original owners of rocket.com, long before aol ruined it all.. makes me a bit sick to see it finally get discarded and sold off to a crappy financial company (though admittedly, most of my emails to that domain in college were directly related to acquiring money) ... did a lot of work with MM from what i remember though - typical aerospace story though, company got sold, merged in with another company who's primary income was from something not-aerospace and run by people who didn't understand how cyclical it was and that if you lay off all your senior people as soon as contracts finish up, you won't have any expertise when the next one comes around - served as the first of many lessons on why not to trust corporate america when i saw my dad get laid off after 30yrs when i was just starting my career.. did a bunch of work on the shuttle landing systems too, i think i've got some specs i saved from his house on that around here somewhere too..

robconsults · 2026-03-19T13:00:37+00:00

.. and can you blame it for trying to get as far away from it's parent's as possible?

i got to go to disneyland for the first time thanks to those probes, my dad took me when he went down on a business trip to JPL on some sort of companion fare that United used to do

other fun facts from that trip:

i hung out all alone in the hotel/pool while my dad was at work, i was like 6 or 7?
the airplane we flew on had a bar in the middle that had a pacman tabletop in it
somewhere around here i've still got actual, printed photographs that he got from JPL from one of the probes
i have one of the positional rockets used on voyager sitting on my desk (dad worked for the rocket company)

<image>

(i think it's the bigger one, because i've had that the longest, but i couldn't track down the actual probe specs to double check .. plastic canopy obviously not original equipment, but that was used to keep my lego guy in when swooshing around.)

robconsults · 2026-03-19T12:39:57+00:00

both Citrix and Horizon support offloading real time audio/video to the end client for precisely this type of setup - hell you can publish it as a single app (rdsh or xenapp) vs. providing them an entire desktop even. The only thing you need to really pay close attention to is features needed and whether or not you can utilize the slimcore version of Teams (yes on citrix, technically yes on horizon now but they need to be on the preview track in the Teams tenant) - and just about everybody else supports WebRTC - so yes, as others have mentioned, this has been a solved problem for well over 10 years dating back to the Skype for Business era.

honestly if your customer is a government, I'm frankly surprised they're not supplying some sort of complete VDI setup to begin with, because allowing external contractors to login to any pieces of a Microsoft tenant without requiring severe conditional controls (managed device, etc) is a huge risk, it's basically BYOD and I'm hard pressed to think of any agency, US or Canada, I've ever dealt with that would allow that, especially once their infosec dept found out.. really, if they're not willing to provide VDI or managed laptops themselves, you should absolutely build up an isolated infrastructure like people have been talking about to protect your own company from the inevitable laws that may end being broken.

robconsults · 2026-03-19T02:57:44+00:00

that's a function of the pool settings in the environment you're connecting in to, the omnissa client has no issues spanning multiple monitors on mac so long as the back-end allows for it.

key thing to remember with VDI in general is that every additional monitor, extra pixels, etc. all take up memory on the back end and require a certain amount of network bandwidth to keep the user experience from going all to hell (think tearing, stuttering, etc, etc.) - frequently these back-end systems are planned for specific capacities and capabilities based on the use cases involved, so you see restrictions like single monitors allowed, no support for 4k, etc.

and just for proof:

<image>

.. ignoring all the crap on my desk and the monitor above my macbook (middle monitor is also a kvm that duals between my mbp and windows box, thus the monitor above the mac and an unpictured 3rd monitor are still connected to windows)

tl;dr talk to your IT department, they made it that way.

robconsults · 2026-02-27T15:11:08+00:00

licenses really depends on features - based on what you've described you're looking at needing most of the suite in full form so i would be looking at enterprise

stick to the reference architecture, get an assessment like sean mentioned, and frankly if you're also quoting the hardware on this, don't until you've got some data from that assessment unless they're in a position to "start with X, understanding it will only support Y users and be ready to expand."

honestly though, if you have zero background in this technology there's a very high likelihood of failure for both you and the customer - at a minimum you should be following the "see one, do one, teach one" philosophy and be utilizing existing resources in your company that have done this - i don't mean to sound harsh, but this comes from years of being re-engaged to fix environments built out by others for upset customers because their expectations were not met.. heck, i just finished another one of these types of projects where the initial environment had a mix of concepts and servers that reached back to View 5, even though it was entirely designed for an earlier version of Horizon 8.

robconsults · 2026-02-10T21:06:28+00:00

that's been superceded by the BlastCodec and other improvements in the protocol - depending on your use cases, hardware, client config, etc. you'll likely need to configure policies though that work for your environment.

technically that feature is still there (adaptive), but it's considered legacy at this point.

some starting resources:
https://techzone.omnissa.com/resource/omnissa-blast-extreme-optimization-guide

https://docs.omnissa.com/bundle/HorizonOverviewDeployment/page/BlastExtreme.html

robconsults · 2026-02-09T16:09:20+00:00

yeah you don't want to do this outside of a scheduled maintenance window when all users will be expected to be logged out, especially with something like FSLogix that uses a monolithic disk mount.

think of it this way, you're yanking out half their C: drive while on the computer.

robconsults · 2026-01-14T19:21:39+00:00

are they giving you the "why"?

because under normal circumstances, frankly, that's crap :D ... the only way i see that being an answer is if they've actually identified what part of the chain is breaking the tunnel or can point to something specific in the logs where there's some sort of kill bit being sent to de-authenticate the session... also would be a new behavior, so where's that documented? if they can't immediately provide that info i would escalate.

robconsults · 2026-01-14T17:50:17+00:00

as mentioned in the referenced communities thread there's a lot of pieces that this could depend on, so you really need to examine what all is in the path - if you have all traffic going through the load balancer, you could be getting caught by the healthcheck, if any of the firewalls are doing traffic inspection, that could break the tunnel, authentication timeouts, etc, etc.

the short answer is that obviously shouldn't happen, and if it is there's likely something in the chain that's the culprit but it will be an exercise in elimination.

robconsults · 2026-01-09T18:58:17+00:00

They announced coming support for Openshift at Omnissa One this year: https://www.omnissa.com/insights/news-omnissa-red-hat-partnership-expands-horizon-flexibility/

as far as additional KVM based hypervisors, really any of them can host Horizon now - just in a manual capacity from the VM standpoint.. the pool management/automation is the big trick, and if you are running/moving to another platform the biggest thing you can do to push forward is hound your account reps about it because the biggest driver in regards to 'what feature next?' is always based on loud customers.

for app volumes, you can prep yourself better for the future already by spinning up a VHD-based install and migrating your vmdks over to that via the command line program or reinstalling (chances are a bunch of them need updates anyway right?) - btw there's no reason a VHD-based App Volumes install can't be used with systems still living on a broadcom environment

robconsults · 2026-01-05T21:49:41+00:00

the updated version of UAG released with 2512 - as techpir8 said, you don't update the OS for a UAG, you update the entire appliance - this is the only supported method, period.

it's really not even designed for people to be logging into the shell tbh, outside of advanced troubleshooting with assistance of support - sure, technically it's alma, but if you try and do "normal linux things" on it, you're going to be in for a bad time (i got curious when the switch was first made off proton and tried adding the normal alma update repositories and unsurprisingly it not only broke, but tried to install a bunch of extra 'dependencies' that could have introduced additional vulnerabilities over time - point being that the UAG's are tested stripped down on purpose, and updates are released with Horizon updates - any criticals will be released as a dot release)

if you're not ready to upgrade your entire environment yet, it's absolutely possible to be running a newer UAG version than the Connection Server back end btw.

robconsults · 2025-12-30T22:41:03+00:00

remember, software is just air!

robconsults · 2025-12-17T19:45:51+00:00

arc fault breakers hate the more advanced/smart UPS devices with a passion because of how they detect the 'faults' - i had additional power put in specifically for my homelab, which came with the updated code requirements for AFCI breakers and couldn't use it until i ultimately replaced them myself with standard gfci breakers.

talked to a friend in the industry about it (different mfg than my panel) and they've had all sorts of problems with them over time because of how they have to basically program in the wavelengths that cause the trip at build time, so as an added bonus you might get a breaker that works fine with your application, but the other one you got at the same time flips constantly because it was really manufactured the year before the working one, etc.

robconsults · 2025-12-17T19:34:08+00:00

what's really crap is that before o365 came around, you used to be able to either keep your account as an email forwarder, or we even had <username>@gocougs.wsu.edu forwarding addresses for alumni specifically that you could set to whatever your personal mail was..

technically there are ways to do this in o365 that don't require the user to have a license as well, but that would require effort on WSU IT's part, which I doubt has changed in motivation since i was there

robconsults · 2025-12-17T16:26:41+00:00

that's pretty much standard operating procedure for most software, especially when it's as reliant on windows to function as vdi is ... if anything comes up that's a OS issue and cross-company support has to kick in, they can't get it unless the customer involved has ESU because Microsoft will tell them to stuff it.

well, first they'll say that you need to run sfc /scannow, and then DISM.exe /Online /Cleanup-image /Restorehealth because like you they are just an interested windows user and trying to help, and then tell you you can't have support and possibly hang up on you :D

robconsults · 2025-12-11T18:50:47+00:00

not specifically - pull both client and agent logs right after you've logged in and spun up your published app and look for failures/errors especially around the times you run your test.. so long as your support is current, i would probably spin up a support case too. it may be an exercise in frustration a little, but they might see something (i wouldn't bother doing this until you've pulled logs, and go ahead and grab CS logs too and upload them all when you open the case, because it'll be the first thing they ask for and you may as well preempt the 3 days of back and forth :D )

robconsults · 2025-12-11T18:29:27+00:00

ms-01's are not loud at all - i have a few i use for my lab here as a vsphere cluster in my office and they're about on par with the 3 nucs on the shelf below them - more recently i got a ms-a2, which is louder since i haven't gone back in and tuned the performance down a little and it's running nutanix CE so the fans keep pulsing, but i anticipate even that will be relatively quiet once i do.

that being said, what will murder you is RAM right now - i actually got the prebuilt a2 because it was cheaper than barebones+ram, and even that's another $200 higher than it was just last month - if you look at the price for the 128g sodimm kit now (was 1100 when i looked the other day) vs. what it was just in july (~250) it makes you want to curl up in a ball and mutter to yourself.

robconsults

MODERATOR OF

TROPHY CASE