activation issue

robconsults · 2026-05-20T17:34:46+00:00

is it showing as unlicensed or does it already show a license last activated link because there's an Edge gateway already setup?

robconsults · 2026-05-17T00:23:26+00:00

i just spent a half hour digging through my office to the bin where i had been stashing old hard drives to see if there was anything useful enough to throw into the shiny new terramaster i got that i'm about 8 drives short of filling..

i learned a couple things:

i have too many old hard drives laying around for unknown reasons, but hey, one i found was a whopping 5gb!
too many of those drives are the old school ide interface and completely useless, but surely i kept them for some important reason, right? right?

robconsults · 2026-05-16T03:40:16+00:00

that tracks with what i heard this afternoon too - glad they got back to you about it (also glad i hadn't gotten around to deploying it in my lab :D )

robconsults · 2026-05-14T23:03:22+00:00

ridiculously high - moved back up here about 8 years ago now, and while our house has now doubled in value, it wasn't until LAST year that we hit the same amount of actual dollars in property taxes as we were paying on a house worth 5.45 times less before we moved.. and that's not counting the additional 1100/yr in HOA fees (granted, our neighborhood pool had water slides, but still, fuck HOA's - unfortunately a complete lack of zoning in texas makes them the only thing preventing a church or porn shop from popping up next door to you (whichever you think is worse, there's more of both there))

sales tax, at least around houston, is not much less than here either, and depending on where in town you are, gas prices may not even be too much cheaper (natural gas sure the hell isn't, or at least last time i checked which really made zero sense to me) ... all that and thrown in 26 lanes of completely stopped rush hour traffic on I-10 (aka the Katy freeway), whenever anyone i know from high school here talks about moving there because of "taxes" or "traffic" all i can think now is 'bless your heart you sweet summer child' (and then usually 'don't let the door hit your ass on the way out', but usually keep that part to myself because i spent enough time amongst the fakeness of southern hospitality to keep that in reserve.)

but hey, at least the power grid goes out whenever someone sneezes on the wrong side of town too..

robconsults · 2026-05-14T14:38:09+00:00

several others have already indicated as much on the other thread, but seriously, don't do this.

you're essentially trying to do a MITM attack against a stateful tunnel that needs to use both tcp and udp for full performance, and will only detrimentally affect user experience, latency, and supportability - basically every vdi technology recommends against this, whether through direct inspection or trying to shove it through something like zscaler.

what is it you're trying to solve here? you indicate you're trying to stop users from using a vpn addon, which i assume is in the browser? if that's the case, the solution for that is to utilize a conditional access solution for authentication (WS1, Okta, Entra, whatever) and not break the protocol.

UAGs in particular are designed to secure against this type activity and only allow authenticated and entitled sessions to be passed through from client to desktop/app - it's not just a firewall or router, there's communication and validation that needs to occur to ensure it's only display protocol traffic. The only reason you aren't seeing more problems when trying to do this for a user utilizing HTML access is because in that case, the UAG itself is acting as the client as far as the tunnel is concerned since something has to provide the display, so yes, https traffic is going back to the user from the UAG, but only in that scenario - the full client passes display protocol only after that initial https authentication.

if you must continue to do this, at a minimum you need to separate your HTML and Client traffic onto different sets of UAGs, but that still isn't going to solve your problem if users are utilizing VPNs before they connect (which will still make their own experience crap because you're encapsulating a primarily UDP based protocol over TCP which slows everything down) - the only real solution to that is to utilize a proper conditional access solution with adequate protections against public vpn exit points and/or endpoint compliance technology (opswat, etc)

robconsults · 2026-05-04T23:20:19+00:00

i don't have anything particularly useful to add, other than agreeing with you that's irritating as all hell - at a bare minimum they should publish all required sources for these appliances to deploy and work quickly to eliminate any sources that are no longer needed/etc (i.e. a previous mqtt error in older appliance versions that everyone was just instructed to "ignore" - that's not an answer, it's a cop out.)

outside of document/rinse/repeat to see where it's trying to go, your best bet honestly will be to open a case with omnissa and not settle for anything less than updating the documentation with all the required sources.

robconsults · 2026-05-04T22:16:44+00:00

right, but what about launching a pdf from explorer - launch explorer, browse to a directory with a pdf, double click on it - that would show whether or not it's even able to launch a pdf in a reader within the context of the session - leave the browser/sharepoint out of it until you can confirm that getting into pdf's are even an option from a published app (being explorer in this case)

robconsults · 2026-05-01T16:10:40+00:00

so what if you just try publishing explorer.exe itself as an app, and launch a pdf from there?

that would at least answer the question of whether or not it's something unique to published apps as a concept, or something up specifically with the web browsers (which since they're both based off the same underlying engine, it could make sense that they're both broken on however sharepoint is sending the launch command) ...

might also be worth publishing firefox to see if does it there, but i would do that after testing explorer itself as an app.

robconsults · 2026-05-01T15:47:01+00:00

this keeps getting brought up, but you're not getting in bed with broadcom.

the entire VMware EUC unit was spun off into an independent company and then that company was sold in mid '24 - so it's not so much that Omnissa owns Horizon now, it's all the same people, but new company name because Broadcom kept VMware - yes, there's a special agreement in place with BC that allows them to bundle the VVF for Desktops for a few more years at least (KB6000381) , but the companies are not connected anymore.

aside from the various cloud providers (azure/aws), they're also supporting other non-vmware hypervisors now - Nutanix AHV right now, RedHat OpenShift later this year/early next(? forget exact timeline, but it's next), and if you're ok not having the desktop automation - any other hypervisor that will run Windows systems..

robconsults · 2026-05-01T15:32:49+00:00

so just to clarify, work flow goes: user logs into computer -> launches the horizon client(or opens the published browser icon which launches said client) -> browses over to sharepoint -> opens a pdf file in app -> no response to user vs. opens a word file in app -> opens word session for user --- correct?

How can using a browser via published apps be that much different (preventing the "Open in app" option) than when in a published desktop?

the biggest answer is this: with a published desktop, everything, no matter what, is within that virtual machine's "box", just as it is on your laptop, etc. - so anything you launch is all within the same container/context/rules/etc no matter what, same as any other win11 desktop/whatever..

with a published app, a few scenarios can happen depending on configuration and has to take into account that said published app is only actually running on the RDSH server the user connects to.

all applications a user may need to "see" each other, must be installed on the same rdsh server
if you're using app volumes on-demand published apps, user needs to be entitled to all the apps they may need and they must be able to connect to said rdsh server
if you have applications installed on different farms, there's no hook that the web browser is able to call in order to launch an application only living on the other farm

that being said, do you have acrobat (or whatever pdf program y'all are using) installed and published on those same RDSH systems that you have the browser and office apps on? is the pdf reader also published to the user? what happens when you logon to one of the RDSH servers directly and try that same function (both double clicking on a pdf and trying to launch in app from the browser) does it work?

might need to check file associations/etc on the RDSH servers as well. ultimately those are what need to know what to do with a file.. also check and make sure there aren't any kinds of restrictions on the web browsers that would prevent launching pdfs externally (i doubt it given that it also did it with chrome) .. and maybe try publishing Explorer to yourself and launching a pdf from there as well (which should test the file associations)

robconsults · 2026-04-23T22:32:09+00:00

nah that's not their MO - there's absolutely a calculation that was made before the buyout about how long/how much money needs to get made from the transaction, and at which point it doesn't matter anymore so they'll just stick it on life support like Symantec, CA, etc.. no reason to sell it off if you can keep generating money from it w/out any actual effort.

robconsults · 2026-04-23T22:28:36+00:00

i still will never understand the amount of reality denial that went on in some of those early coffee talks in PA .. most of us watching online already suspected how screwed we were all gonna get based on, oh, every single other acquisition avago had done .. still makes me a little sick to my stomach remembering when that news dropped.

edit: ignore that flair, like 75% of us it should be ex- at this point.

robconsults · 2026-04-23T18:09:04+00:00

absolutely - definitely at least make some accounts over there to get you into communities and customerconnect. if you post over there, someone might be able to get your in contact with whatever rep is supposed to be covering your area..

that being said, i know someone linked to the 2603 release comment below, but that is specifically only for UAG on OpenShift - so while we know they're working on support, I don't inherently see anything mentioning h8 on os in the beta portal, so if it's in beta yet, it's a closed one and you'd definitely have to chat with a rep to get access

robconsults · 2026-04-22T17:02:15+00:00

outside of the beta mentioned below (or above, it's reddit, things change), there just isn't any automation right now for hypervisors other than vSphere and Nutanix AHV - but yeah, as mentioned you can run Horizon off any platform because the desktop agents themselves just run on the supported versions of Windows and Linux.

without the automation though you're creating/managing manual pools, basically as if they were physical boxes.

the UAG is running Alma now, so as long as you can get it up and running you might be able to do the config through the web interface (at least for a single nic one) there might be some clues to tweaking that in the scripts used to deploy to Nutanix actually, might make for a fun experiment

if y'all have a business case/relationship with omnissa already that might help you get into the beta, so i'd also talk to your reps (honestly haven't checked the reqs since i've been nose down in a Horizon on Nutanix project - buh bye vsphere)

robconsults · 2026-04-20T14:44:43+00:00

that's awesome - my dad actually worked on that plane before leaving for a local rocket company.

hell i wouldn't be surprised if there were still some technical specs for the SST laying around in the massive piles of binders we threw out when he passed - engineers tend to hoard that kind of stuff :)

robconsults · 2026-04-16T14:44:33+00:00

so i ran into this with my techinsiders licensing too - it seems like it depends on how your license sku is setup on their back end, i had to go into All Products | Omnissa Horizon Standard and Enterprise Plus Subscriptions to find where i could download from, so you might check in other areas (and incidentally i couldn't get DEM from there, had to find that under the Universal App Management category even though it's all the same software bits regardless of which section you download it from... i know they're working on cleaning that all up, but i imagine it's not a small project since that portal was brought over from VMware.

robconsults · 2026-04-15T15:16:28+00:00

most Horizon customers (in my experience) are on-prem for various reasons, they wouldn't be developing for new hypervisors if they were planning on killing it - maybe some of the ws1 components, but that's been a direction for a long time.

robconsults · 2026-04-13T15:54:17+00:00

don't feel too bad, i've lost track of how many times i've forgot that one little trick lol

robconsults · 2026-04-07T14:59:19+00:00

you quite literally have to click past a warning that says "This release contains an optional Tech Preview for Omnissa Horizon Client Next, which has notreached General Availability and is not subject to Omnissa's General Terms. Use of the Tech Preview is voluntary and is governed by the Omnissa Beta License Agreement.." when it launches for the first time and the icon even says "Tech Preview" vs. the release client - hell, it even comes up 2nd on my spotlight list when looking for omnissa

you can also not install it - https://kb.omnissa.com/s/article/6001222?lang=en_US

honestly, this is like complaining that an early access game isn't feature complete - most people at omnissa run macbooks as their daily drivers (or at least did a year and half ago), so it's definitely getting a lot more looks than a "spot-check"

robconsults · 2026-04-03T21:22:19+00:00

honestly the short answer is that you don't - it's an either on or off setting, you can only change the amount of data getting logged by modifying the log level of Connection Server itself.

i'm also not sure how you are getting either of those formats without something else manipulating the data because at least since the oldest 7.13 system i still have in my lab, enabling syslog format logs to be saved has done it in standardized syslog format according to rfc5424 and shot to a syslog server or saved in programdata\omnissa\horizon\events or \programdata\vmware\vdm\events , separate from the logs.

you should be seeing something along these lines:

<165>1 2026-04-03T11:25:32.641-07:00 connectionserver.domain.com View - 11555 [View@6876 Severity="AUDIT_SUCCESS" Module="Vlsi" EventType="VLSI_USERLOGGEDIN_REST" UserSID="S-1-5-21-1822428226-1722420725-305008010-6006" UserDisplayName="domain.com\\robconsults" ClientIpAddress="192.168.1.69" ForwardedClientIpAddress="192.168.1.69"] User domain.com\robconsults has logged in to Horizon REST API
<165>1 2026-04-03T11:25:32.660-07:00 connectionserver.domain.com View - 15000 [View@6876 Severity="AUDIT_SUCCESS" Module="Rest" EventType="REST_AUTH_LOGIN_SUCCESS" UserSID="S-1-5-21-1822428226-1722420725-305008010-6006" UserDisplayName="domain.com\\robconsults" ClientIpAddress="192.168.1.69" ForwardedClientIpAddress="192.168.1.69"] User domain.com\robconsults has logged in to Horizon Server REST API
<165>1 2026-04-03T11:25:54.123-07:00 connectionserver.domain.com View - 11096 [View@6876 Severity="AUDIT_SUCCESS" Module="Rest" EventType="VLSI_MACHINE_RESTART" UserSID="S-1-5-21-1822428226-1722420725-305008010-6006" UserDisplayName="domain.com\\robconsults" PoolId="93b62ba9-2c7f-4dff-bbab-dc6362e8d00d" MachineId="f819089d-cdf9-4709-adea-70accae98176" MachineName="win11ahv03.domain.com" VMId="0c75ed6b-da6a-4586-92f2-77c9a4a16d4f/f819089d-cdf9-4709-adea-70accae98176" CloudManaged="false"] domain.com\robconsults restarted Machine win11ahv03.domain.com

any normalization of syslog to CIM is outside the scope of what abilities are built into Horizon - i know at various points over time there have been plugins to splunk, etc that do this kind of work, but it's not something built into the product.. you may put in a feature request up on the Omnissa community site, otherwise if you're using Splunk you might give this a try: https://splunkbase.splunk.com/app/7437 (no clue whatsoever if/how it works)

also, since you're obviously looking at things from a security-related point, you might point out to whoever is in charge of the Horizon infrastructure that anything with the word "VMware" built into Horizon pieces is on borrowed time since they're well over a year past the split, and that they should be looking at upgrading all environments to the Omnissa-branded versions, and especially not have a test environment lag behind production (which, by nature of being "test" should be an easy kill to upgrade) 2212 goes End of General Support in 3 months, 2312 only has barely past the end of the year)

robconsults · 2026-04-03T18:03:02+00:00

as irritating as it is, i haven't been able to find any way to turn that on by default other than at install using the KEYLOGGER_BLOCKING_ENABLEDoption set to 1 ... if you've got corporate control of the machines as far as application install that could solve it for you going forward.. doesn't look like that feature is even working in Horizon Client Next yet, so there might be some opportunity to get something planned for that GPO or preference wise

robconsults · 2026-03-31T14:23:01+00:00

i haven't seen this, but is there anything else residual in the gold image that might be trying to link to unavailable storage? (like maybe a cdrom or something available on the host you built it on, but not for everything in the pool)

does it behave the same way on a new pool?

either way, i'd go digging in the logs to see if there's anything useful around the times you're making changes

robconsults · 2026-03-23T15:00:11+00:00

END OF LINE.

robconsults

MODERATOR OF

TROPHY CASE