Released 21 May 2020

These release notes include the following topics:

What's New in This Release

VMware Horizon 7 version 7.10.2 includes bug fixes and security fixes.

For more information about the issues that are resolved in this release, see Resolved Issues.

Before You Begin

  • Important note about installing VMware View Composer
    If you plan to install or upgrade to View Composer 7.2 or later, you must upgrade the Microsoft .NET framework to version 4.6.1. Otherwise, the installation will fail.
  • Important note about installing VMware Tools
    If you plan to install a version of VMware Tools downloaded from VMware Product Downloads, rather than the default version provided with vSphere, make sure that the VMware Tools version is supported. To determine which VMware Tools versions are supported, go to the VMware Product Interoperability Matrix, select the solution VMware Horizon View and the version, then select VMware Tools (downloadable only).
  • If you want to install View Composer silently, see the VMware Knowledge Base (KB) article 2148204, Microsoft Windows Installer Command-Line Options for Horizon Composer.
  • This Horizon 7 release includes new configuration requirements that differ from some earlier releases. See the Horizon 7 Upgrades document for upgrade instructions.
  • For supported upgrade paths, see the VMware Product Interoperability Matrix.
  • Horizon 7.10.2 is an Extended Service Branch (ESB) that will receive periodic service pack (SP) updates, which include cumulative, critical bug fixes, and security fixes. See the VMware Knowledge Base (KB) article 52845 FAQ: Horizon 7, App Volumes, UEM Extended Service Branches (ESB) for detailed information of ESB. See the Horizon 7 Upgrades document for upgrading to SPs.
  • If you intend to upgrade a pre-6.2 installation of Horizon 7, and the Connection Server, security server, or View Composer server uses the self-signed certificate that was installed by default, you must remove the existing self-signed certificate before you perform the upgrade. Connections might not work if the existing self-signed certificates remain in place. During an upgrade, the installer does not replace any existing certificate. Removing the old self-signed certificate ensures that a new certificate is installed. The self-signed certificate in this release has a longer RSA key (2048 bits instead of 1024) and a stronger signature (SHA-256 with RSA instead of SHA-1 with RSA) than in pre-6.2 releases. Note that self-signed certificates are insecure and should be replaced by CA-signed certificates as soon as possible, and that SHA-1 certificates are no longer considered secure and should be replaced by SHA-2 certificates.
    Do not remove CA-signed certificates that were installed for production use, as recommended by VMware. CA-signed certificates will continue to work after you upgrade to this release.
  • After you have performed a fresh install or upgraded all Connection Server instances to Horizon 7 version 7.2 or later, you cannot downgrade the Connection Server instances to a version earlier than Horizon 7 version 7.2 because the keys used to protect LDAP data have changed. To keep the possibility of downgrading Connection Server instances while planning an upgrade to Horizon 7 version 7.2 or later, you must perform an LDAP backup before starting the upgrade. If you need to downgrade the Connection Server instances, you must downgrade all Connection Server instances and then apply the LDAP backup to the last Connection Server that is downgraded.  
  • Selecting the Scanner Redirection setup option with Horizon Agent installation can significantly affect the host consolidation ratio. To ensure the optimal host consolidation, make sure that the Scanner Redirection setup option is only selected for those users who need it. (By default, the Scanner Redirection option is not selected when you install Horizon Agent.) For users who need the Scanner Redirection feature, configure a separate desktop pool and select the setup option only in that pool.
  • Horizon 7 uses only TLSv1.1 and TLSv1.2. In FIPS mode, it uses only TLSv1.2. You might not be able to connect to vSphere unless you apply vSphere patches. For information about re-enabling TLSv1.0, see Enable TLSv1 on vCenter Connections from Connection Server and Enable TLSv1 on vCenter and ESXi Connections from View Composer in the Horizon 7 Upgrades document.
  • FIPS mode is not supported on releases earlier than 6.2. If you enable FIPS mode in Windows and upgrade Horizon Composer or Horizon Agent from a release earlier than Horizon View 6.2 to Horizon 7 version 7.2 or later, the FIPS mode option is not shown. You must do a fresh install instead to install Horizon 7 version 7.2 or later in FIPS mode.
  • Linux desktops use port 22443 for the VMware Blast display protocol.
  • Starting with Horizon 7 version 7.2, it is possible that the ordering of cipher suites can be enforced by Connection Server. For more information, see the Horizon 7 Security document.
  • Starting with Horizon 7 version 7.2, Connection Server must be able to communicate on port 32111 with other Connection Servers in the same pod. If this traffic is blocked during installation or upgrade, installation will not succeed.
  • Starting with Horizon 7 version 7.3.2, TLS handshakes on port 443 must complete within 10 seconds, or within 100 seconds if smart card authentication is enabled. In previous releases of Horizon 7, TLS handshakes on port 443 were allowed 100 seconds to complete in all situations. You can adjust the time for TLS handshakes on port 443 by setting the configuration property handshakeLifetime. Optionally, the client that is responsible for an over-running TLS handshake can be automatically added to a blacklist. New connections from blacklisted clients are delayed for a configurable period before being processed so that connections from other clients take priority. You can enable this feature by setting the configuration property secureHandshakeDelay. For more information about setting configuration properties, see the Horizon 7 Security document.
  • When the Remote Desktop Services role is not present, the Horizon Agent installer prompts you to install Horizon Agent in RDS mode or desktop mode.

Top of Page


The Horizon Administrator and Horizon Console user interface, Horizon Administrator and Horizon Console online help, and Horizon 7 product documentation are available in Japanese, French, German, Spanish, simplified Chinese, traditional Chinese, and Korean. For the documentation, see the Documentation Center for VMware Horizon 7.

Top of Page

Compatibility Notes

  • For the supported guest operating systems for Horizon Agent on single-user machines and RDS hosts, see VMware Knowledge Base (KB) article 2150295, Supported Windows Versions for Remote Desktop Systems for Horizon Agent.
  • If you use Horizon 7 servers with a version of View Agent older than 6.2, you will need to enable TLSv1.0 for PCoIP connections. View Agent versions that are older than 6.2 support the security protocol TLSv1.0 only for PCoIP. Horizon 7 servers, including connection servers and security servers, have TLSv1.0 disabled by default. You can enable TLSv1.0 for PCoIP connections on these servers by following the instructions in VMware Knowledge Base (KB) article 2130798, Configure security protocols for PCoIP for Horizon 6 version 6.2 and later, and Horizon Client 3.5 and later.
  • For the supported Linux guest operating systems for Horizon Agent, see System Requirements for Horizon 7 for Linux in the Setting Up Horizon 7 for Linux Desktops document.
  • For the supported operating systems for Connection Server, security server, and View Composer, see System Requirements for Server Components in the Horizon 7 Installation document.
  • Horizon 7 functionality is enhanced by an updated set of Horizon Clients provided with this release. For example, Horizon Client 4.0 or later is required for VMware Blast Extreme connections. See the VMware Horizon Clients Documentation page for information about supported Horizon Clients.
  • The instant clones feature requires vSphere 6.0 Update 1 or later.
  • Windows 7 and Windows 10 are supported for instant clones, but not Windows 8 or Windows 8.1.
  • See the VMware Product Interoperability Matrix for information about the compatibility of Horizon 7 with current and previous versions of vSphere.
  • For the supported Active Directory Domain Services (AD DS) domain functional levels, see Preparing Active Directory in the Horizon 7 Installation document.
  • For more system requirements, such as the supported browsers for Horizon Administrator, see the Horizon 7 Installation document.
  • RC4, SSLv3, and TLSv1.0 are disabled by default in Horizon 7 components, in accordance with RFC 7465, "Prohibiting RC4 Cipher Suites," RFC 7568, "Deprecating Secure Sockets Layer Version 3.0," PCI-DSS 3.1, "Payment Card Industry (PCI) Data Security Standard", and SP800-52r1, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations." If you need to re-enable RC4, SSLv3, or TLSv1.0 on a Connection Server, security server, View Composer, or Horizon Agent machine, see Older Protocols and Ciphers Disabled in View in the Horizon 7 Security document.
  • If a PCoIP Secure Gateway (PSG) has been deployed for PCoIP connections, zero client firmware must be version 4.0 or later.
  • When using Client Drive Redirection (CDR), deploy Horizon Client 3.5 or later and View Agent 6.2 or later to ensure that CDR data is sent over an encrypted virtual channel from an external client device to the PCoIP security server and from the security server to the remote desktop. If you deploy earlier versions of Horizon Client or Horizon Agent, external connections to the PCoIP security server are encrypted, but within the corporate network, the data is sent from the security server to the remote desktop without encryption. You can disable CDR by configuring a Microsoft Remote Desktop Services group policy setting in Active Directory. For details, see Managing Access to Client Drive Redirection in the Configuring Remote Desktop Features in Horizon 7 document.
  • The USB Redirection setup option in the Horizon Agent installer is deselected by default. You must select this option to install the USB redirection feature. For guidance on using USB redirection securely, see Deploying USB Devices in a Secure View Environment in the Horizon 7 Security document.
  • The Global Policy, Multimedia redirection (MMR), defaults to Deny. To use MMR, you must open Horizon Administrator, edit Global Policies, and explicitly set this value to Allow. To control access to MMR, you can enable or disable the Multimedia redirection (MMR) policy globally or for an individual pool or user. Multimedia Redirection (MMR) data is sent across the network without application-based encryption and might contain sensitive data, depending on the content being redirected. To ensure that this data cannot be monitored on the network, use MMR only on a secure network.
  • Before you set the level of Transparent Page Sharing (TPS) in Horizon Administrator, VMware recommends that the security implications be understood. For guidance, see the VMware Knowledge Base (KB) article 2080735, Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing.
  • To use View Storage Accelerator in a vSphere 5.5 or later environment, a desktop virtual machine must be 512GB or smaller. View Storage Accelerator is disabled on virtual machines that are larger than 512GB. Virtual machine size is defined by the total VMDK capacity. For example, one VMDK file might be 512GB or a set of VMDK files might total 512GB. This requirement also applies to virtual machines that were created in an earlier vSphere release and upgraded to vSphere 5.5.
  • Horizon 7 does not support vSphere Flash Read Cache (formerly known as vFlash).
  • In Horizon (with View) version 6.0 and later releases, the View PowerCLI cmdlets Get-TerminalServer, Add-TerminalServerPool, and Update-TerminalServerPool have been deprecated.
  • Screen DMA is disabled by default in virtual machines that are created in vSphere 6.0 and later. View requires screen DMA to be enabled. If screen DMA is disabled, users see a black screen when they connect to the remote desktop. When Horizon 7 provisions a desktop pool, it automatically enables screen DMA for all vCenter Server-managed virtual machines in the pool. However, if Horizon Agent is installed in a virtual machine in unmanaged mode (VDM_VC_MANAGED_AGENT=0), screen DMA is not enabled. For information about manually enabling screen DMA, see VMware Knowledge Base (KB) article 2144475, Manually enabling screen DMA in a virtual machine.
  • vGPU enabled instant clone desktop pools are supported for vSphere 2016 and later.
  • Microsoft Windows Server requires a dynamic range of ports to be open between all Connection Servers in the Horizon 7 environment. These ports are required by Microsoft Windows for the normal operation of Remote Procedure Call (RPC) and Active Directory replication. For more information about the dynamic range of ports, see the Microsoft Windows Server documentation.
  • In Horizon 7 version 7.2 or later, the viewDBChk tool will not have access to vCenter or View Composer credentials and will prompt for this information when needed.
  • The forwarding rules for HTTP requests received by Connection Server instances and security servers have changed at this release. If you have defined custom frontMapping entries in, you should remove them before upgrading. If you wish to disallow administrator connections to certain Connection Server instances, then instead of defining custom frontMapping entries, add this entry to

    frontServiceWhitelist = tunnel|ajp:broker|ajp:portal|ajp:misc|moved:*|file:docroot

    On security servers, this entry is applied automatically and does not need to be set in
  • Horizon Persona Management is not compatible with User Writable Volumes created with the UIA + Profile template.
  • In Horizon 7 version 7.0.3 or later, internal validation checks determine if the instant clone and internal template have valid IP addresses and a network connection. If a virtual machine has a NIC that cannot be assigned an IP address during provisioning, instant-clone provisioning fails.
  • NVIDIA GPU cards V100 and P100 are supported.
  • NVIDIA Quadro RTX 6000 24GB and Quadro RTX 8000 48GB are supported.
  • AMD v340 graphics cards are supported.
  • Real-Time Audio-Video (RTAV) is supported in an IPv6 environment.
  • See the VMware Product Interoperability Matrix for information about the compatibility of Horizon 7 with the latest versions of VMware Unified Access Gateway, VMware Identity Manager, VMware App Volumes, VMware User Environment Manager, and VMware Tools.
  • On VMware Cloud on AWS, instant clone desktop pools and desktop pools that contain full virtual machines are limited to 1000 desktops because of an NSX-t limitation on logical switches.
  • PCoIP is not supported with RDSH instant clone pools in an IPv6 environment. PCoIP is supported with remote desktops in an IPv6 environment.
  • True SSO and Smart Card based SSO/Logon are not supported with Horizon on Windows 10 2004.
  • When you deploy an instant clone as a RDS host, do not reboot the RDS host directly from within the Windows Server OS. Instead, refresh the instant clone VM using the push image workflow.
  • Instant clones with multiple-NIC configuration are not currently supported.

Top of Page

Supported Windows 10 Operating Systems

For an updated list of supported Windows 10 operating systems, see VMware Knowledge Base (KB) article 2149393,  Supported Versions of Windows 10 on Horizon 7.
For more information on upgrade requirements for Windows 10 operating systems, see VMware Knowledge Base (KB) article 2148176,  Upgrade Requirements for Windows 10 Operating Systems here.

Top of Page

Support for Red Hat Enterprise Linux Workstation

Horizon Agent for Linux supports installation on systems running Red Hat Enterprise Linux Workstation. Red Hat Enterprise Linux Server is not supported. 

In the Setting Up Horizon 7 for Linux Desktops document, all occurrences of "Red Hat Enterprise Linux" and "RHEL" refer to Red Hat Enterprise Linux Workstation only.

For the list of supported versions of Red Hat Enterprise Linux Workstation, see System Requirements For Horizon 7 for Linux.

Top of Page

Prior Releases of Horizon 7

Features that were introduced in prior releases are described in the release notes for each release, along with existing known issues.

Top of Page

Resolved Issues

  • 2448627: Before the Profile Management finishes synchronizing user data, the desktop is refreshed or deleted if refresh or delete on logoff policy is activated.


  • 2485412: Machine fails when the Persona driver is in a low memory condition and tries to change file information.

  • 2454721: A  memory leak occurs when enabling verifier against Persona driver VMWVvpfsd.sys.

  • 2448606: Persona agent machine part of a linked-clone pool with AV Appstacks attached may fail to shut down if shutdown is attempted after 15 minutes of logon.

  • 2477978: The error BROKER_PROVISIONING_ERROR_VM_CLONING occurs due to a timeout when you push a new instant-clone desktop pool image.

  • 2505337: Instant clone provisioning fails with the following error if the post-synchronization script is configured: Instant Clone agent initialization state error (19): Failed to execute postsync script (waited 5 seconds).

  • 2533908: Physical machines are marked as deleted by Connection Server and unregister messages to Horizon Agent sends Horizon Agent into an unreachable state.

  • 2488930: The Horizon Console web interface exports only 1 page of 15 pages of events.

  • 245538: Users can occasionally get a black screen when they reconnect to instant-clone desktops that use the Blast protocol with the Imprivata tap-in option.

  • 2420494: The Connection Server logs show "LMV_NO_OP_PERMISSION" because the global ADAM replication on replica servers cannot replicate when the UserPrincipalName of the computer account is changed with the SecurityPrincipalName.

  • 2371710: During an LDAP export, the DCT log collection script fails for the Connection Server.

  • 2472957: Some linked-clone virtual machines in the desktop pool may display a Blue Screen of Death (BSOD) when the linked-clone desktop pool’s recompose operation is started with the power policy set to “Power Off” and after the recompose operation finishes the power policy is changed to “Always On”.

  • 2486114: Following a Connection Server upgrade, if the Connection Server is setup with a two-way trust, the dashboard may not list the two-way trusted domain and the Connection Server debug logs show the following error : "The specified domain either does not exist or could not be contacted".

  • 2408560: A published application is launched in single-session mode on a remote pod instead of allowing multi-session mode.

  • 2177468: User Configuration GPO settings for  PCoIP session variables do not work.

  • 2355812: Unexpected Horizon Agent reboot identified by Microsoft as as issue with Vm3dmp.sys driver.

  • 2476169: A desktop pool VM connected with Blast might show a black screen when a large number of applications are open in the Blast desktop session.

  • 2417287: With NVIDIA GRID M10-4Q, P2000 or M4000, when a user logs in to a remote desktop running on vSphere 6.7 using the Blast protocol, the refresh rate is 20Hz and persists even if the user changes the rate to 60Hz.

  • 2532944: IME language bar remains on the screen even when the RDSH published application window or windows were closed. .

  • 2447128: Client Drive Redirection does not list the correct drive letter in the remote desktop when launched through Horizon Client.

  • 2490882: A Black Screen of Death (BSOD) occurs on the Persona Management driver vmwvvpfsd.sys because of an issue with an invalid call while populating Persona Management files from the remote to the local machine.

  • 2464062: Published desktop pools do not enable users to initiate separate sessions from different client devices.

  • 2496055: A large number of unauthenticated http requests on /favicon.ico increases the http session objects in the tomcat container and its concurrent hashmap holding the session data objects can get overloaded, resulting in the heap running out of memory, and bringing down the connection server services.

  • 2474215: Horizon console does not list more than 1000 desktop pools.

  • 2538032: Connection Server is unresponsive and VMs are stuck in maintenance mode because of the excessive load on the system due to a growing heap size.

  • 2545227: Microsoft Teams on a remote desktop using Blast cannot create a registry under HKCU\Software\VMware, Inc.\ and displays an error: ERROR_CHILD_MUST_BE_VOLATILE.

Known Issues

The known issues are grouped as follows.

Horizon Persona Management
  • After every login, Persona Management takes a long time to replicate the first user persona on a guest operating system that uses the "v6" version of the user profile.
  • When you log in to a Windows 10 LTSB machine using a persona profile and try to access redirected folders from Quick Access, such as Downloads or My Documents, you get this error:

    C:\Users\vdiuser7\Downloads is unavailable. Microsoft doesn't provide the API to add folder or file to Quick Access.
    Workaround: None

  • When you log into a VM configured with Persona Management for the second time, the Microsoft Edge browser crashes and an error message that states the OneDrive application has never been used appears. Additionally, the files and folders cannot be replicated properly. This issue occurs with Windows 10 build 1703 and later.
    Workaround: Disable the Persona Management setting Roam Local Settings Folders. When you disable this setting, the Microsoft Edge browser works properly but the OneDrive application is only available when you log in for the first time.

  • Offline icons are not displayed for files on a Windows Server 2012 virtual machine with Horizon Persona Management setting enabled.
    Workaround: None known.

  • After a successful initial login to a virtual machine with Horizon Agent installed on Windows 10 version 1703 CBB system and with Persona Management enabled, the "OneDrive -Bad Image error" message is displayed during subsequent login attempts.

    Workaround:   Do not use OneDrive on your Windows 10 version 1703 CBB system. In the Group Policy Management Editor, disable the "Roam local settings folders" setting in the Computer Configuration > Policies > Administrative Templates > VMware View Agent Configuration > Persona Management > Roaming & Synchronization folder.

  • Start menu does not work on Windows 10 2004 64-bit and 32-bit machines with Persona installed.

    Workaround: See KB 78047 for information.

View Composer
  • When you run View Composer installer on Windows Server 2016 with the latest Windows update from command line, you get a Microsoft
    .NET 4.6 framework error. This issue occurs because the CLI installer is not able to recognize latest version of Microsoft .NET 4.7.
    Workaround: Use the View Composer installer user interface to run the installer.

  • Creating or recomposing desktop pools fails after you upgrade the parent virtual machine from build 1511 to build 1607 of the Windows 10 operating system. Build 1607 is the Windows 10 Anniversary Update operating system.
    • Option 1. Perform a fresh installation of Windows 10 Build 1607 on the parent virtual machine.
    • Option 2. Do not select "Redirect disposable files"in the desktop pool creation wizard.
  • Connection to View Composer fails when you run the following command: viewdbchk.cmd –findMachine
    Workaround: Import the self-signed certificate for View Composer into Connection Server's keystore or use a custom CA certificate.

  • Due to recent changes to the Guest Customization utility on vSphere 6.7, during an Horizon 7 upgrade to version 7.5 you cannot use View Composer 7.5 with an earlier version of Horizon Agent for provisioning and recomposing linked-clone pools using the Sysprep customization method. The linked-clone desktops and farms get stuck indefinitely in the customization state during provisioning or recomposing operations.
    Workaround: Upgrade to the latest version of VMware Tools and upgrade Horizon Agent to version 7.5 on the parent virtual machine and take a snapshot of the upgraded parent virtual machine. Then, provision or recompose linked-clone desktop pools using the Sysprep customization method on vSphere 6.7.

  • Linked clones get stuck in the customizing state for Win2k12 Standard and Datacenter versions.
    Workaround: For more information on how to fix this issue, see the VMware KB article

Horizon Connection Server
  • During provisioning of an instant-clone desktop pool, if there is not enough space available on the data stores, the error message that is displayed in Horizon Administrator is "Cloning of VM <VM name> has failed -VC_FAULT_FATAL: Failed to extend swap file from 0 KB to 2097152 KB." This message does not clearly indicate the root cause of the problem.
    Workaround: Not required.
  • In Horizon Administrator, if you go to Catalog> Desktop Pools, double-click an instant-clone desktop pool, go to the Inventory tab and click Machines (Instant Clone Details), the window displays details of the instant clones. However, the OS Disk data store column displays no information.
    Workaround: None
  • In a large scale environment, some of the desktops in an instant-clone desktop pool might go into the Invalid IP state.
    Workaround: In Horizon Administrator, go to Pool Inventory, select the desktops in the Invalid IP state and click Recover.
  • When you restart or reset a virtual machine for which an end user session exists in a desktop pool from vCenter Server or from the Windows Operating System menu, the virtual machine restarts but the status of the virtual machine might appear in the “Already Used” state in Horizon Administrator.
    This problem can occur for the following pool types:
    • Instant-clone desktop pools.
    • Linked-clone floating desktop pools with "Delete on log Off" enabled.
    • Linked-clone floating desktop pools with "Refresh on log Off" enabled.
    • Full-clone floating desktop pools with "Delete on log Off" enabled.
    Workaround: Use Horizon Administrator or Horizon Client to restart or reset the virtual machine in the instant-clone desktop pool. If the virtual machine is already in the “Already Used” state, remove the virtual machine. This action automatically creates a new virtual machine based on the pool provisioning settings.
  • If you provision instant clones on local datastores, the corresponding hosts cannot be put into maintenance mode. This occurs because the internal VMs and the instant clones are stored on local datastores so they cannot be migrated.
    Workaround: Delete the instant-clone desktop pool. This will delete the related VMs and enable the corresponding hosts to enter maintenance mode.

  • ESXi host remediation that uses VUM fails if the instant-clone Parent VM is present on the host in a powered-on state
    Workaround: For more information,see the VMware Knowledge Base (KB) article 2144808, Entering and exiting maintenance mode for an ESXi host that has Horizon instant clones

  • Universal Windows Platform (UWP) applications are not supported as published applications on Windows Server 2016 and Windows Server 2019 RDS hosts.

  • For True SSO, the connectivity status between the Connection Server instance and the enrollment server is displayed only on the System Health Status dashboard for the connection server that you are using to access Horizon Administrator. For example, if you are using for Horizon Administrator, the connectivity status to the enrollment server is collected only for the server1.example.comconnection server. You might see one or both of the following messages:
    • The primary enrollment server cannot be contacted to manage sessions on this connection server.
    • The secondary enrollment server cannot be contacted to manage sessions on this connection server.
    It is mandatory to configure one enrollment server as primary. Configuring a secondary enrollment server is optional. If you have only one enrollment server, you will see only the first message (on error). If you have both a primary and a secondary enrollment server and both have connectivity issues, you will see both messages.
  • When you set up True SSO in an environment with CAs and SubCAs with different templates setup on each of them, you are allowed to configure True SSO with a combination of template from a CA or SubCA with another CA or SubCA. As a result, the dashboard might display the status of True SSO as green. However, it fails when you try to use True SSO.

  • In Horizon Help Desk Tool, the pod name does not appear if the session is a local session or a session running in the local pod.
    Workaround: Set up the Cloud Pod Architecture environment to view pod names in Horizon Help Desk Tool.

  • The Workspace ONE mode setting does not get reflected in the replica server from Workspace ONE.
    Workaround: Configure the Workspace ONE mode in Connection Server.

  • When you create full-clone desktop pools, sometimes wrong templates are displayed and valid templates are hidden due to a cache issue.
    Workaround: Restart Connection Server.
  • When you try to add a SAML authenticator in Horizon Administrator, the Add button is disabled on the Manage SAML Authenticators page.
    Workaround: Log in to Horizon Administrator as a user who has the Administrators or Local Administrators role.
  • In a Cloud Pod Architecture environment, pre-launched application sessions from global application entitlements are not shown in Inventory > Search Sessions in Horizon Administrator.
    Workaround: Log in to the Horizon Administrator user interface for a Connection Server instance in the hosting pod and select Monitoring > Events to view pre-launched session information.

  • Users that are assigned to 20 to 50 Cloud Pod Architecture global application entitlements have a 20 to 30 second delay while being authenticated to Horizon 7 when connecting through any version of Horizon Client.
    Note: In Horizon 7 version 7.2, this connection time is slightly improved.
    Workaround: None.

  • For Intel vDGA, only the Haswell and Broadwell series of Intel integrated GPUs are supported. Broadwell integrated GPUs are supported only on vSphere 6 Update 1b and later. Haswell integrated GPUs are supported on vSphere 5.5 and later. The GPU must be enabled in the BIOS before it can be recognized by ESXi. For more information, see the documentation for your specific ESXi host. Intel recommends leaving the graphics memory settings in the BIOS set to their default values. If you choose to change the settings, keep the aperture setting at its default (256M).
  • Provisioning of virtual machines based on View Composer desktop pools configured to use NVIDIA GRID vGPU fails with the following error: The amount of graphics resource available in the parent resource pool is insufficient for the operation.
    Workaround: Use a single vGPU profile for all virtual desktops configured for 3D rendering in a cluster.

  • For vCenter Server 6.0 U3 or later, including vCenter Server 6.5, internal parent VMs migrate to another host during failure. This migration causes an issue because unnecessary parent VMs reside on the destination host.
    Workaround: Manually remove these parent VMs. For more information, see the Setting Up Virtual Desktops in Horizon 7 document.

  • To reduce the possibility of memory exhaustion, vGPU profiles with 512 MB or less of frame buffer support only one virtual display head on a Windows 10 guest operating system.

    The following vGPU profiles have 512 Mbytes or less of frame buffer:

    • Tesla M6-0B, M6-0Q
    • Tesla M10-0B, M10-0Q
    • Tesla M60-0B, M60-0Q
    • GRID K100, K120Q
    • GRID K200, K220Q

    Workaround: Use a profile that supports more than one virtual display head and has at least one GB of frame buffer.

  • Published desktops and application pools fail to launch if they have the client restriction feature enabled and are entitled to a domain that is configured with a one-way AD trust.
    Workaround: None

  • After an upgrade, the option to add a farm is grayed out if you have a role with the "Manage Farms and Desktops and Application Pools" (object-specific privilege).
    Workaround: Edit the role or create the role again with the "Manage Farms and Desktops and Application Pools" privilege, which also adds the “Manage Global Configuration and Policies” privilege.

  • After an upgrade, the bookmarks do not appear in Workspace ONE.
    Workaround: Add the bookmarks from the catalog in Workspace ONE again.

  • After you disconnect and reconnect the network cable and click "Disconnect and Log Off" on the client machine, the remote desktop does not disconnect and log off.

    Workaround: Manually close the window of the remote desktop and disconnect from the remote session.

  • In Horizon Administrator, the ready to complete step does not does not display values for many fields during the cloning process for an automated pool containing full virtual machines. However, the cloning operation succeeds.
    Workaround: None.

  • When you create linked clones and full clones with the Sysprep customization method, customization and domain joining sometimes fails on Windows 10 guest operating systems.
    Workaround: This occurs because of a Microsoft Windows issue. To resolve this issue, follow the steps in the Microsoft Knowledge Base (KB) article:

  • You cannot create a linked-clone desktop pool  or farm in Horizon Console if there is no Horizon 7 license configured.
    Workaround: Use Horizon Administrator to create a linked-clone desktop pool or farm without a Horizon 7 license.

  • Log in to Horizon Console fails from the Microsoft Edge browser and log in to Horizon Console from the Internet Explorer browser displays only keywords instead of  icons. This issue occurs when you connect to a Connection Server or security server using an IP address instead of a DNS name.
    Workaround: Use a DNS name instead of an IP address when connecting. For more information, see the VMware Knowledge Base (KB) article

  • When you use Safari version 10.1.1 as the Web browser to log in to Horizon Console with a Fully Qualified Domain Name, user interface issues such as the bottom panels appearing blank can occur.
    Workaround: Safari version 10.1.1 is not a supported Web browser version for Horizon Console. Use a Safari version earlier than version 10.1.1 or version 11.0.2 and later to log in to Horizon Console.

  • The following user interface issues occur in Horizon Help Desk Tool for global Linux sessions in a Cloud Pod Architecture deployment:

    • An internal error occurred message appears, the Skype for Business status is not displayed, and the operating system version displays as “-” when you click the session details on the Details tab.
    • A “failed to get Remote Assistance ticket” message appears when you click Remote Assistance.
    • An internal error occurred message appears when you click the Applications tab.

    Workaround: None. Horizon Help Desk does not support the following user interface features for Linux desktops: Skype for Business status, Remote Assistance, Applications tab, and the session idle status.

  • Horizon Administrator does not update the space reclamation information for a vCenter Server on vSphere version 6.7 that uses the VMFS6 with the automatic UNMAP feature. 
    Workaround: None.

  • After an upgrade to Horizon 7 version 7.5, only the first Connection Server that was installed can connect to the enrollment server.
    Workaround: Stop the Horizon Connection Server service, remove certificates with the friendly name “” from the VMware Horizon View Certificates store, and restart the Horizon Connection Server service.

  • Single Sign-On does not work if you access Horizon Administrator in a timed out tab of Horizon Console and then click the Horizon Console link from Horizon Administrator.
    Workaround: Clear the website data in the browser and restart the browser.

  • Login to Horizon Console fails if you use the IP address to login to Horizon Console on a Google Chrome, Microsoft Edge, or Safari Web browser.
    Workaround: Use the Fully Qualified Doman Name (FQDN) to login to Horizon Console. For more information on using FQDN to log in to Web applications, see the Horizon 7 Security document.

  • Horizon Administrator displays null/null in the user name column in the Users and Groups page for the following users: Account Operators, Incoming Forest Trust Builders, Terminal Server License Servers, Windows Authorization Access Group, Server Operators, and Pre-Windows 2000 Compatible Access.
    Workaround: None.

  • After an upgrade to vSphere 6.7, you cannot use the custom specification created with a vSphere version earlier than 6.7.
    Workaround: After an upgrade to vSphere 6.7, create a new custom specification and use this specification for pool provisioning.

  • Horizon Help Desk Tool displays the logon time for both the brokering pod and the hosting pod but does not display the logon time for a pod that is neither the brokering pod nor the hosting pod. Horizon Help Desk Tool displays the logon time after a few minutes for the hosting pod if the brokering pod is a remote pod.
    Workaround: If Horizon Help Desk Tool does not display the logon time for the hosting pod, close the page that displays session details, wait 7-8 mins and navigate to the Details tab to view the session details again.

  • VMware Identity Manager sometimes fails to launch desktops. When you save SAML configuration details for the first time in VMware Identity Manager with SAML enabled on Connection Server, desktops do not start.
    Workaround: Save the profile again and perform a sync operation on the new profile. The sync operation can occur every hour or day, as set by the administrator.

  • Horizon Administrator on Chrome in incognito mode displays an error when you try to export a table's contents as CSV: The file cannot be exported because a file of the same name is currently open. Close the file and try again or use a different file name. 
    Workaround:  Use Horizon Administrator on Chrome in normal mode to export the table.

  • When you use Sysprep to customize Windows 10 linked clones on vCenter Server 6.7, the linked-clone desktops get stuck indefinitely in the customization state during provisioning or recomposing operations.
    Workaround: Use vCenter Server 6.5 U2 or earlier. If you must use vCenter Server 6.7, then use the Quickprep customization method.

  • In Horizon Administrator, you can add a remote access user as an unauthenticated access user. However, unauthenticated access users cannot get remote access from external gateways. The user will not be able to access virtual desktops and can only launch applications as an unauthenticated access user. If the user tries to login with normal access, an “Incorrect authentication type requested” error message appears.
    Workaround: None.

  • Horizon Single Sign On fails when the scope of the trust authentication setting is set to “Selective Authentication".
    Workaround: Use one of the following workarounds to resolve this issue.

    • Use domain-wide authentication.
    • Continue to use the “Selective Authentication” security setting, but explicitly grant each Horizon Connection Server host (local system) accounts the "Allowed to Authenticate" permission on all the domain controllers of the computer objects (resource computers) that reside in the trusting domain or forest. For information on how to grant the "Allowed to Authenticate" permission, see the Microsoft article Grant the Allowed to Authenticate permission on computers in the trusting domain or forest."
  • With the Cloud Pod Architecture feature, in certain circumstances RDS licensing servers issue multiple permanent licences to the same client in a mixed-mode licensing environment.

    Workaround: None. This problem is a third-party issue and is inline with the way Microsoft RDS license servers issue licenses, even without Horizon 7.

  • In Horizon Administrator, the “Use VMware Virtual vSAN” option does not appear as selected in the Storage Optimization step during the cloning process for a linked clone pool or an automated pool containing full virtual machines created on a vSAN datastore. However, the cloning operation is successful.
    Workaround: None.

  • The following issues occur when you browse the datastore while editing an automated desktop pool that contains full virtual machines:

    • On the vCenter Settings tab, click “Browse Datastore”, the minimum recommended GB value is displayed.
    • On the Provisioning Settings tab, increase the maximum number of machines, then select the vCenter Settings tab, and click “Browse Datastore.” The minimum recommended GB value increases but gets added to the existing value.
    • For a desktop pool that contains three machines with one available and one still in the customizing or provisioning phase, edit the desktop pool and then select the vCenter Settings tab, and click “Browse Datastore.” The minimum recommended GB value is displayed for the total of three machines.

    Workaround: Use Horizon Administrator to browse for a datastore while editing an automated desktop pool that contains full virtual machines to see the correct value for the minimum recommended GB storage.

  • The following issues occur when you browse the datastore while editing instant-clone desktop pools:

    • After an instant-clone desktop pool has all the machines in the available state, edit the desktop pool, on the vCenter Settings tab, click “Browse Datastore”. The Minimum Recommended (GB), Maximum Recommended (GB), and 50% Utilization values have positive values.
    • After an instant-clone desktop pool has all the machines in the available state, edit the desktop pool, on the Provisioning Settings tab, increase the maximum number of machines, then on the vCenter Settings tab click “Browse Datastore”. The Minimum Recommended (GB), Maximum Recommended (GB), and 50% Utilization values increase but get added to the existing value.
    • For a desktop pool that contains three machines with one available and one still in the customizing or provisioning phase, edit the desktop pool and then select the vCenter Settings tab, and click “Browse Datastore.” The Minimum Recommended (GB), Maximum Recommended (GB), and 50% Utilization values are shown for all three machines.

    Workaround: Use Horizon Administrator to browse for a datastore while editing instant-clone desktop pools to see the correct Minimum Recommended (GB), Maximum Recommended (GB), and 50% Utilization values.

  • After you create an automated desktop pool that contains full virtual machines with two or more names with the “#Unassigned machines kept powered on” value less than the actual names specified and then edit the pool, the “#Unassigned machines kept powered on” field does not accept a value equal to the total number of names specified during the pool creation process and displays an incorrect error message.
    Workaround: Use Horizon Administrator to edit the automated desktop pool that contains full virtual machines with two or more names to update the "#Unassigned machines kept powered on" field value correctly.

  • Attempts to connect to the HTML Access portal or one of the administration consoles using an IP address or CNAME fails for most browsers without additional configuration. In the majority of these cases, an error is reported but sometimes a blank error message is displayed.
    Workaround: To resolve this issue, see “Origin Checking” in the Horizon 7 Security document.

  • When configuring Skype for Business, there is an optional feature to enable Media Bypass which bypasses the Mediation Server.
    For Skype for Business optimized calls to and from PSTN users, media will always route through the Mediation Server regardless if Media Bypass is enabled.

    Workaround: None. Media Bypass is not supported with the Virtualization Pack for Skype for Business. See

  • If the same user exists in both Connection Server pods that need to be paired in a Cloud Pod Architecture environment, Horizon Administrator displays the value for “Source Pods” as 2 and sources the user from both pods. An administrator can edit the user from both pods, which might cause inconsistencies in user configuration during hybrid logon. Additionally, hybrid logon for the user cannot be disabled.
    Workaround: You must delete the user from both pods and then recreate the user and configure the user for hybrid logon.

  • In Horizon Administrator, the Logoff Session and Disconnect Session buttons are not disabled for remote sessions started from vCenter Server.
    Workaround: Use Horizon Console for remote sessions started from vCenter Server to get the functionality for disabled Logoff Session and Disconnect Session buttons. However, this does not work when you navigate to Inventory > Desktops, select a desktop pool and click the Machines tab or Machines (Instant Clone Details) tab or Machines (View Composer Details) tab.

  • Core-dump error messages are generated while adding Virtual Volumes datastores on nested ESXi or nested virtual ESXi.
    Workaround: None.

  • Both Horizon Administrator and Horizon Console display the internal folder names instead of the actual folder names when you browse a vSAN datastore to import a persistent disk.
    Workaround: None.

  • In both Horizon Administrator and Horizon Console, custom roles with the Manage Help Desk (Read Only) privilege are shown as being applicable to access groups.
    Workaround: None.

  • Users that have the Administrators (Read Only) role cannot see View Configuration > Cloud Pod Architecture in Horizon Administrator.
    Workaround: Use Horizon Console.

  • In Horizon Administrator, when you add or edit a linked-clone farm that uses vSAN datastores, Blackout Times is disabled.
    Workaround: Use Horizon console to set blackout times for a linked-clone farm that uses vSAN datastores.

  • In Horizon Administrator, the Rebuild button does not work in the machine summary of an automated desktop pool that contains full virtual machines.
    Workaround: In Horizon Administrator, use the rebuild functionality from Machines > vCenter Server.

  • When you add a vCenter Server to Connection Server using an existing PowerShell script, the following error message appears: Failed to add vc instance: No enum constant com.vmware.vdi.commonutils.Thumbprint.Algorithm.SHA-1. This issue occurs because the certificateEncoding property that indicates a certificate override for self-signed certificates is added in Horizon 7 version 7.8. Therefore, earlier versions of VMware PowerCLI scripts that have an incorrect value of SHA-1 fail.
    Workaround: Update the PowerShell scripts to use the property value DER_BASE64_PEM instead of SHA-1. For example, set $certificate_override.sslCertThumbprintAlgorithm = 'DER_BASE64_PEM'.

  • When a Universal Windows Platform (UWP) application is upgraded, the path containing the version changes, and the application is unreachable by the original path. The app status is Unavailable in Horizon Administrator and a user cannot launch the app.

    Workaround: Update the app path in Horizon Administrator after an upgrade and verify the app status is Available. Alternatively, do not upgrade the app.

  • When device filtering is configured for the client drive redirection feature, and a user uses the RDP display protocol to connect, device filtering does not work.

    Workaround: When device filtering is configured for client drive redirection, configure Connection Server so that RDP connections are not allowed.

  • The True SSO desktop unlock feature is supported in PCoIP and Blast protocols, but not in Remote Desktop Protocol (RDP).

  • In Horizon Console, the user or group summary fails to load due to domain trust issues in the following cases:

    • When users and groups belong to a one-way trust domain and the logged in administrator has the necessary permissions from a one-way trust domain.
    • When users and groups belong to a two-way trust domain and the logged in administrator has the necessary permissions from a two-way trust domain.
    • When users and groups belong to a one-way or two-way trust domain and the logged in administrator is from the child domain and has the necessary permissions.

    Workaround: Use Horizon Administrator to access the user or group summary.

  • In Horizon Console, some events might not be listed because the Connection Server time is set incorrectly with respect to the Connection Server time zone.
    Workaround: Use Horizon Administrator to view all events.

  • You can recover an instant-clone virtual machine with an active session. This occurs in both Horizon Administrator and Horizon Console.
    Workaround: None.

  • In Horizon Administrator and Horizon Console, when you remove vCenter Servers with detached persistent disks, Horizon Administrator still shows the disks from that vCenter, but the disks cannot be operated upon. Horizon Console does not show any detached disks, but displays internal error banners.
    Workaround: No known workaround. Verify that there are no detached disks from the vCenter Server before removal.

  • HTML Access is installed forcibly in a replica server when upgrading Connection Server.

    Workaround: See VMware Knowledge Base (KB) article 76142.

  • On rare occasions, after a virtual machine is upgraded from Windows 10 1903 to Windows 10 2004, the virtual machine might go to bugcheck after the virtual machine is rebooted.
    Workaround: Upgrade to Horizon 7 version 7.12.

  • If a Horizon 7 version 7.8 or later Connection Server is installed and then uninstalled on a virtual machine and then the Horizon 7 version 7.3.2 Connection Server is installed, which is later updated to a later version of Horizon 7 such as Horizon 7 version 7.8, then the following error appears: “Unable to load admin page with error. This page cannot be displayed.”
    Workaround: See

Horizon Agent for Linux

This section describes issues that might occur with Horizon Agent for Linux or when you configure a Linux desktop.

  • Sometimes the Collaboration window might not appear after you connect to a remote desktop and click the Collaboration UI icon.

    Workaround: Resize the desktop window or reconnect to the remote desktop.

  • Configuring four monitors at 2560x1600 resolution on RHEL 6.6 or CentOS 6.6 virtual machines in vSphere 6.0 is not supported.
    Workaround: Use 2048x1536 resolution or deploy this configuration in vSphere 5.5.

  • The Linux agent's keyboard layout and locale do not synchronize with the client if the Keyboard Input Method System is set to fcitx.
    Workaround: Set the Keyboard Input Method System to iBus.
  • Single Sign On (SSO) does not work well on a RHEL/CentOS 7.2 desktop when you add a domain using System Security Services Daemon (SSSD).
    Workaround: After you add a domain using SSSD, modify the /etc/pam.d/password-auth file using the information in the VMware Knowledge Base article 2150330 SSO configuration changes required when using SSSD to join AD on RHEL/CentOS 7.2 Desktops.

  • When a client user authenticating with smart card redirection connects to an Ubuntu 18.04/16.04 or SLED/SLES 12 SP 3 desktop and removes or reinserts the smart card before entering the PIN, the desktop does not appear to recognize the change.

    The desktop will only detect a change in the smart card's state after the user closes the prompt asking for the PIN.

    Workaround: At the prompt, enter the smart card PIN and click OK. Or click Cancel to dismiss the prompt without entering a PIN.

  • When a client user connects to an Ubuntu 18.04/16.04 or SLED/SLES 12 SP 3 desktop, "Error 2306: No suitable token available" appears on the login screen.

    This error message indicates that a smart card has been removed from the client system. The user can log in to the desktop by entering the user password or reinserting the smart card.


  • On Ubuntu 16.04, if the administrator attempts to disable smart card redirection by setting VVC.ScRedir.Enable to "FALSE" in the /etc/vmware/config configuration file, the desktop will hang at the login screen.

  • After connecting to an Ubuntu 16.04 desktop and entering the wrong PIN for smart card authentication, the client user encounters a login prompt to enter the user password instead of the smart card PIN.

    The client user can click OK to close the user password prompt. A new prompt appears asking the user to enter the smart card PIN.

  • On Ubuntu 18.04/16.04 and SLED/SLES 12 SP3, the desktop screensaver does not lock as expected when the user removes a smart card from the client system.

    By default, the desktop screensaver does not lock even after the client user removes the smart card used to authenticate into the desktop. To lock the screensaver under these conditions, you must configure pkcs11_eventmgr on the desktop.

    Workaround: Configure pkcs11_eventmgr to specify the correct screensaver behavior in response to smart card events.

  • After you install Horizon Agent with smart card redirection enabled (-m parameter set to "yes") on a RHEL 7.0 desktop, Horizon Administrator, Horizon Console, or vSphere may display a black screen. Smart card redirection is supported on desktops running RHEL 7.1 or later. The feature is not supported on RHEL 7.0 desktops.

    Workaround: Install Horizon Agent with smart card redirection enabled on a desktop running RHEL 7.1 or later.

  • If you configure two monitors with different resolutions, and the resolution of the primary screen is lower than that of the secondary screen, you might not be able to move the mouse or drag application windows to certain areas of the screen.
    Workaround: Make sure that the primary monitor's resolution is at least as large as the secondary monitor's.

  • When you use a smart card on a RHEL 7 desktop and enable the option to lock the screen upon removal of the card, the screen may lock immediately after you log in with the smart card. This is a known issue with RHEL 7.

    Workaround: To access the desktop, unlock the screen after logging in with the smart card.

Horizon Agent
  • In FIPS mode, Horizon Agent fails to pair with Connection Server and the pool status is not available when Horizon Agent is installed to a drive other than the C drive.
    Workaround: When operating in the FIPS mode, install Horizon Agent on the C drive.
  • A warning message about applications in use appears when you uninstall Horizon Agent on Windows Server 2016.
    Workaround: Click “Ignore” in the dialog box that appears when you use Windows Add or Remove Programs to uninstall Horizon Agent. If you uninstall Horizon Agent from the command line, use the command msiexec /x /qn {GUID of Agent} instead of the command msiexec /x {GUID of Agent}.
  • When you uninstall the Horizon Agent, the mouse speed becomes slow and jerky. Uninstalling Horizon Agent also uninstalls the vmkbd.sys driver.
    Workaround: Repair VMware Tools on the Horizon Agent virtual machine.

  • When upgrading from Horizon Agent 7.1 to Horizon Agent 7.2 on a Windows 7 guest operating system, a "Files in Use" dialog appears. The dialog states that the VMware Horizon Agent application is using files that need to be updated by the setup.
    Workaround: Click "Ignore" to proceed with the upgrade.

  • Windows 10 32-bit Horizon Agent installation throws "the arguments are invalid" exception and the installation continues after you click OK. This error occurs because the print spooler service is disabled.
    Workaround: Enable the print spooler service for the installation to work as expected.
  • Client Drive Redirection displays the network drive as the drive name when a user logs in for the first time or after a restart of the agent machine.

    Workaround: For a new user, if the first drive is shown as the network drive in CDR, in the registry path HKLM\Software\\Policies\\VMware, Inc.\\VMware tsdr DWORD InitExplorerWaitTimeout, change the default timeout value of 2000ms in InitExplorerWaitTimeout to a higher timeout value of 10000ms.

    If DWORD is not present, add it in this location: HKLM\Software\\Policies\\VMware, Inc.\\VMware tsdr.

  • On vGPU-enabled VMs, display lagging intermittently lowers FPS when interacting with the desktop, particularly 3D applications such as CATIA.

    Workaround: Add The Registry value "EncoderNvidiaExternalFBCEnabled" = "0" to [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\VMware, Inc.\VMware Blast\Config]

  • If a session owner is watching a video that has been accelerated using MMR during a collaboration session, the collaborators see a black screen instead of the video.

    Workaround: As a session owner, if you need to play a video during a collaboration session, do not use Windows Media Player or Internet Explorer to play the video, or disable MMR on pools where collaboration is enabled.

  • If a collaborator joins a multimonitor session and enables relative mouse mode on their client, it is possible for the mouse to move to a secondary monitor that the collaborator cannot see.

    Workaround: Move the mouse back on to the screen. Alternatively, don't use relative mouse mode in a multimonitor session.

  • If you use Chrome with URL Content Redirection, and you set ".*.google.*" for the https protocol in filtering rules and you set Google as your home page in Chrome, redirection to occurs each time you open a new tab.

    Workaround: Change the home page or the filtering rules.

  • When setting up a collaborative session, adding a collaborator by the email address from a two-way trusted domain fails.

    Workaround: Add the collaborator by using domain\user.

  • HTML5 Multimedia Redirection works for Edge in a pre-1803 Windows 10 virtual desktop, but after updating to the latest Windows 10 1803 version, such as 17133, redirection does not work, particularly for websites that use autoplay, such as

    Workaround: Force restart the Windows 10 virtual desktop.

  • Published applications do not get disconnected when the client session is idle, even when Idle Session Timeout is set with MaxIdleTime using the GPO or non-GPO method. A disconnect warning message appears, but the application is not disconnected.

  • After you perform a seek operation of streaming media using Multimedia Redirection, the audio and video are not smooth.

    Workaround: Wait for a few minutes or reopen the current streaming media.

  • Sometimes, when a user uses the HTML5 Multimedia Redirection feature to play a YouTube video in the Edge browser, the video keeps buffering and there is no image or sound.

    Workaround: Refresh the page.

  • After you connect to a remote desktop that has the Real-Time Audio-Video feature enabled, you might see the following message: "Your PC needs to be restarted to finish setting up this device: devicename (VDI)."

    Workaround: You can ignore this message as the device is usable in the remote desktop. Alternatively, you can turn off the Windows Settings notification to prevent the message from being displayed.

  • If you are connected to a desktop with multiple high resolution monitors (4K) and you play a video in full screen with the new Blast codec, the playback performance may be poor (low frame rate).

    Workaround: Use H.264 to play videos in full screen.

  • Users cannot use a serial printer with the serial port redirection feature when Horizon Agent is installed in an RDS host if the agent group policy setting COM Port Isolation Mode is set to Full Isolation (the default setting). This problem affects both Windows and Linux clients. This problem does not occur for virtual desktops.

    Workaround: Edit the COM Port Isolation Mode group policy setting, change the mode to Isolation Disabled, and restart Horizon Agent. For more information, see "Serial Port Redirection Group Policy Settings" in the Configuring Remote Desktop Features in Horizon 7 document.

Horizon GPO Bundle
  • Computer-based global policy objects (GPOs) that require a reboot to take effect are not applied on instant clones.
    Workaround: See the VMware Knowledge Base (KB) article, 2150495.

  • A GSSAPI_ERROR message appears when you initially login with username and password and try to recursively unlock using smart card authentication to login to a local machine that has the group policy setting "Unlock remote sessions when the client machine is unlocked" enabled, and then Log In As Current User from Horizon Client.
    Workaround: Disable Log In As Current User from Horizon Client and manually unlock the virtual desktop using the username and password.

  • In a nested mode configuration where the first-level desktop (the machine where Horizon Client and Horizon Agent are installed) is a virtual desktop and the second-level desktop is a published desktop, the “Specify a filter in redirecting client printers” group policy setting does not affect the second-level desktop if you configure it in the first-level virtual desktop.

    Workaround: If you want to filter printers for the second-level desktop, configure the “Specify a filter in redirecting client printers” group policy in the second-level desktop.

Horizon Client

This section describes problems that end users might encounter when using Horizon Client or HTML Access to connect to remote desktops and applications. For problems that occur only in a specific Horizon Client platform, see the Horizon Client release notes on the Horizon Clients Documentation page.

  • The profile data is missing for multiple user sessions on RDS hosts. This issue occurs when the sessions are in the disconnected state but the task manager on the RDS host still shows these sessions.
    Workaround: Delete the sessions from the RDS host or log the user off from the published desktop or application.

  • When you log in to Workspace ONE, the pre-launch application session is not triggered. Pre-launch sessions are triggered only when there is a successful login to Connection Server from Horizon Client.
    Workaround: Manually start an application or desktop from Workspace ONE to trigger the applications enabled for pre-launch to be started.

  • Using the VMware Blast display protocol and with Blast Secure Gateway (BSG) disabled, Horizon Client sometimes cannot recover from a brief (about 1 minute) network outage and the connection to the desktop is disconnected. This issue does not occur when BSG is enabled.
    Workaround: Reconnect the session.
  • The RDS host stores only one set of application data for the first application launch of a session. Any subsequent application launch data is lost.
    Workaround: Log off the session and launch another application to store that data.

  • Desktops fail to start when you use HTML Access from Internet Explorer or Microsoft Edge Web browsers to connect to Connection Server, security server, or replica server on a Windows 10 client operating system. This issue affects desktops with Windows 10 N, Windows 10 KN, Windows 7 N and Windows 7 KN guest operating systems.
    Workaround: Use Firefox or Google Chrome Web browsers for HTML Access.

  • For Intel vDGA, multiple-monitor support is limited to no more than 3 monitors. The Intel driver supports only up to 3 monitors with a resolution of up to 3840 X 2160. If you try to connect with 4 monitors, the connection shows 3 black screens with just one screen working.
  • If a VDI desktop is in a remote location and experiencing high network latency, then a recursive unlock using smart card authentication might not work.
    Workaround: Unlock the desktop manually.

  • If a user of a Windows 8 remote desktop logs in using Kerberos authentication, and the desktop is locked, the user account for unlocking the desktop that Windows 8 shows the user by default is the related Windows Active Directory account, not the original account from the Kerberos domain. The user does not see the account he or she logged in with. This is a Windows 8 issue, not directly a Horizon 7 issue. This issue could, but does not usually, occur in Windows 7.

    Workaround: The user must unlock the desktop by selecting "Other user." Windows then shows the correct Kerberos domain and the user can log in using the Kerberos identity.

  • When you use the Ambir Image Scan Pro 490i to perform a scan on a remote desktop or application, the dialog box always displays “Scanning…” and does not complete.
    Workaround: Perform a scan on the client. The client scan calibrates the scanner. After the calibrate operation is finished, run the scan within the remote desktop or application.
  • Unicode keyboard input does not work correctly with HTML Access in Horizon 7 for Linux Desktops.

  • When you connect to a Linux desktop, some keyboard inputs do not work. For example, if you are using a non-English IME on both the client device and the remote desktop, some non-English keys are not displayed correctly.
    Workaround: Set the English IME on the client device and set the non-English IME on the remote desktop.
  • Sometimes an audio call does not start correctly from Skype to Skype for Business. The call status is "Connecting call..." on the Skype for Business client.

    Workaround: None.

  • If you use Skype for Business inside a non-persistent desktop, you might reach the Skype for Business limit of 16 device certificates. When this limit is reached and Skype for Business attempts a new logon, a new certificate will be issued and the oldest assigned certificate will be revoked.

  • If you launch Horizon Client 4.8 for Linux or earlier with FIPS mode is enabled, and you try to connect to Horizon Agent 7.6 or Horizon Connection Server 7.6 or later with FIPS mode enabled, the error message "Invalid license info for rds-license: Missing client id" appears.

    Workaround: To use Horizon Client for Linux with FIPS mode enabled to connect to Horizon Agent 7.6 or later or Horizon Connection Server 7.6 or later with FIPS mode enabled, use Horizon Client 4.9 for Linux or later.

  • The default self-signed TLS server certificate generated on Unified Access Gateway, Horizon Connection Server, and Security Server might not be usable by Chrome browsers, Safari browsers, or VMware Horizon clients running on macOS 10.15, iOS 13, and Chrome OS 76. This problem can happen because the requirements for trusted TLS server certificates have been changed by Apple in these OS versions. The default self-signed certificates do not currently meet these new requirements. If the connection to Horizon from a client is through an intermediate load balancer or proxy that terminates TLS, the new certificate requirements must also be met on those devices. On Horizon Client for Mac on macOS 10.15, "Warn before connecting to untrusted servers" mode might not continue without verifying the self-signed certificate, the "Untrusted server connection" dialog box pops up with the error message "VMware Horizon Client cannot verify your connection. Contact your administrator.", and only the "Show Certificate" and "Do Not Connect" buttons are available.

    Workaround: VMware generally recommends that the default self-signed TLS server certificate on these products is replaced by a trusted CA signed certificate for the environment. This recommendation is always a good security practice. In this situation, as long as the trusted CA-signed certificate meets the new Apple requirements, the problem does not occur. An alternative workaround for macOS and iOS Horizon clients is to set the SSL Configuration to not verify server certificates. For more information on the Apple certificate requirements, see

Horizon JMP Server and JMP Integrated Workflow
  • In an environment where multiple JMP servers are installed, conflicts might occur when creating or deleting JMP assignments if more than one JMP server refers to the same User Environment Manager configuration share.

    Workaround: None.

  • If you configured your JMP settings to use only one VMware App Volumes Manager and if during a JMP assignment creation you selected a desktop pool whose Horizon Agent is not pointing to that configured App Volumes Manager, you can still select AppStacks from the App Volumes Manager instance that is pointed to by the desktop pool's Horizon Agent. Also, if you configured your JMP Settings to use multiple App Volumes Manager instances, even if you select a desktop pool whose Horizon Agent points to one of those App Volumes Manager instances, you can still select the AppStacks from the other App Volumes Manager instances configured in your JMP settings. However, when the desktop pool is launched, the AppStacks selected from that other App Volumes Manager are unavailable.

    Workaround: None.

  • If an AppStack that is currently used by an existing JMP assignment is renamed using the App Volumes Manager or by editing the JMP assignment, the summary page of existing JMP assignments does not get updated with the new AppStack name.

    Workaround: None.

  • If you have two Horizon 7 instances that are registered with the same JMP Server instance and use the same App Volumes Manager, deleting a JMP assignment from one Horizon 7  instance can delete the AppStacks assignments used by another JMP assignment in the other Horizon 7  instance.

    Workaround: None.

  • When adding or editing Active Directory information in the JMP Settings page, the operation fails if the value entered for Bind User Name contains one or more of a range of 30 triple-byte Chinese characters, such as the '试' character, that cause the Active Directory authentication to fail.

    Workaround: Use another bind user name from your Active Directory that has administrative privileges and does not contain any of the 30 triple-byte Chinese characters. such as the '试' character.

  • When adding or editing App Volumes Manager instance information in the JMP Settings page, the operation fails if the value entered for Service Account User Name contains one or more of a range of 30 triple-byte Chinese characters, such as the '试' character, that causes the App Volumes Manager instance authentication to fail.

    Workaround: Use another bind user name from your App Volumes Manager instance that has administrative privileges and does not contain any of the 30 triple-byte Chinese characters, such as the '试' character.

  • The Drive Mapping settings that were mapped using VMware User Environment Manager version 9.2.1 are not visible when Windows 10 1703 desktop pool is launched.

    Workaround: After the Windows 10 1703 desktop pool is launched, execute the following command.

    C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe -UemRefreshDrives

    See the VMware Knowledge Base (KB) article for additional information.

  • If you access Horizon Console using localhost, the error message "JMP server is not reachable at the moment." is displayed on the JMP Settings pane of Horizon Console.

    Workaround: Access Horizon Console using a fully qualified domain name (FQDN) only, instead of using localhost. 

  • While creating a new JMP assignment, the following warning message might appear in the Applications tab: "The App Volumes instance associated with the selected desktop pool does not match any of the registered App Volumes instances." This issue occurs when one of the following is true:

    • The App Volumes Agent used in the desktop pool was installed using an IP address instead of a fully qualified domain name (FQDN)
    • The App Volumes Agent used in the desktop pool was installed using an FQDN, but the App Volumes Manager instance's IP address was registered in the JMP settings instead. 

    Workaround: Re-install the App Volumes Agent using an FQDN and use the FQDN when registering the App Volumes Manager instance in the Settings (JMP)  > App Volumes tab.

  • While installing VMware Horizon JMP Server, the JMP Server installer failed to continue because McAfee Antivirus detected NSSM.EXE as a threat.

    Workaround: Add the following files to the McAfee Antivirus exclusion list before you reinstall JMP Server.
             C:\Program Files (x86)\VMware\JMP\nssm-2.24\nssm-2.24\win32\nssm.exe 
             C:\Program Files (x86)\VMware\JMP\com\xmp\node_modules\winser\bin\nssm.exe

  • If you selected the Authorize the local Administrator group option during the Horizon 7 Connection Server installation, which creates a BUILTIN\Administrators group instead of <domainName>\Administrator, adding the JMP Server information using Horizon Console fails with the error message "Insufficient Horizon Privileges".

    Workaround: Using Horizon Administrator, register <domainName>/administrator with full administrator access.  Log  back in to Horizon Console and add  the JMP Server information.

  • While you are creating a JMP assignment and you hover over an instant-clone desktop pool, the value shown for the 3D Renderer option is Disabled instead of Manage using vSphere Client.

    Workaround: None.

  • JMP Server registration fails when the scope of the trust authentication setting is set to “Selective Authentication.”

    Workaround: Use one of the following workarounds to resolve this issue.

    • Use domain-wide authentication.
    • Continue to use the “Selective Authentication” security setting, but explicitly grant each Horizon Connection Server host (local system) accounts the "Allowed to Authenticate" permission on all the domain controllers of the computer objects (resource computers) that reside in the trusting domain or forest. For information on how to grant the "Allowed to Authenticate" permission, see the Microsoft article Grant the Allowed to Authenticate permission on computers in the trusting domain or forest.
  • JMP assignments do not work as expected because information about the App Volume Manager used by the desktop pool and the User Environment Manager version used by JMP Server could not be determined.

    Workaround: When configuring a desktop pool, set  the Number of spare (powered on) machines value to 1 or more in the Desktop Pool Sizing section of the Provisioning Settings pane. In addition, if you selected the Provision machines on demand option in the Provisioning Timing section, set the Min number of machines value  to 1 or more.

  • When the JMP Server version 1.0.2.x installer file is run on a host that currently has JMP Server version installed, the installation process does not proceed.

    Workaround: Use the Control Panel to uninstall JMP Server version Run the installation file for JMP Server version 1.0.2.x and follow the wizard to complete the installation. Provide the same SQL Server database information during the installation process to preserve any data you had with the JMP Server version installation.

  • In the following scenarios, your JMP Server instance becomes unusable after you attempt to upgrade your current installation using JMP Server installer version, the upgrade fails, and the installation rolls back.

    • The SQL Server database certificate is missing in your JMP Server installation and the Enable SSL check box is selected during the upgrade.
    • The JMP Server upgrade is done by choosing the Windows Authentication connection mode, but a SQL Server login account was not created for the JMP Server host system.  
    • You cancelled the upgrade operation by clicking Cancel.

    Workaround: Try upgrading again by re-running the JMP Server installer version You must re-enter the same SQL Server database information that you used to install the previous JMP Sever version.  After a successful upgrade, verify that all the certificates that you had configured for JMP Server are still intact. Depending on when the installation failure or cancellation occurred, the certificates might have been altered.

  • When you attempt to add a User Environment Manager (UEM) configuration share, the following error may appear: runOne] Error running file_share.createFileShare { code: 400,\n took: 221,\n data: {},\n error: 'Unable to create file share <fileshare-unc-path>.'

    Adding a UEM configuration share fails when the password for the UEM configuration share contains one of the following characters: “ #+,;<>=\~

    Workaround: Use a different password containing one of these allowed characters: !$%&'()*-./:?@[]^_`{|}

Horizon Cloud Connector
  • When you use the HTML5-based vSphere Web client to deploy the Horizon Cloud Connector virtual appliance OVA file, the following error occurs: “Invalid value 'false' specified for property proxySsl. Failed to deploy OVF package.”
    Workaround: Use the Flex-based or the Flash-based vSphere Web Client to deploy the Horizon Cloud Connector virtual appliance OVA file.

  • When starting Horizon Cloud Connector, you encounter the message "[FAILED] Failed to start Wait for Network to be Configured. See 'systemctl status systemd-networkd-wait-online.service' for details."

    This message is displayed incorrectly and does not indicate an actual problem with the network. You can disregard the message and continue to use Horizon Cloud Connector as usual.

check-circle-line exclamation-circle-line close-line
Scroll to top icon