Horizon Client 5.4.3 for Mac | 09 July 2020
These release notes cover the following topics:
- Key Features
- What's New in This Release
- Before You Begin
- Resolved Issues
- Known Issues
Horizon Client for Mac makes it easy to access your remote desktops and published applications from your Mac with the best possible user experience on the Local Area Network (LAN) or across a Wide Area Network (WAN).
- Support for macOS High Sierra (10.13), macOS Mojave (10.14), and macOS Catalina (10.15) - Use a 64-bit Intel-based Mac to work on your remote desktop or published application.
- Unmatched performance - The adaptive capabilities of the PCoIP display protocol and the VMware Blast display protocol are optimized to deliver the best user experience, even over low-bandwidth and high-latency connections. Your remote desktop or published application is fast and responsive, regardless of where you are.
- Simple connectivity - Horizon Client for Mac is tightly integrated with VMware Horizon 6 and VMware Horizon 7 for simple setup and connectivity. Quickly reconnect to your remote desktop or published application by selecting shortcuts in Horizon Client.
- Secure from any location - At your desk or away from the office, your data is delivered securely to you wherever you are. Enhanced certificate checking is performed on the client. Horizon Client for Mac also supports optional RADIUS and RSA SecurID authentication.
Horizon Client 5.4.3 for Mac addresses the following issues:
- A privilege escalation vulnerability in the service opener. Attackers that have normal user privileges can exploit this issue to escalate their privileges to root on a system where Horizon Client is installed. The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2020-3957 to this issue. For more information, see VMSA-2020-0011.
- A privilege escalation vulnerability that exists due to improper XPC Client validation. Successful exploitation of this issue might allow attackers that have normal user privileges to escalate their privileges to root on a system where Horizon Client is installed. The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2020-3974 to this issue. For more information, see VMSA-2020-0017.
Horizon Client 5.4.2 for Mac fixes an issue with smart cards and macOS Catalina 10.15.4.
Horizon Client 5.4.1 for Mac fixes an issue that blocks connections to older version of Unified Access Gateway.
Horizon Client 5.4 for Mac includes the following new features:
- Two-factor authentication after remote session timeout
Beginning with Horizon 7 version 7.12, an administrator can configure two-factor authentication to occur after a remote session times out. For more information, see the VMware Horizon Console Administration document.
- Horizon Universal Broker support
You can use Horizon Client for Mac to access desktops from multi-cloud assignments in a cloud brokering environment. For more information, see About Horizon Universal Broker.
- OPSWAT integration support
You can use OPSWAT integration with Horizon Client for Mac. This feature requires Unified Access Gateway 3.9 or later. For more information, see OPSWAT Integration Requirements.
The user interface and documentation for Horizon Client are available in English, Japanese, French, German, Simplified Chinese, Traditional Chinese, Korean, and Spanish.
- Horizon Client requires a macOS High Sierra (10.13), macOS Mojave (10.14), or macOS Catalina (10.15) operating system running on a 64-bit Intel-based Mac.
- Horizon Client is supported with the latest maintenance release of Horizon 6 version 6.2.x and later releases.
- To install Horizon Client for Mac, download the disk image file from the VMware Horizon Client download page. For system requirements and installation instructions, see the VMware Horizon Client for Mac Installation and Setup Guide document.
2492112: Users cannot connect to a remote desktop after upgrading Horizon Client 5.2 or 5.3. The error message that they receive is "The connection to the remote computer ended."
The known issues are grouped as follows.USB Redirection
If you use the PCoIP display protocol, connecting some password-protected storage devices (such as IronKey USB flash drives) might not work correctly. For example, after you redirect the device to the remote desktop, the password prompt does not appear. The remote desktop shows that a new drive was added and so displays a new drive letter but no corresponding label to identify the device.
Workaround: Configure Horizon Client to automatically connect the device when you insert it. From the Horizon Client menu bar, select Desktop > USB > Autoconnect USB Devices on Insert.
When you insert an SD card into a Transcend USB 3.0 card reader attached to your Mac client system, the SD card is not mounted automatically. Because the SD card is not mounted on your Mac client system, the device does not appear in the Connection > USB menu in Horizon Client and you cannot use the USB redirection feature to connect the device to the remote desktop.
Workaround: Reinsert the SD card into the Transcend card reader. After the device is connected to the remote desktop, reinsert the SD card again to make the disk volume appear in the remote desktop.
If you use the USB redirection feature to connect a Transcend USB 3.0 external hard drive to a remote desktop from your Mac client system, files that you copy or move to the drive do not appear on the drive after you disconnect the drive from the remote desktop.
Workaround: Redirect the external hard drive to the remote desktop again. The files appear on the drive.
When you connect to a Windows remote desktop, start USB services, redirect a USB storage device to the remote desktop, disconnect from the remote desktop, and then try to reconnect to the remote desktop, either USB services are not available in the remote desktop or you cannot reconnect to the remote desktop. In Horizon Administrator, the state of the machine is Agent unreachable.
Workaround: If you are an end user, restart Horizon Client and try again. If you are a Horizon administrator, restart Horizon Agent in the machine.
After you connect to a remote desktop with the USB Automatically connect at startup setting enabled, the desktop connection is sometimes disconnected.
If you connect and then reconnect to a remote desktop with the USB Automatically connect at startup setting enabled, not all USB devices appear in the USB menu after you reconnect to the desktop.
Workaround: Eject and then reinsert the USB device. For internal Mac devices, you might need to restart the computer.
When you start the USB service on a macOS High Sierra (10.13) system, the System Extension Blocked dialog box appears.
Workaround: Click OK in the System Extension Block dialog box, navigate to System Preferences > Security & Privacy, and allow the extension to load.
On macOS 10.13 or later, if you are using a TokenD driver, the Keychain Access app does not refresh when you unplug and re-plug in a smart card/smart card reader, and the Mac client cannot obtain the update status for the smart card. Because of this issue, the following problems might occur in Horizon Client on macOS 10.13 or later:
- Smart card authentication does not work after you unplug and re-plug in a smart card/smart card reader.
- Smart card redirection might not work after you unplug and re-plug in a smart card/smart card reader several times.
- The Disconnect user sessions on smart card removal option in Horizon Administrator does not work.
- The smart card removal policy on the agent machine might not work.
Workaround: Switch to the CryptoTokenKit driver on macOS 10.13 or later. If you want to continue using the TokenD driver, for the smart card authentication issue, quit both Keychain Access and the Horizon Client app, relaunch Horizon Client, and perform smart card authentication again, making sure that Keychain Access is not launched. For the smart card redirection issue, reboot the Mac client machine, launch Horizon Client, and perform smart card authentication again, making sure that Keychain Access isn't launched. There is no workaround for the smart card removal policy issue with a TokenD driver.
If you set the Horizon Client security preference (VMware Horizon Client > Preferences > Security) to Do not verify server identity certificates and connect to a server that has a valid root-signed certificate, Horizon Client might stop responding.
Workaround: Unplug the smart card reader and then plug it back in.
With the IDPrime .Net card, when the SafeNet Authentication Client middleware is installed, you can view or change the smart card's cache type. If the cache type for the IDPrime .Net card is "Normal Cache," the client might not verify the smart card's PIN during server authentication when the smart card PIN is cached.
Workaround: Change the Cache Type to "Always Prompt" for the IDPrime .Net card. This setting enables the client to verify the smart card's PIN each time the user connects to the server.
If multiple Horizon clients connect to the same RDS desktop or remote application simultaneously and map to a location-based printer with the same name, the printer appears in the first client session, but not in later client sessions.
Workaround: For the client sessions in which the printer does not appear, perform a manual refresh. For a remote desktop, press F5 or refresh the Devices and Printers window. For a remote application, close and reopen the application print dialog box. The location-based printer appears in the printer list.
Sometimes the virtual printing feature and location-based printing feature are not able to display the correct list of printers in the Devices and Printers window of a remote, session-based desktop. This issue can occur with desktops provided by Windows Server 2012 RDS hosts. The printers shown within applications are correct, however.
Workaround: Log off the desktop running on the Windows Server 2012 RDS host and reconnect to it.
Keyboard shortcut mappings do not work if you are connected to a remote desktop or application and the Mac Input Source is Traditional Chinese or Korean.
Workaround: Before you connect to the remote desktop or application, switch to the English Input Source on the Mac client system. If you are already connected to the remote desktop or application, reconnect to the Connection Server instance and switch to the English Input Source on the Mac client system before you connect to the remote desktop or application.
If you launch a remote desktop with the PCoIP display protocol in full screen or window mode on an iMac with a Retina or monitor that supports a 5K display, and the screen size is more than 4K (4096 x 2160), auto fit does not work for the remote desktop if you change the display to full resolution.
Workaround. None. This problem is caused by a PCoIP limitation.
When you connect to a remote desktop that is running Windows 10 Creators Update with the VMware Blast display protocol, autofit fails when the desktop enters full screen with two displays.
Workaround: Resize the window and autofit recovers.
When you connect to a remote desktop with the VMware Blast display protocol from a Mac client system that has an NVIDIA GeForce GT 755M graphics card, the desktop stops responding.
Workaround: None. This is a third-party issue.
With the Session Collaboration feature, the primary session cannot see the cursor movement of the collaborative session if the primary session puts the cursor on an extended monitor.
Workaround: Move the cursor back to the primary monitor.
If you start a remote desktop with the VMware Blast display protocol in full-screen or window mode on an iMac that has a Retina display or a monitor that supports a 5K display with Full Resolution mode, and then disconnect and reconnect with the PCoIP display protocol, the connection fails and the remote desktop does not start.
Workaround: This problem is caused by a PCoIP limitation. Change to Normal mode and use the PCoIP or VMware Blast display protocol.
When you are using a remote desktop in full-screen mode on multiple displays, if you click Customize Touch Bar on the external display and click Done, the Open selection window and Launch Item List Touch Bar items do not work.
Workaround: This problem is a third-party issue. Apple fixed this issue in macOS 10.14 Mojave.
You might lose focus for the front window when you use the Touch Bar to switch between published applications that are hosted on Windows Server 2016. This problem can also occur when you press Command+~, or click the dock icon, to switch windows. This problem typically only occurs after switching windows several times.
Workaround: Use the mouse to click the window and regain focus.
Changes to webcam and audio devices that are connected to, or disconnected from, the Mac client system during a remote desktop session are not detected by the Real-Time Audio-Video feature.
Workaround: Disconnect and reconnect to your remote desktop session to detect webcam and audio device changes. For example, if you connect a USB headset to the Mac client system during a remote desktop session and you want to use that headset on the remote desktop, you must disconnect and reconnect to the remote desktop session to make the headset available.
If an administrator edits an application pool in Horizon Administrator and changes the path to point to a different application that already has an application pool associated with it, unexpected results can occur. For example, the original application might be launched from the Mac Dock instead of the new application.
Workaround: Make sure that each application in a farm is associated with only one application pool.
Users cannot launch an application from the Mac Dock if multiple application pools point to the same application in one farm, and if the application pool the users selected was created with associated parameters in Horizon Administrator. If a user saves the application in the Mac Dock and tries to open the saved item, the application fails to launch with the associated parameters.
Workaround: Make sure that each application in a farm is associated with only one application pool.
If you use Horizon Client on a new MacBook, and you use the USB-C port to connect to the network, you might notice poor performance when copying and pasting between a remote desktop to a shared folder.
If you select the Remember this password check box when you log in to a server, you cannot log in to the same server as a different user if the credential caching timeout period (clientCredentialCacheTimeout) on the server has not yet expired. Horizon Client will automatically use the saved credentials to log you in to the server.
Workaround: Remove the server from the Selector window (right-click the server icon and select the Delete menu item), click the Add Server button to add the server again, and then log in to the server as the different user.
On late 2016 MacBook Pro client systems, the response time of Windows Server 2016 hosted remote applications is slow in the first few seconds after you launch a Windows Server 2016 application or switch the top window between Horizon Client and the Windows Server 2016 application window.
Workaround: None. This problem is a third-party issue.
If you connect to a remote application for which the pre-launch feature is enabled on the Horizon server, and the Horizon Client reconnect behavior is set to "Ask to reconnect to open applications" or "Do not ask to reconnect and do not automatically reconnect," resumed application sessions are disconnected after the pre-launch timeout expires (default 10 minutes).
Workaround: Set the Horizon Client reconnect behavior to "Reconnect automatically to open applications."
With Moom 3.2.12 (3240), the Moom UI appears when you hover your mouse over the Close icon, not the maximize icon, in Office 2016 and 2019 apps.
You might lose focus for the front window when you use custom controls in the Moom app to move or resize published applications that are hosted on Windows Server 2016 or Windows Server 2019.
Workaround: To regain focus, use your mouse to click on the title bar of the application window.
Horizon Client for Mac stops responding if you unplug an external graphics processing unit (GPU).
You cannot start a VMware App Volumes application from the Dock on the client system.
Workaround: Start the application from Horizon Client, or use a shortcut.
The Moom user interface does not work for UWP published applications.