check-circle-line exclamation-circle-line close-line

VMware Horizon Cloud Service Release Notes - v2.0 - July 2019

VMware Horizon® Cloud Service™ | Release Date 4 July 2019

VMware Horizon® Cloud Service™ on Microsoft Azure | Version 2.0

These release notes apply to the service release that went live on July 4, 2019. For pods deployed into Microsoft Azure, these release notes apply to software manifest versions 1493 and later. For the release notes of earlier manifest versions for pods deployed into Microsoft Azure, see the release notes for previous Horizon Cloud releases by using the links listed in the left-hand navigation pane at https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/index.html.

This document's contents were last changed for the go-live date of this service release.

This document is revised periodically when the Horizon Cloud Service itself is updated, so that you have current information about the service. Check back for additions and updates to these release notes. For revisions made after the service release date, look for the red Updated text in the document below.

Documents updated in this release include:

What's in the Release Notes

The release notes cover the following topics:

About VMware Horizon Cloud Service

VMware Horizon Cloud Service provides visibility, health monitoring, help desk services, and end-user workspaces for cloud-connected pods. Cloud-connected pods can be VMware Horizon 7 pods using on-premises capacity, Horizon 7 pods using VMware Cloud on AWS capacity, and pods using Microsoft Azure capacity. The overall environment consists of the VMware-hosted cloud service, your provided capacity, and VMware software deployed into that capacity.

For example, you can use the Horizon Cloud Administration Console for unified health monitoring and multi-pod workspace assignments for two cloud-connected Horizon 7 pods, one using on-premises capacity and the other using VMware Cloud capacity. Such multi-pod workspace assignments create global entitlements across those cloud-connected Horizon 7 pods. For pods in Microsoft Azure, you can use Horizon Cloud to create master images, from which the pods can provision virtual desktops and remote applications that your end users can securely access from any device.

New Features in this Release

Note: New features for Horizon 7.9, including Cloud Connector, are contained in the release notes for that product. Horizon 7.9 documents are linked from the VMware Horizon 7 Documentation page.

This VMware Horizon Cloud Service July 2019 release includes the following new features. For details about these features, see this release's Administration Guide.

  • Horizon Cloud Service has a new look and feel for the login screen and the Horizon Cloud Administration Console.
  • Enhanced reporting including pre-built reports covering VDI and RDSH Desktop usage, VDI Applications usage, and Users, from Horizon 7 (on-premises and VMware Cloud on AWS) to Horizon Cloud on Microsoft Azure.
  • Unified Dashboard now contains information on deployment health, sessions, and issues across all your connected pods. 
  • Create Desktop Entitlements across multiple Horizon 7 Pods deployed on-premises and on VMware Cloud on AWS from the Horizon Cloud Administration Console.
  • Cloud Monitoring Service now supports Horizon 7 on-premises and Horizon 7 on VMware Cloud on AWS.
  • Support for all Microsoft Azure VM Types and Sizes for VDI and RDSH Farms for Horizon Cloud on Microsoft Azure.
  • Support for a custom role when creating the Microsoft Azure Service Principal for Horizon Cloud on Microsoft Azure.
  • Improved security in Horizon Cloud Service by ending use of TLS 1.1 starting with this release.

Environments, Operating Systems, and Compatibility

  • Compatibility with other VMware Products: For the most recent information about compatibility between this product and other VMware products, see the VMware Product Interoperability Matrices.
  • Browser Experience: The Administration Console is compatible with recent versions of Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, and Microsoft Edge. Even though you can try using Apple Safari, use of the Administration Console in Apple Safari is not supported in this release.
  • Microsoft Azure Cloud Support: For Microsoft Azure deployments, the service is currently available in the following Microsoft Azure cloud environments:
    • Microsoft Azure (standard global regions)
    • Microsoft Azure in China
    • Microsoft Azure Germany
    • Microsoft Azure Government (US Gov Virginia, US Gov Arizona, US Gov Texas)
  • Supported Microsoft Windows Operating Systems: In the service's Microsoft Azure deployments, the following Microsoft Windows operating system editions and versions in the Azure Marketplace are the ones supported for use in this release, regardless of whether you use the automated or manual method of deploying an image in this release.
    • For RDS images used in farms: Microsoft Windows Server 2012 R2 Datacenter Edition, Microsoft Windows Server 2016 Datacenter Edition, Microsoft Windows Server 2019
    • For VDI images: For the list of supported operating system versions, see the Horizon Cloud Service Windows 10 Support information that is posted in the Documents area of the Horizon Cloud Service community.
  • Supported Horizon Client versions for Microsoft Azure deployments: This release supports the use of the following Horizon Client versions with the desktops and remote applications delivered by the service's Microsoft Azure pods, as listed below. You can obtain the Release Notes for the Horizon Client versions from the VMware Horizon Client Documentation page at docs.vmware.com/en/VMware-Horizon-Client/
    • With RDS-based session desktops and remote applications: Horizon Client versions 4.10, 5.0, and 5.1 
    • With VDI desktops: Horizon Client version 4.10, 5.0, and 5.1
    • The VMware Horizon HTML Access client does not support certain features when used in mobile browsers. Also, even though the Horizon Client supports copying and pasting text between a client's local system and a VM out of the box, for HTML Access, you must configure this feature before your end users can use it. For more information, see the VMware Horizon HTML Access documentation page and search for the information in the most recent User Guide and Installation and Setup Guide.
  • Supported NSX Cloud versions with Microsoft Azure deployments:  For pods at this release's manifest version (new pods or upgraded pods), using NSX-T Data Center 2.4 is recommended. For pods at the prior release's manifest version, the NSX-T Data Center patch release (patch release 2.3.0.1.0, build 10539383) will continue to work. Note: When using NSX-T Data Center 2.4, additional configuration steps are needed on the forwarding policies for the NSX-managed VMs. For details, see the Administration Guide.
  • Versions for cloud-connected Horizon 7 pods: Horizon 7 Cloud Connector 1.1 is the lowest version level needed to cloud-connect a Horizon 7 pod with Horizon Cloud and see the pod in the Horizon Cloud Administration Console. To obtain use of the latest features and fixes for your existing cloud-connected Horizon 7 pods, upgrade those pods to the latest versions of the Horizon 7 components, including the latest Horizon 7 Cloud Connector version. If you have the required licensing, you can download the latest Horizon 7 Cloud Connector appliance from http://www.vmware.com/go/download-horizon-subscription

Things to Know Before Using this Release

Review this information as you prepare to consume this release of VMware Horizon Cloud Service.

Knowledge of the following facts is useful before using Horizon Cloud Service with any of the deployment types.

  • Login authentication into the Horizon Cloud Administration Console relies on My VMware account credentials. If the My VMware account system is experiencing a system outage and cannot take authentication requests, you will not be able to log in to the Administration Console during that time period. If you encounter issues logging in to the Administration Console's first login screen, check the Horizon Cloud System Status page at https://status.horizon.vmware.com to see the latest system status. On that page, you can also subscribe to receive updates.
  • Each of the pods paired with the Horizon Cloud control plane and associated with the same customer account must have line of sight to the Active Directory domains connected to those pods and have one-way or two-way trust configured along with that line of sight. For example, when you have three pods where one pod is in Microsoft Azure, one pod is on-premises, and one pod in VMware Cloud on AWS, each of those pods must have line of sight and one-way or two-way trust configured to the same set of Active Directory domains.

Knowledge of the following facts is useful before using Microsoft Azure deployments.

  • Subscriptions and Number of Nodes: Be mindful about the number of nodes you deploy into a single subscription, especially if you plan to have each node running at a large scale. Even though multiple nodes can be deployed into a single Microsoft Azure subscription, whether all into one region or spread across multiple regions, Microsoft Azure imposes certain limits within a single subscription. Because of those Microsoft Azure limits, deployment of many nodes into a single subscription increases the likelihood of hitting those limits. Numerous variables, and combinations of those variables, are involved in reaching those limits, such as the number of nodes, the number of farms and assignments within each node, the number of servers within each node, the number of desktops within each assignment, and so on.
    If you plan to have nodes running at a large scale, consider adopting the approach of having multiple subscriptions with those multiple subscriptions under one Microsoft Azure account. Microsoft Azure customers can, and often prefer, this approach because it provides some benefits for ongoing management of the subscriptions. Using this approach, you would deploy a single node per subscription, roll up those subscriptions in a single "master account", and avoid the chances of hitting the Microsoft Azure limits that are imposed on a single subscription.
  • Outbound Internet access is required on the Microsoft Azure Virtual Network (VNet) that is connected to the node's temporary jump box VM and node manager VM. Proxy-based authentication is supported in this release. You must provide your proxy details in the node deployment wizard. For node deployment, specific DNS names must be reachable using specific ports and protocols. See VMware Horizon Cloud Service Deployment Guide for the connectivity requirements. Note: When you have a proxy configured for the node, you must use the manual steps to create your base master VMs. You cannot use the automated Import Image wizard when your node is configured for proxy-based authentication.
  • Subnet sizing: This release does not support expanding the size of the node's subnets after the node is deployed. As a result, for production environments, you should use subnet sizes that are large enough to accommodate the following requirements:
    • Management subnet: When deploying a pod, the pod's management subnet is now required to have a minimum of CIDR /27, where previously a lower minimum CIDR of /28 was allowed. This change was made to reduce the occurrence of issues that can happen during pod updates due to lack of available IP addresses in the subnet. A CIDR of /27 provides for 32 IP addresses.
    • Desktop (tenant) subnet: Use a CIDR in the range of /24 to /21 to accommodate the VMs for your VDI desktops, the RDS images, and every server in the node's RDS farms. For example, if you want your production node to support up to 2,000 VDI desktop VMs, the minimum CIDR that will accommodate that is /21 (2048 IP addresses)

Knowledge of the following facts is useful before connecting Horizon Cloud to pods installed on-premises or in VMware Cloud on AWS.

  • Before connecting a second Horizon 7 pod to Horizon Cloud, you should log in to the Horizon Cloud Administration Console and complete the Active Directory domain registration process after connecting your first Horizon 7 pod to Horizon Cloud using the Cloud Connector's onboarding process. When you pair multiple Horizon 7 pods with Horizon Cloud before completing that Active Directory domain registration, unexpected results might occur when you eventually log in to the Administration Console to attempt the domain registration process.
  • Due to a known issue, when you are using an on-premises Active Directory domain to service a pod in VMware Cloud on AWS, slow access times might occur due to network latency or network congestion between that on-premises Active Directory domain and the pod in VMware Cloud on AWS which results in calls to the domain timing out. Symptoms of this latency typically include the Active Directory login screen failing to complete the login before timing out. If you experience such symptoms, configuring a writable domain controller in each in-cloud software-defined data center (SDDC) might help.

Product Documentation and Additional Helpful Resources

To access the product documentation for all deployment models of Horizon Cloud, see the VMware Horizon Cloud Service documentation landing page.

Visit the community site for helpful tips and to ask any questions. White papers are also available in the Resources section of the Horizon Cloud product page.

Known Limitations

The following limitations apply to all deployment types.

  • The Administration Console is not supported in the Apple Safari browser. Some user interface features might not work correctly. In a Mac OS, instead of Apple Safari, you can use Chrome or Firefox browsers.
  • Every pod associated with your Horizon Cloud customer account and connected to Horizon Cloud must have line of sight to the same set of Active Directory domains and have one-way or two-way trust configured along with that line of sight.

Microsoft Azure deployments have the following known limitations.

  • This release does not support expanding the node's subnets after the node is deployed. Before you deploy a node, you must ensure the address spaces for the subnets you specify in the deployment wizard are large enough to accommodate your expected usage.
  • This release does not support use of the following Horizon Agent features: VMware Logon Monitor service. By default, the Horizon Agents Installer disables the VMware Logon Monitor service in all installations that the installer performs.
  • During the ten-minute process of updating a node from an earlier software level to the latest one, end users who have connected sessions to the updating node will have those active sessions disconnected. No data loss will occur – except for the case where the RDSH farm or VDI desktop assignment serving the sessions has the Logoff Disconnected Sessions set to Immediately. For such farms and VDI desktop assignments, the disconnected sessions are also logged off immediately and in-progress user work is lost in those conditions.
    After the update process is complete, those users can reconnect.
  • In this release, each node configured with Unified Access Gateway instances needs its own unique fully qualified domain name (FQDN). The FQDN cannot contain underscores. The same FQDN can be used in both the external and internal Unified Access Gateway configurations on the same node.
  • Your authenticated (logged in) session into the Administration Console will time out after the time setting that is configured in the Administration Console's General Settings page. The default is 30 minutes. You can change the default to a value ranging from 30 minutes to 180 minutes. In most cases, when the configured time is up, the system will automatically explicitly log you out and present a message that you must log back in. However, sometimes the system ends your authenticated session and does not explicitly log you out. When that happens, when performing certain tasks in the Administration Console, error messages might be displayed which do not accurately reflect the current state, such as the node deployment wizard fails to validate your subscription entries, values are not displayed in drop-down lists, and the Farms page reports no node is available in which to create a farm and error messages stating "No service_sessions of type identity_node were provided". If you start to see such behavior and you have been using the Administration Console for 30 minutes or more, manually log out and then log back in.
  • The USB redirection capability is not supported when using the VMware Horizon Client for Android to access virtual desktops and remote applications served by your Horizon Cloud environment.
  • For GPU-enabled master images, Microsoft Windows Server versions 2016 and 2019 are recommended to avoid limiting the number of end user sessions. Due to an NVIDIA driver limitation on Windows Server 2012 R2, the maximum number of sessions for each RDS desktop server is 20.
  • Support for GPU-enabled master images using Microsoft Windows Server 2019 is dependent on availability of NVIDIA GRID driver support for Windows Server 2019. When NVIDIA provides supported drivers for Microsoft Windows Server 2019, you can use those drivers with your Horizon Cloud master images.
  • The NSX Cloud capabilities in this release are not supported for Microsoft Windows Server 2019.
  • If you have an image using Microsoft Windows 10 1709 (RS3) and you want to update it to Windows 10 1803 (RS4) or Windows 10 1809 (RS5), first upgrade that Windows 10 1709 to the latest Horizon Agent version 19.2 before proceeding with upgrading the Windows operating system.
  • By default, when you use the automated Import Desktop wizard to create an image with a Windows 2012 server operating system, the resulting image does not have the Desktop Experience enabled. If you want the resulting image to have the Desktop Experience, you must manually enable the Desktop Experience in the resulting image.
  • When you deploy a Horizon Cloud node in Microsoft Azure after you have already configured True SSO for previously deployed nodes, the system does not automatically pair the new node with the Enrollment servers. You must manually repeat the steps to export the pairing bundle and import it into the Enrollment servers. For the steps, see this release's Administration Guide.
  • In a URL redirection customization, URL patterns are treated as case sensitive when they are intercepted by the Horizon Client. For example, URL redirection does not occur for URL patterns specified as *GOOGLE.com and *Google.com, even though the pattern *google.com is redirected. Redirection for the end users does not occur if the specified pattern does not match the actual character case used in the target file systems.
  • The system retrieves the data for the Utilization, Concurrency, Session History, and Top Applications reports once a day, at a specific UTC time. The data for the Utilization and Concurrency reports is retrieved at 2 AM UTC, the data for the Session History report is retrieved at 2:10 AM UTC, and the data for the Top Applications report is retrieved at 2:30 AM UTC. As a result, the reported information that is displayed in the Administration Console might not reflect the data collected between the last retrieval time and the time at which you are viewing the reports in the Administration Console. As an example, because the logic for the Users and Peak Concurrency data in the Concurrency report is calculated on the daily basis for which the data is retrieved, the data from user activity on April 23 is calculated at the 2 AM UTC time point on April 24 (the following day). After that time point is passed and the system retrieves the collected data, the data from April 23 gets displayed in the report. If one of your end users starts a session after the 2 AM UTC time point on April 23, data for that user's session will not be reflected in the on-screen report until after 2 AM UTC on April 24.
  • In workflows that result in the system creating VMs, such as creating farms, images, and assignments, if you try to enter a name that is longer than length supported by the system for the to-be-created item, the system prevents you from typing in more than the supported number of characters. The number of characters supported for an item's name depends on the workflow.
  • In a Microsoft Azure multi-node environment, you cannot reuse names that you used in one node when creating items in another node. The reason for this limitation is that nodes in the multiple-node environment share the same Active Directory domain and the same VNet. As a result, if names are shared within such multiple-node environments, unexpected behavior can occur. This limitation applies to names for image, farms, and VDI desktop assignments. Ensure that unique names are used for your master images, farms, and VDI desktop assignments.
  • Follow these rules when entering characters in the Administration Console:
    • Use only standard ASCII characters in user names and passwords, and for the password when downloading the DaaS SSL bootstrap file. If you use non-ASCII characters for these items, unexpected results might occur.
    • When entering names for imported images, farms, assignments, and other assets that result in creating a VM in Microsoft Azure, do not enter more than 12 characters for the name.
    • Do not use commas in user passwords.
    • When using the Import wizard to create a master VM from the Microsoft Azure Marketplace:
      • Enter a username and password that adheres to the Microsoft Azure requirements for VM admin usernames and passwords. See the Microsoft Azure FAQ page for details.
      • Do not enter a name for the image that ends with a hyphen (-).
      • Do not include an underscore character (_) in the image name.

Known Issues

Note: Known issues for Horizon 7.9, including Cloud Connector, are contained in the release notes for that product. Horizon 7.9 documents are linked from the VMware Horizon 7 Documentation page.

The known issues are grouped as follows:

Note: The numbers in parentheses stated in each known issue refer to VMware internal issues tracking systems.

Active Directory Related Known Issues

  • Primary bind account lockout is not detected until you perform an action involving Active Directory in the Administration Console. (2010669)
    Due to this issue, an administrator logged into the Administration Console will not see a primary bind account lockout notification until an action involving Active Directory is performed in the user interface, such as when searching Active Directory to add users to assignments. The underlying services only detect a locked-out service account when they make a request to talk to Active Directory for either authenticating or searching (user or group).
    Workaround: None.
  • It takes up to 15 minutes for the Administration Console to reflect a lockout or unlocked state of the primary bind domain account. (2009434)
    The system's connection object to Active Directory is cached for 15 minutes. As a result, it might take 15 minutes from the time point when the primary bind account goes to locked state and the system raises the notification to the administrator. Conversely, after the administrator clears the locked-out condition of the account, it might take up to 15 minutes for the system to stop notifying about the now-cleared account.
    Workaround: None.
  • For farms in a pod in Microsoft Azure, reusing the same farm name with a different domain in the same Active Directory forest can lead to domain join failures due to duplicate service provider names (SPNs). (1969172)
    Due to a new feature for domain controllers in Microsoft Windows Server 2012 R2 and higher, a duplicate SPN check on the domain controller causes domain join failures. See the Microsoft KB article 3070083.
    Workarounds:
    - Avoid reusing farm names.
    - As described in that Microsoft KB article, disable duplicate SPN checks in the Active Directory domain.

Images, Farms, Assignments Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • The Import Desktop wizard creates Windows Server 2012 images without the Desktop Experience enabled. (2101856)
    Due to a known issue, when you use the automated Import Desktop wizard to create an image with a Windows Server 2012 operating system, the resulting image does not have the Desktop Experience enabled.
    Workaround: If you want the resulting image to have the Desktop Experience, you must manually enable the Desktop Experience in the resulting image. Note also that for the Windows Server 2012 operating system, to install the Horizon Agent with the Scanner Redirection option requires the Desktop Experience be enabled in the operating system.
  • When publishing (also known as sealing) an imported VM, the process might result in a timeout or other failures to publish due to sysprep failures. (2036082, 2080101, 2120508, 2118047)
    After you click Convert to Desktop on an imported VM and Publish to make it a published (sealed) image, a number of operations are performed on the VM. These operations include running the Windows System Preparation (sysprep) process, shutting down the VM and powering it off, and so on. Due to industry-known issues with the Windows sysprep process and customizing virtual machines, sometimes the publishing process fails for various reasons. On the Activity page, you see messages like "Timeout Error Waited 20 minutes for virtual machine to power off.", and other sysprep failure message.
    Workaround: Generally speaking, you can avoid such sysprep issues when you create the master VM using the Import Desktop from Marketplace wizard and select Yes for the wizard's Optimize Windows Image toggle. If you are seeing this error for a master VM in which you did not use that option, or if you manually created that master VM, refer to VMware KB 2079196, Microsoft KB 2769827, Microsoft MVP article 615, as well as the VMware Horizon Cloud Service Administration Guide for best practices in configuring your master VM to minimize likelihood of having sysprep issues when you go to publish the image. If you see the timeout errors in the Activity page, you can try this workaround: on the Images page, use the Convert Image to Desktop action on the image. When the Activity page indicates converting the image to a desktop is successful, navigate to the Imported VMs page. Connect to the VM by following the steps in the Administration Guide, and apply the best practices described in the KBs. After you have On the Imported VMs page, select the VM and click Convert to Image to run the publishing process again.
  • During farm creation, sometimes the server VMs are stuck at the customization step. (2010914, 2041909)
    Sometimes during the sysprep process on the farm's server VMs, a Windows service named "tiledatamodelsvc" prevents sysprep from accessing Windows files that it needs to complete the sysprep customization process. As a result, the farm's server VMs do not move past the customization step. The sysprep error log contains the line "Error SYSPRP setupdigetclassdevs failed with error 0".
    Workaround: If you encounter this issue and see that error message in the sysprep error log file, try disabling the "tiledatamodelsvc" service in the image and then creating the farm.
  • Agent status might display as 'undefined' on the Imported VMs page after duplicating an image or manually creating an image in Microsoft Azure. (2002798)
    When you use the Duplicate button on the Images page to clone a published image or when you manually create a master image in Microsoft Azure, the resulting VM is listed on the Imported VMs page. Due to this issue, even when the VM is fully powered-on, the agent status might be displayed as 'undefined'. However, when you select the VM and choose Convert to Image to publish it, the user interface reports the agent in 'Active' state.
    Workaround: None. If the New Image or Convert to Image workflows report the agent as 'Active', you can ignore the 'undefined' status on the Imported VMs page.

Agent Update Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • When you attempt an agent update on an image that has a Windows update pending, the update process might fail. (2234964)
    If the image needs an update to the Windows OS, as opposed to a minor non-OS update, this can cause OS resources to be offline and not available for the agent update.
    Workaround: Wait until the Windows update is complete and retry the agent update. To confirm that all Windows update(s) are complete, you can take the image offline, perform all pending update(s), and re-publish the image before initiating the agent update.

Reports and Monitoring Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • In the User Activity report, the displayed weekly average (hrs) is not intuitive. (1817065)
    Due to this issue, the weekly statistics fluctuate along the time because the calculation logic is dividing the current week's duration by seven (7) and not rounding up to a whole week. For example, when you select the last 30 days, the data for completed weeks is unchanged but the data for the current week is divided by seven (7). The current logic is weekly average (hrs) = daily average (hrs) * 7 days, resulting in the last 30 days weekly average = (total duration / 30 days) * 7 days.
    Workaround: None.
  • The Desktop Health report does not reflect a newly updated farm or VDI desktop assignment name until an hour after the name change. (1756889)
    If you change a farm's name or VDI desktop assignment's name, it takes an hour for the Desktop Health report's Assignment drop-down menu and Assignment column to reflect the new name.
    Workaround: Wait an hour before expecting the new name to appear in the report.
  • The formatting in some of the CSV files that you can export from the Reports user-interface screens do not match the on-screen tables. (2015500)
    Some of the Reports page's subscreens provide an export feature to export the displayed data in CSV format. Due to this issue, the formatting in the CSV files exported from the Desktop Health, Concurrency, and Session History reports do not precisely match the ones you see displayed on the screen. For example, the column headings might be different and the CSV files might have more columns of data than in the on-screen tables.
    Workaround: None.
  • Sessions for VDI host application pools display as "RDSH Application". (2349560)
    For Horizon 7 pods, sessions for users connected to VDI host application pools are shown on the Dashboard page (Monitoring > Dashboard) as "RDSH Application", although these are not RDSH application sessions.
    Workaround: None.

Identity Management, True SSO Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • When your pod from a previous manifest version is updated to this release and that pod has two-factor RADIUS configured on its Unified Access Gateway instances and is also integrated with VMware Identity Manager, launching a desktop from the Workspace ONE portal using the browser displays the RADIUS login form with the user name field prefilled with the user's UPN. (2248160)
    This symptom occurs because of a change that was released in VMware Horizon HTML Access 4.10. When your pod in Microsoft Azure from a previous Horizon Cloud release is configured with Unified Access Gateway instances and two-factor RADIUS authentication and you configure that pod to use VMware Identity Manager, previously when launching a desktop from the Workspace ONE portal using the browser, the RADIUS login form prompts for the user name and passcode. The end user would type the user name and passcode in the form. However, due to this issue, after upgrading that pod to this release, using the same desktop launch steps, the RADIUS login form has the user name field prefilled with the domain user's UPN. This behavior only occurs when using the browser to launch the desktop. It does not occur when using Horizon Client.
    Workaround: If this situation is encountered, the end user can clear the prefilled user name field and enter their information. Generally, for most environments that are integrated with VMware Identity Manager, the two-factor authentication would be configured in VMware Identity Manager and not on the underlying Unified Access Gateway instances.
  • Launching a second desktop from the Workspace ONE portal using the Horizon Client can fail with the error 'You are not entitled to that desktop or application'. (1813881, 2201599)
    This symptom occurs in the following situation. The user has entitlements to two dedicated VDI assignments through a group entitlement. Both dedicated VDI desktop assignments are listed in the Workspace ONE portal when the user logs in. The user launches the first desktop using Horizon Client. That desktop connects. Then the user tries to launch the other desktop from the other assignment, also using the Horizon Client. The launch of that other desktop fails with an error indicating the user is not entitled. However, this issue is seen only for the first attempt on the second desktop. If the user launches the second desktop using the browser, subsequent attempts to launch the second desktop using Horizon Client succeed.
    Workaround: If you encounter this situation, try launching the second desktop using the browser.

User Interface Related Known Issues

Note: Unless otherwise noted in the known issue text, the known issues listed here apply to pods deployed in Microsoft Azure.

  • Even though an administrator logged in to the Administration Console can view reports on the Reports page, exporting the reports fails. (2374653)
    Due to this known issue, when a person has the Customer Helpdesk or Customer Helpdesk Readonly role on their My VMware account in the General Settings page, but their Active Directory account is in a group with the Demo Administrator role on the Roles & Permissions page, having that combination of roles prevents downloading the reports. This issue applies to all types of pods.
    Workaround: Use the General Settings page to delete the person's My VMware account and then add the person back and assign them the Customer Administrator role. You must be a Super Administrator to do this. Their Active Directory account role of Demo Administrator will continue to enforce read-only access to the Administration Console, and they will be able to both view and export reports from the Reports page.
  • The Logon Segments chart displayed in the session dashboard has no data.
    The VMware Logon Monitor service provides the data for the Logon Segments chart that appears in the session dashboard. However, this release does not support use of the VMware Logon Monitor service and by default, the Horizon Agents Installer disables the VMware Logon Monitor service in all installations that the installer performs. As a result, even though no data is reported that the Logon Segments chart can display, you see the Logon Segments chart is still visible in the session dashboard.
    Workaround: None.
  • When using the Administration Console in one browser tab, if you try to launch a disconnected desktop that you have in another browser tab in the same browser, the HTML Access portal is also logged off and you must log back in to the HTML Access portal itself. (2118293)
    Usually when you launch a desktop and disconnect from it without logging out of the desktop, you stay logged in to the HTML Access portal itself and you can reconnect to the disconnected desktop without having to enter credentials to the HTML Access portal. Due to this issue, if you are in a browser window where you are logged in to the Administration Console in one browser tab and use another browser tab to log in to the HTML Access portal and launch a desktop, when you disconnect from that desktop and try to reconnect to it, the HTML Access portal logs off. Then you must re-enter credentials to the HTML Access portal before you can reconnect to that desktop.
    Workaround: To avoid this issue, log in to the Administration Console using a separate browser window from where you have the HTML Access portal. This behavior only occurs if you are also logged in to the Administration Console in a browser tab in the same browser window in which you are also using the HTML Access portal.
  • In the User Card screen for a specific user, VDI dedicated desktop assignments are removed from the Assignments tab after the user's first launch of the dedicated desktop from that assignment. (1958046)
    When a user is specified in a VDI dedicated desktop assignment as an individual user, not through an Active Directory group, that VDI dedicated desktop assignment appears in the Assignments tab in the User Card screen for that user only until the user's first launch of a dedicated desktop from that assignment. After the user's first launch of a VDI dedicated desktop from that assignment, the user card's Assignments tab no longer displays that VDI dedicated desktop assignment for that user. The user's first launch results in that user claiming a specific dedicated desktop from the underlying pool defined by that assignment and the system maps that specific dedicated desktop to that particular user. When that mapping is made, that specific dedicated desktop gets the Assigned state, and it is listed on the user card's Desktops tab for that user.
    Workaround: Instead of relying on the user card's Assignments tab in this case, to see the already launched VDI dedicated desktops assigned to a specific user, you can use the Desktops tab. If you need to locate the specific VDI dedicated desktop assignment in which that user-desktop mapping is made, obtain the desktop name from the user card's Desktop tab and use the search by VMs feature of the top banner search to list that specific desktop VM. In the results from the search by VMs, click the name to open the specific assignment page that has that particular dedicated desktop. Then you can locate the user in the assignment's details.
  • The What's New screen appears even though you previously selected the option not to continue showing it. (2075825)
    This issue applies to environments with any pod type. Due to this issue, if you clear your browser cache or you use a different browser than the one in which you previously selected the option to not show the What's New screen, the screen might appear when you log in to the Administration Console. The flag for whether to show the What's New screen is stored in the browser's local cache, instead of per user.
    Workaround: None.
  • Even though the image creation process has not fully completed, the Getting Started screen displays Completed for the Create Image step. (2100467)
    Due to this issue, the Create Image step is marked as completed prematurely.
    Workaround: Use the Activity page to verify that the image creation process has completed.
  • When using the Administration Console, you might see placeholders instead of the actual text strings or you click a button on a page and nothing happens. (2045967)
    This issue applies to environments with any pod type. VMware periodically updates the in-cloud management environment that hosts the Administration Console. This issue can occur when static content has been cached in the browser prior to the latest in-cloud update. It is a temporary issue that will clear when the browser cache is cleared.
    Workaround: Try logging out of the Administration Console, clearing the browser cache, restarting the browser, and then logging back into the Administration Console.
  • Application names are displayed in lowercase characters when end users access them using Workspace ONE. (1967245)
    When your Horizon Cloud environment is integrated with VMware Identity Manager, your end users access their assigned desktops and applications using Workspace ONE. Due to this know issue, the users see the application names displayed with lowercase characters, regardless of the actual case used in the application names. This limitation is due to the way VMware Identity Manager creates launch IDs from Horizon Cloud by using older Horizon Cloud REST APIs.
    Workaround: None.
  • The memory usage percentages reported for desktop health reports and used for the desktop health alerts are based on percentage of committed memory, which equals physical memory plus pagefile size, and not on percentage of only physical memory. (2015772)
    Committed memory for a desktop VM is calculated as physical memory plus pagefile size. When calculating the percentage of memory usage in a desktop, the system takes the percentage used of that total (physical memory plus pagefile size). Both the desktop health alerts and the memory usage report in the desktop health reports use that percentage calculation. However, when you log into a desktop VM and open the Windows Task Manager to view the memory usage in the desktop's Windows operating system, the Windows Task Manager displays percentage based on physical memory only. As a result, the memory usage percentage that the desktop's Windows Task Manager displays does not match the memory usage percentage displayed in the Desktop Health reports or in the desktop health alert.
    Workaround: Keep in mind this difference if you decide to make a comparison between the memory usage percentage reported by a desktop's Windows Task Manager and the memory usage percentage reported in the Administration Console's Desktop Health report and desktop health alerts for that desktop.
  • If a desktop VM's CPU usage is at or close to 100%, the desktop alert is not triggered. (1446496)
    If an application or something in the desktop VM causes the VM's CPU usage to reach 100%, the desktop agent fails to send as many data samples as it usually sends to Horizon Cloud because the CPU is very busy. As a result of the low sample count returned, the calculation the system uses to trigger the desktop alert is affected.
    Workaround: None.

End User, Horizon Client Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • Sometimes when launching a VDI desktop using VMware HTML Access, an error message about being disconnected appears, and then subsequently the launch is successful. (2243471)
    VDI desktop virtual machines have a default session connection timeout, and when that timeout is reached, the session is disconnected. Sometimes, when launching a desktop, if the end user's HTML Access session has timed out at the time the desktop's default session connection timeout is reached, the desktop will initially throw that error, and then continue launching the desktop.
    Workaround: None.
  • When a VDI desktop assignment has disk encryption selected and a one- or two-core VM model, and a desktop's underlying VM is powered off, the Horizon Client's automatic retry option might fail to make a connection. (2167432)
    When a VDI desktop VM is powered off due to the VDI desktop assignment's power management settings, the VM has to power on and get ready before an end user connection can be made to that desktop. When an end user's client tries to connect to a VDI desktop assignment's VM and the VM is powered off, the system starts powering on that VM. For non-encrypted VMs, the VM is typically ready to accept a client connection in under 10 minutes. However, an encrypted VM with one or two cores usually takes longer than 10 minutes to get ready to accept a connection. The Horizon Client's Client Retry option has an upper limit of 10 minutes. Because of this upper limit of the Client Retry option, when the end user has the client automatically retry the connection while the desktop's underlying VM is getting powered on and ready but the connection is not made within 10 minutes, the client's automatic retry gives up. Because an encrypted VM usually takes longer than 10 minutes until it is ready to take the client connection, the end user might see that Horizon Client's automatic retry fails to complete the connection to their encrypted desktop VM.
    Workaround: When you want to have disk encryption for a VDI desktop assignment, select a VM model that has more than two cores. Otherwise, if your VDI desktop assignment has disk encryption and has a VM model with one or two cores, inform your end users that they might experience this issue with using the Client Retry option with these encrypted desktop VMs.
  • For a virtual desktop from a dedicated VDI desktop assignment, the shortcut link on the Horizon client's Recent page might not launch the desktop. (1813881, HD-3686, DPM-1140)
    The iOS and Android versions of the Horizon clients have a Recent page which displays links to recently launched desktops. When the user does the initial launch of a dedicated pool virtual desktop, the desktop launches as usual, and the client creates a launch icon on the Recent page. However, when the user disconnects from the desktop and then tries later to launch the desktop from the Recent page, the desktop fails to launch because the launch icon is using a shortened version of the desktop name.
    Workaround: Launch the desktop from the client's main page, and not the Recent page.

Updates to Pods in Microsoft Azure Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • While a pod is undergoing an update, active end user sessions to that pod are disconnected. (HD-12577)
    During the ten-minute process of updating a pod from an earlier software level to the latest one, end users who have connected sessions to the updating pod will see those active sessions disconnected. However, no data loss will occur – except for the case where the RDSH farm or VDI desktop assignment serving the sessions has the Logoff Disconnected Sessions set to Immediately. For such farms and VDI desktop assignments, the disconnected sessions are also logged off immediately and in-progress user work is lost in those conditions.
    Workaround: None. After the update process is complete, those users can reconnect. To prevent data loss for end users, before running the update, make sure the settings in the pod's farms and VDI desktop assignments do not have Logoff Disconnected Sessions set to Immediately.
  • After the download of a new version of the Microsoft Azure pod software is triggered, the Unified Access Gateway status displayed on the node's details page is incorrect. (2036319, HD-15879)
    As described in the Administration Guide, when the download of the pod software update is triggered, the software is downloaded to your environment in Microsoft Azure. Then after the download is finished, your pod's details page shows that an upgrade is available. Due to this known issue, when the download is triggered on the backend, the information about the pod's Unified Access Gateway configurations incorrectly changes to display Pending status in the pod's details page.
    Workaround: None. The Unified Access Gateway operations are unaffected even though the displayed status is incorrect. When you update the pod to the new version, the displayed status is corrected in the pod's details page.

Localization Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • When you are adding or editing locations in the Administration Console, location names are not localized. (2366913)
    Workaround: None.
  • When non-ASCII or high-ASCII characters are used in the True SSO template name, retrieving the template fails. (1951143)
    Due to this known issue, if your True SSO template name contains non-ASCII or high-ASCII characters, you cannot successfully configure True SSO with your Horizon Cloud environment.
    Workaround: To avoid this issue, use only ASCII characters in the names of your True SSO templates.
  • Some of the strings in the Desktop Health page's desktop health alerts are not localized. (2019363)
    Workaround: None.

Previous Issues Resolved in this Release

Note: The resolved issues listed here apply to pods deployed in Microsoft Azure.

This release resolves the following issues reported in the previous release:

Resolved Agent Update Related Known Issues

Note: The known issues listed here apply to pods deployed in Microsoft Azure.

  • When you use the Update Agent feature to update image that have an agent version earlier than 18.2.2, the update process might fail. (2200962)
    Images that you created on nodes at manifest level earlier than 965 might experience this issue. Sometimes the image has RunOnce registry values that block completion of the agent update process.
    Workaround: Perform the agent update again, adding the following command line argument on the Command Line tab of the Agent Update wizard: VDM_SUPPRESS_RUNONCE_CHECK=1

Resolved Identity Management, True SSO Related Known Issues

  • Workspace ONE does not display the remote applications' display names that you set in the Horizon Cloud Administration Console. (2131583)
    Due to a known issue in VMware Identity Manager Connector, when Workspace ONE displays the remote applications that you sync from Horizon Cloud, Workspace ONE does not display the display names that you set for those remote applications in Horizon Cloud. Even though Horizon Cloud sends the display names to VMware Identity Manager, VMware Identity Manager uses the remote applications' launchIDs instead. As a result, Workspace ONE displays the basic names for the remote applications.
    Workaround: This issue is fixed in this release.
  • After you upgrade your VMware Identity Manager Connector from version 2017.8.1.0 to version 2017.12.1.0, the sync operation might fail. (HW-78477)
    Due to a known issue in VMware Identity Manager Connector version 2017.12.1.0, after the connector restart when upgrading the connector, the sync operation in the VMware Identity Manager administration console might fail.
    Workaround: This issue is fixed in this release.

Resolved User Interface Related Known Issues

  • The tool tip text for the General Page's Domain Security Settings does not indicate it can take up to 5 minutes before any changes take effect and are visible in the end-user clients. (2298440)
    Even though you might think changes to the Domain Security Settings would be immediately reflected in the end-user clients, it can take up to 5 minutes before the update takes effect. However, that information is not in the tool tip text.
    Workaround: This issue is fixed in this release.
  • The session and connections statistics data for pods in Microsoft Azure that are older than manifest version 1101 are not displayed in the Dashboard page's charts. (2245700)
    Due to this known issue, the session and connections statistics data charted in the Dashboard page does not include that data from existing pods that have not yet been updated to a manifest version 1101 or later.
    Workaround: This issue is fixed in this release.