Horizon HTML Access 5.5 | 15 October 2020
These release notes cover the following topics:
- Key Features
- What's New in This Release
- Before You Begin
- Resolved Issues
- Known Issues
HTML Access makes it easy to access your remote desktops (Windows and Linux) and published applications from an HTML5-based browser. No need to install any software.
- Work the way you want to - Access remote desktops and published applications from device platforms where no native client is available, or from any computer on which you do not want to install software. You can also select HTML Access from a VMware Workspace Catalog.
- Simple connectivity - HTML Access is tightly integrated with VMware Horizon 7 for simple setup and connectivity. Open a browser, enter a server URL, and log in to see a list of available remote desktops and published applications.
- Secure from any location - At your desk or away from the office, your data is always secure. Enhanced certificate checking is performed on the client. HTML Access also supports optional RADIUS and RSA SecurID authentication.
There are no new features in this release.
For HTML Access, both the user interface and the documentation are available in English, Japanese, French, German, Simplified Chinese, Traditional Chinese, Korean, and Spanish.
- For a list of the supported browsers, supported client operating systems, HTML Access system requirements, and installation instructions, see the VMware Horizon HTML Access Installation and Setup Guide document.
- HTML Access 5.5 supports Horizon Agent 7.13.
- With HTML Access 5.5 and Horizon 7.13, if you connect to a server through a load balancer or a gateway, such as F5 or Unified Access Gateway, you must first configure a security setting in Horizon 7. For more information, see "Origin Checking" in the Horizon 7 Security document.
Resolved IssuesThe number provided before each resolved issue refers to the VMware internal issues tracking system.
2631616: Previously, the HTML Access login page was vulnerable to CSRF attacks. This problem has been fixed in the 7.13 release. To further enhance the fix, you can set client.csrfCheck.enforce in the portal-version.properties file on the Connection Server host. VMware recommends that you set this value to true if HTML Access can connect to Connection Server 7.13 directly, or through the latest version of UAG. Set this value to false when connecting through other servers, such as a legacy UAG version or F5 APM.
The known issues are grouped as follows.Printing
The location-based printing feature does not work if you set your browser to use a proxy, or if the client system is in a vLAN that is different from the vLAN in which the Horizon 7 environment is located.
Sometimes, the Virtual Printing feature and the location-based printing feature are not able to show the correct list of printers in the Devices and Printers window of a session-based remote desktop. This issue can occur with remote desktops that are provided by Windows Server 2012 RDS hosts and Windows Server 2012 R2 RDS hosts. The printers shown within published applications are correct.
Workaround: Log off from the remote desktop that is running on the server and reconnect to it.
On iOS Safari, if you connect to a remote desktop and play audio or video on the remote desktop, and switch to playing audio or video with a native application without disconnecting from a Connection Server instance, and switch back to the remote desktop on Safari, audio no longer works.
Workaround: Disconnect or log off from the Connection Server instance and connect to the remote desktop again.
- Sound playback quality is best on browsers that have Web Audio API support. Chrome, Safari, and Firefox 25 and later browsers have Web Audio API support. Browsers that do not have this support include Internet Explorer (up to and including Internet Explorer 11) and Firefox 24 and earlier.
On Chrome, Safari, and Edge browsers, if audio is playing and you switch to another tab in the browser or minimize the browser, audio processing becomes intermittent. After you re-focus on the remote desktop tab, audio might be out of sync with video for a few seconds.
Workaround: Refresh the page, or pull the remote desktop's tab out of the browser so that it has its own window.
Occasionally, Real-Time Audio-Video (RTAV) video redirection does not work when you use it for a second time with Chrome on a Mac OS system.
Workaround: Refresh the browser.
The Web browser from which you start a desktop might stop responding if you repeat the following steps multiple times: enter multiple-monitor mode, open Real-Time Audio-Video (RTAV), move the camera window to the second display, exit multiple-monitor mode, or start another remote desktop from the sidebar.
The sidebar, and sometimes the remote desktop, disappears after you unplug the extended display monitor while using the multiple monitor feature with a Chrome Web browser.
Workaround: Restart HTML Access, resize the application window, or replug the extended display monitor.
In Safari 12, the first time you open a remote desktop or published application, a warning message instructs you to enable audio. This warning message appears again after you log out from the server, close or refresh the browser, and open a remote desktop or published application.
Do not use RDS Per Device Client Access Licenses (CALs) for HTML Access. If you do, the licensing mechanism treats each browser as a device, and, if cookies are cleared, the browser uses another license.
Workaround: Use RDS Per User CALs for HTML Access.
On a Chromebook, when connecting to a Unified Access Gateway server that uses a self-signed certificate, HTML Access reports the error ERR_CERT_INVALID.
Workaround: Install a CA-signed certificate on the Unified Access Gateway server.
On iOS, if you attempt to connect to a remote desktop by using a self-signed certificate, Safari reports the error "Your desktop has been disconnected. Unable to reconnect to desktop." This problem occurs because self-signed certificates are not supported on iOS.
Workaround: An administrator must install a CA-signed certificate on the Horizon 7 server and you must trust the certificate on your iOS device. For information about installing certificates on a Horizon 7 server, see the Horizon 7 Administration document. For information about trusting certificates on an iOS device, see the VMware Horizon HTML Access Installation and Setup Guide. If the Blast Secure Gateway is disabled on the Horizon 7 server, an administrator must perform the following additional steps on the remote desktop to connect from iOS:
- Use mmc to import the CA-signed certificate into the Windows certificate store.
- Replace the sslHash key in HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config with the key from the thumbprint of the certificate issued to the Blast Agent Hostname or IP address.
- Restart the Blast Agent virtual machine.
When the Clean up credential when tab closed for HTML Access global setting is enabled in Horizon 7, the cache is not cleared if a user closes a tab when the network connection is not available.
On Internet Explorer 11.0.9600.18537 or earlier, prior to logging in to a VMware Blast session, if you start an HTML Access agent that does not have a certificate, a certificate confirmation page appears. After confirming the certificate, you are returned to the desktop and application selection page instead of to the VMware Blast session page.
Workaround: On the desktop and application selection window, click the remote desktop again. The connection will succeed.
After an administrator sets the change password at next logon option for a user's account, and the user's idle session times out, the application that was active during the session timeout is not restarted automatically after the user reauthenticates and changes the password successfully.
Workaround: Refresh the page and launch the application again from the sidebar.
Remote desktops and published applications cannot be started successfully from an iOS device if the iOS device uses an intermediate CA-signed certificate.
Workaround: Install a root CA-signed certificate on the iOS device.
If you use a self-signed certificate with Unified Access Gateway, you might not be able to access a remote desktop when you use a Microsoft Edge Web browser for the HTML Access session.
Workaround: Use one of the following workarounds to resolve this issue.
- Use a valid CA-signed certificate.
- Do not use port 8443 for the Blast External URL property. Use port 443 instead.
If you configured Unified Access Gateway with a root certificate that is signed by a Certificate Authority (CA), and the Blast External URL property value is set to blank or to port 8443, you might not be able to connect to a remote desktop if you are using a Microsoft Edge browser. After the error occurs, all new connected sessions are not visible.
Workaround: Use one of the following workarounds to resolve the issue.
- Set the Blast External URL property to port 443.
- Close the Microsoft Edge browser, restart the HTML Access, and connect to the remote desktop.
When using a Firefox browser, your HTML Access remote desktop session is disconnected immediately after connecting.
Workaround: Verify that your Firefox browser proxy settings are configured correctly.
Do not configure remote desktops to be suspended after users disconnect. This setting does not work correctly with HTML Access.
Connecting to a remote desktop or published application fails if Blast Secure Gateway (BSG) is enabled on both the Unified Access Gateway server and the Connection Server instance.
Workaround: Disable BSG on the Connection Server instance.
In Unified Access Gateway, if you set the Enable Blast Horizon Edge setting to False, you cannot access remote desktops and published applications through HTML Access. Generally, because Unified Access Gateway is deployed in a DMZ, the Enable Blast option is set to True and this issue does not occur.
Workaround: In Unified Access Gateway, if you set Enable Blast to False and also use HTML Access, set the proxyPattern option to "/|/portal(.*)".
If you access a remote desktop or published application through HTML Access that is connected with a Unified Access Gateway server, the remote desktop or published application session is not disconnected after the Unified Access Gatway server session timeout is reached.
After Horizon 7 is upgraded from version 7.0, users who have previously connected to a version of Horizon 7 that is older than 7.0.1 do not see the Real-Time Audio-Video (RTAV) or File Transfer features.
Workaround: Perform one of the following actions:
- Clear the browser's cache before logging in to the Connection Server instance.
- Start a remote desktop and refresh the browser.
After an upgrade from Horizon 6 version 6.x to Horizon 7 version 7.x, the published applications that are entitled to domain users are no longer visible after logging in from HTML Access.
Workaround: In Horizon Administrator, select Resources > Farms, edit a farm, disable Allow HTML Access to desktops and applications on this farm, and then enable it again.
When you connect to a Linux desktop with the Japanese keyboard, the keyboard mapping might be incorrect. For example, the key positions \| and \_ will be incorrect.
Workaround: Keep the client input language as Japanese and switch the desktop input language to English for the two key positions \| and \_ only. Keep the desktop input language as Japanese and switch the client input language to English for all other key positions.
When connecting to a Linux desktop, some keyboard input does not work. For example, (1) with English keyboard, the * key on the numeric keypad is display as 8, (2) with English keyboard, the + key on the numeric keypad is displayed as =, and (3) with non-English IME on both client and desktop, some non-English keys are not displayed correctly.
Workaround: For issues 1 and 2, use the typewriter keys * and + in the main keyboard area instead of the numeric keypad. For issue 3, set English IME in HTML Access and non-English IME on the remote desktop.
Intermittently, autofit of a published application does not work. This problem can happen if you start a published application and activate full-screen mode for the browser, start a published application from the sidebar and activate full-screen mode, or start a published application and enlarge the size of the browser window.
Workaround: Activate full-screen mode or resize the browser window before starting a published application.
Users can still upload files when the remote desktop is locked.
When an administrator enables a clipboard format restriction, the text in the Copy & Paste window does not describe the format limitation. For example, if an administrator enables the "Filter text out of the incoming clipboard data" clipboard policy setting, the Copy & Paste window does not notify the user that text cannot be transferred from the client to the remote desktop or application.
In multiple-monitor mode, two mouse cursors appear when you click inside a remote desktop or published application session.
When you use a Web browser on a Mac OS 10.13 system in a Session Collaboration collaborative session, if Fit to Viewer is disabled and the collaborative session's screen resolution is less than the primary session's screen resolution, a scroll bar does not appear. This issue occurs because scroll bars are hidden by default in Mac OS 10.13 systems.
Workaround: Modify the System Preferences to always display scroll bars.
- Choose Apple menu > System Preferences.
- Click General.
- In the Show scroll bars section, select Always.
When the Allow H.264 decoding option is enabled, a newly started published application fails to open and the remote session shows a black screen.
Workaround: Resize the Chrome browser.
When you start HTML Access from a Chrome Web browser on an Android 8.1 device, or from a Safari Web browser on an iOS 11 device, the remote desktop window sometimes disappears while you are using the software keyboard in a remote session. This issue often occurs when you are rotating the device and then closing and reopening the software keyboard. After the error has occurred, all subsequent remote desktop sessions opened are not visible.
Workaround: Reload the Web browser page.
Smart Policy changes do not take effect immediately after reconnecting to a remote desktop. After you change the Smart Policy Clipboard and File Transfer from Allow all to Disable, the functions are disabled, but the text for the the Copy & Paste window shows the incorrect text. Also, if you are connected to a remote desktop from an HTML Access session when the Smart Policy Clipboard and File Transfer setting is changed and you disconnect, the changes do not take affect after you reconnect to the remote desktop.
Workaround: Log off from the remote desktop and reconnect to the remote desktop, then disconnect from the remote desktop and reconnect to the remote desktop again.
When H.264 decoding is enabled, if you use the sidebar to switch between remote desktops, or between remote desktops and published applications, the remote sessions become unresponsive. The remote sessions are still connected, but mouse clicks and other actions do not work.
Workaround: Close and reconnect to the remote desktop or published application sessions.
When using Chrome version 67 or later, you might receive an empty session after you start a remote desktop, enter multiple-monitor mode, move the mouse pointer to the second display monitor, and exit multiple-monitor mode.
Workaround: Manually resize the Chrome window or refresh the page.
The Linkclump Chrome extension interferes with proper right-click behavior. If you right-click text in a remote desktop, the right-click might behave as a left-click-and-drag action.
Workaround: Disable the extension, or go into the Chrome Linkclump Options page and enter the address of the Connection Server instance in the Blacklist section.
When you use HTML Access in a Chrome browser, you might encounter the following problems:
- Occasionally, when connecting to a remote desktop or published application after the session has timed out, a "Failed to connect the Connection Server" error message appears.
- A session is not opened when you connect to a powered off desktop.
Both problems have the same root cause, which is a third-party issue.
Workaround: For the first problem, dismiss the error message and reconnect to the remote desktop or published application. For the second problem, reload the browser or reconnect to the remote desktop.