You can use the vdmutil command-line interface to configure and manage the security mechanism used when JMS messages are passed between VMware Horizon components.

Syntax and Location of the Utility

The vdmutil command can perform the same operations as the lmvutil command that was included with earlier versions of VMware Horizon. In addition, the vdmutil command has options for determining the message security mode being used and monitoring the progress of changing all VMware Horizon components to Enhanced mode. Use the following form of the vdmutil command from a Windows command prompt.

vdmutil command_option [additional_option argument] ...

The additional options that you can use depend on the command option. This topic focuses on the options for message security mode. For the other options, which relate to Cloud Pod Architecture, see the Administering Cloud Pod Architecture in Horizon document.

By default, the path to the vdmutil command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin. To avoid entering the path on the command line, add the path to your PATH environment variable.

Authentication

You must run the command as a user who has the Administrators role. You can use Horizon Console to assign the Administrators role to a user. See "Configuring Role-Based Delegated Administration" in the Horizon Administration document.

The vdmutil command includes options to specify the user name, domain, and password to use for authentication.

Table 1. vdmutil Command Authentication Options
Option Description
--authAs

Name of a Horizon administrator user. Do not use domain\username or user principal name (UPN) format.

--authDomain

Fully qualified domain name for the Horizon administrator user specified in the --authAs option.

--authPassword

Password for the Horizon administrator user specified in the --authAs option. Entering "*" instead of a password causes the vdmutil command to prompt for the password and does not leave sensitive passwords in the command history on the command line.

You must use the authentication options with all vdmutil command options except for --help and --verbose.

Options Specific to JMS Message Security Mode

The following table lists only the vdmutil command-line options that pertain to viewing, setting, or monitoring the JMS message security mode. For a list of the arguments you can use with a specific option, use the --help command-line option.

The vdmutil command returns 0 when an operation succeeds and a failure-specific non-zero code when an operation fails. The vdmutil command writes error messages to standard error. When an operation produces output, or when verbose logging is enabled by using the --verbose option, the vdmutil command writes output to standard output, in US English.

Table 2. vdmutil Command Options
Option Description
--activatePendingConnectionServerCertificates Activates a pending security certificate for a Connection Server instance in the local pod.
--countPendingMsgSecStatus Counts the number of machines preventing a transition to or from Enhanced mode.
--createPendingConnectionServerCertificates Creates a new pending security certificate for a Connection Server instance in the local pod.
--getMsgSecLevel Gets the enhanced message security status for the local pod. This status pertains to the process of changing the JMS message security mode from Enabled to Enhanced for all the components in a VMware Horizon environment.
--getMsgSecMode Gets the message security mode for the local pod.
--help Lists the vdmutil command options. You can also use --help on a particular command, such as --setMsgSecMode --help.
--listMsgBusSecStatus Lists the message bus security status for all connection servers in the local pod.
--listPendingMsgSecStatus List machines preventing a transition to or from Enhanced mode. Limited to 25 entries by default.
--setMsgSecMode Sets the message security mode for the local pod.
--verbose Enables verbose logging. You can add this option to any other option to obtain detailed command output. The vdmutil command writes to standard output.