You can use the vdmutil command-line interface to configure and manage the security mechanism used when JMS messages are passed between VMware Horizon components.
Syntax and Location of the Utility
The vdmutil command can perform the same operations as the lmvutil command that was included with earlier versions of VMware Horizon. In addition, the vdmutil command has options for determining the message security mode being used and monitoring the progress of changing all VMware Horizon components to Enhanced mode. Use the following form of the vdmutil command from a Windows command prompt.
vdmutil command_option [additional_option argument] ...
The additional options that you can use depend on the command option. This topic focuses on the options for message security mode. For the other options, which relate to Cloud Pod Architecture, see the Cloud Pod Architecture in Horizon document.
By default, the path to the vdmutil command executable file is C:\Program Files\VMware\VMware View\Server\tools\bin. To avoid entering the path on the command line, add the path to your PATH environment variable.
Authentication
You must run the command as a user who has the Administrators role. You can use Horizon Console to assign the Administrators role to a user. See "Configuring Role-Based Delegated Administration" in the Horizon Administration document.
The vdmutil command includes options to specify the user name, domain, and password to use for authentication.
| Option | Description |
|---|---|
| --authAs | Name of a Horizon administrator user. Do not use domain\username or user principal name (UPN) format. |
| --authDomain | Fully qualified domain name for the Horizon administrator user specified in the --authAs option. |
| --authPassword | Password for the Horizon administrator user specified in the --authAs option. Entering "*" instead of a password causes the vdmutil command to prompt for the password and does not leave sensitive passwords in the command history on the command line. |
You must use the authentication options with all vdmutil command options except for --help and --verbose.
Options Specific to JMS Message Security Mode
The following table lists only the vdmutil command-line options that pertain to viewing, setting, or monitoring the JMS message security mode. For a list of the arguments you can use with a specific option, use the --help command-line option.
The vdmutil command returns 0 when an operation succeeds and a failure-specific non-zero code when an operation fails. The vdmutil command writes error messages to standard error. When an operation produces output, or when verbose logging is activated by using the --verbose option, the vdmutil command writes output to standard output, in US English.
| Option | Description |
|---|---|
| --activatePendingConnectionServerCertificates | Activates a pending security certificate for a Connection Server instance in the local pod. |
| --countPendingMsgSecStatus | Counts the number of machines preventing a transition to or from Enhanced mode. |
| --createPendingConnectionServerCertificates | Creates a new pending security certificate for a Connection Server instance in the local pod. |
| --getMsgSecLevel | Gets the enhanced message security status for the local pod. This status pertains to the process of changing the JMS message security mode from Enabled to Enhanced for all the components in a VMware Horizon environment. |
| --getMsgSecMode | Gets the message security mode for the local pod. |
| --help | Lists the vdmutil command options. You can also use --help on a particular command, such as --setMsgSecMode --help. |
| --listMsgBusSecStatus | Lists the message bus security status for all connection servers in the local pod. |
| --listPendingMsgSecStatus | List machines preventing a transition to or from Enhanced mode. Limited to 25 entries by default. |
| --refreshDesktopCertificates | Refresh certificates for all machines in the specified desktop in the local pod. |
| --setMsgSecMode | Sets the message security mode for the local pod. |
| --verbose | Activates verbose logging. You can add this option to any other option to obtain detailed command output. The vdmutil command writes to standard output. |
