- 2852439: When administrators try to access the Horizon console without closing the browser or opening a new session in another tab or reloading the page after leaving the interface idle on the Login Page for an extended period of time (longer than the value for Global Settings Timeout), they are not able to login even with correct credentials.
Workaround: Open a new session in another tab or reload the login page.
- 1778303: When you restart or reset a virtual machine for which an end user session exists in a desktop pool from vCenter Server or from the Windows Operating System menu, the virtual machine restarts but the status of the virtual machine might appear in the “Already Used” state in Horizon Console.
This problem can occur for the following pool types:
- Instant-clone desktop pools.
- Full-clone floating desktop pools with "Delete on log Off" enabled.
Workaround: Use Horizon Client to restart or reset the virtual machine in the instant-clone desktop pool. If the virtual machine is already in the “Already Used” state, remove the virtual machine. This action automatically creates a new virtual machine based on the pool provisioning settings.
- 1817536: If you provision instant clones on local datastores, the corresponding hosts cannot be put into maintenance mode. This occurs because the internal VMs and the instant clones are stored on local datastores so they cannot be migrated.
Workaround: Delete the instant-clone desktop pool. This will delete the related VMs and enable the corresponding hosts to enter maintenance mode.
- 1548405: Universal Windows Platform (UWP) applications are not supported as published applications on Windows Server 2016 and Windows Server 2019 RDS hosts.
- 1605667: For True SSO, the connectivity status between the Connection Server instance and the enrollment server is displayed only on the System Health Status dashboard for the connection server that you are using to access Horizon Console. For example, if you are using https://server1.example.com/admin for Horizon Console, the connectivity status to the enrollment server is collected only for the server1.example.com connection server. You might see one or both of the following messages:
- The primary enrollment server cannot be contacted to manage sessions on this connection server.
- The secondary enrollment server cannot be contacted to manage sessions on this connection server.
It is mandatory to configure one enrollment server as primary. Configuring a secondary enrollment server is optional. If you have only one enrollment server, you will see only the first message (on error). If you have both a primary and a secondary enrollment server and both have connectivity issues, you will see both messages.
- 1850273: When you set up True SSO in an environment with CAs and SubCAs with different templates setup on each of them, you are allowed to configure True SSO with a combination of template from a CA or SubCA with another CA or SubCA. As a result, the dashboard might display the status of True SSO as green. However, it fails when you try to use True SSO.
- 1864310: In Horizon Help Desk Tool, the pod name does not appear if the session is a local session or a session running in the local pod.
Workaround: Set up the Cloud Pod Architecture environment to view pod names in Horizon Help Desk Tool.
- 1880134: The Workspace ONE mode setting does not get reflected in the replica server from Workspace ONE.
Workaround: Configure the Workspace ONE mode in Connection Server.
- 1830046: When you create full-clone desktop pools, sometimes wrong templates are displayed and valid templates are hidden due to a cache issue.
Workaround: Restart Connection Server.
- 1618140: When you try to add a SAML authenticator in Horizon Console, the Add button is disabled on the Manage SAML Authenticators page.
Workaround: Log in to Horizon Console as a user who has the Administrators or Local Administrators role.
- 1880355: In a Cloud Pod Architecture environment, pre-launched application sessions from global application entitlements are not shown in Inventory > Search Sessions in Horizon Console.
Workaround: Log in to the Horizon Console user interface for a Connection Server instance in the hosting pod and select Monitoring > Events to view pre-launched session information.
- 1569435: For Intel vDGA, only the Haswell and Broadwell series of Intel integrated GPUs are supported. Broadwell integrated GPUs are supported only on vSphere 6 Update 1b and later. Haswell integrated GPUs are supported on vSphere 5.5 and later. The GPU must be enabled in the BIOS before it can be recognized by ESXi. For more information, see the documentation for your specific ESXi host. Intel recommends leaving the graphics memory settings in the BIOS set to their default values. If you choose to change the settings, keep the aperture setting at its default (256M).
- 2713712: When using Microsoft Teams Optimization Pack with Horizon Client for Mac or Horizon Client for Linux client published applications, screen sharing is not supported.
- 1946086, 1936954: For vCenter Server 6.0 U3 or later, including vCenter Server 6.5, internal parent VMs migrate to another host during failure. This migration causes an issue because unnecessary parent VMs reside on the destination host.
Workaround: Manually remove these parent VMs. For more information, see the Setting Up Virtual Desktops in Horizon document.
- 1951074, 1936743: To reduce the possibility of memory exhaustion, vGPU profiles with 512 MB or less of frame buffer support only one virtual display head on a Windows 10 guest operating system.
The following vGPU profiles have 512 Mbytes or less of frame buffer:
- Tesla M6-0B, M6-0Q
- Tesla M10-0B, M10-0Q
- Tesla M60-0B, M60-0Q
- GRID K100, K120Q
- GRID K200, K220Q
Workaround: Use a profile that supports more than one virtual display head and has at least one GB of frame buffer.
- 1952105, 1928484: Virtual desktops and published desktops and application pools fail to launch if they have the client restriction feature enabled and are entitled to a domain that is configured with a one-way AD trust.
- 1935659, 1841221: After an upgrade, the option to add a farm is grayed out if you have a role with the "Manage Farms and Desktops and Application Pools" (object-specific privilege).
Workaround: Edit the role or create the role again with the "Manage Farms and Desktops and Application Pools" privilege, which also adds the “Manage Global Configuration and Policies” privilege.
- 1961900: After an upgrade, the bookmarks do not appear in Workspace ONE.
Workaround: Add the bookmarks from the catalog in Workspace ONE again.
- 2020365, 2018588: After you disconnect and reconnect the network cable and click "Disconnect and Log Off" on the client machine, the remote desktop does not disconnect and log off.
Workaround: Manually close the window of the remote desktop and disconnect from the remote session.
- 2024833: When you create full clones with the Sysprep customization method, customization and domain joining sometimes fails on Windows 10 guest operating systems.
Workaround: This occurs because of a Microsoft Windows issue. To resolve this issue, follow the steps in Microsoft help article
Sysprep fails after you remove or update Microsoft Store apps that include built-in Windows images.
- 2085293, 2000494: Login to Horizon Console from the Internet Explorer browser displays only keywords instead of icons. This issue occurs when you connect to a Connection Server using an IP address instead of a DNS name.
Workaround: Use a DNS name instead of an IP address when connecting. For more information, see VMware Knowledge Base (KB) article 2150307.
- 2085284, 2001591: When you use Safari version 10.1.1 as the Web browser to log in to Horizon Console with a Fully Qualified Domain Name, user interface issues such as the bottom panels appearing blank can occur.
Workaround: Safari version 10.1.1 is not a supported Web browser version for Horizon Console. Use a Safari version earlier than version 10.1.1 or version 11.0.2 and later to log in to Horizon Console.
- 2074958, 2067873: The following user interface issues occur in Horizon Help Desk Tool for global Linux sessions in a Cloud Pod Architecture deployment:
- An internal error occurred message appears, the Skype for Business status is not displayed, and the operating system version displays as “-” when you click the session details on the Details tab.
- A “failed to get Remote Assistance ticket” message appears when you click Remote Assistance.
- An internal error occurred message appears when you click the Applications tab.
Workaround: None. Horizon Help Desk does not support the following user interface features for Linux desktops: Skype for Business status, Remote Assistance, Applications tab, and the session idle status.
- 2104955, 2104953: Horizon Console does not update the space reclamation information for a vCenter Server on vSphere version 6.7 that uses the VMFS6 with the automatic UNMAP feature.
- 2085281, 2000267: Login to Horizon Console fails if you use the IP address to login to Horizon Console on a Firefox, Google Chrome, Microsoft Edge, Firefox, or Safari Web browser.
Workaround: Use the Fully Qualified Domain Name (FQDN) to login to Horizon Console. For more information on using FQDN to log in to Web applications, see the Horizon Security document.
- 2091333: After an upgrade to vSphere 6.7, you cannot use the custom specification created with a vSphere version earlier than 6.7.
Workaround: After an upgrade to vSphere 6.7, create a new custom specification and use this specification for pool provisioning.
- 2093129, 2069708: Horizon Help Desk Tool displays the logon time for both the brokering pod and the hosting pod but does not display the logon time for a pod that is neither the brokering pod nor the hosting pod. Horizon Help Desk Tool displays the logon time after a few minutes for the hosting pod if the brokering pod is a remote pod.
Workaround: If Horizon Help Desk Tool does not display the logon time for the hosting pod, close the page that displays session details, wait 7-8 mins and navigate to the Details tab to view the session details again.
- 2111978, 2073141: VMware Identity Manager sometimes fails to launch desktops. When you save SAML configuration details for the first time in VMware Identity Manager with SAML enabled on Connection Server, desktops do not start.
Workaround: Save the profile again and perform a sync operation on the new profile. The sync operation can occur every hour or day, as set by the administrator.
- 2091127, 2030609: In Horizon Console, you can add a remote access user as an unauthenticated access user. However, unauthenticated access users cannot get remote access from external gateways. The user will not be able to access virtual desktops and can only launch applications as an unauthenticated access user. If the user tries to login with normal access, an “Incorrect authentication type requested” error message appears.
- 2126853: Horizon Single Sign On fails when the scope of the trust authentication setting is set to “Selective Authentication".
Workaround: Use one of the following workarounds to resolve this issue.
- Use domain-wide authentication.
- Continue to use the “Selective Authentication” security setting, but explicitly grant each Horizon Connection Server host (local system) accounts the "Allowed to Authenticate" permission on all the domain controllers of the computer objects (resource computers) that reside in the trusting domain or forest. For information on how to grant the "Allowed to Authenticate" permission, see the Microsoft article Grant the Allowed to Authenticate permission on computers in the trusting domain or forest."
- 2146919: With the Cloud Pod Architecture feature, in certain circumstances RDS licensing servers issue multiple permanent licences to the same client in a mixed-mode licensing environment.
Workaround: None. This problem is a third-party issue and is inline with the way Microsoft RDS license servers issue licenses.
- 2172518, 2171733: The following issues occur when you browse the datastore while editing an automated desktop pool that contains full virtual machines:
- On the vCenter Settings tab, click “Browse Datastore”, the minimum recommended GB value is displayed.
- On the Provisioning Settings tab, increase the maximum number of machines, then select the vCenter Settings tab, and click “Browse Datastore.” The minimum recommended GB value increases but gets added to the existing value.
- For a desktop pool that contains three machines with one available and one still in the customizing or provisioning phase, edit the desktop pool and then select the vCenter Settings tab, and click “Browse Datastore.” The minimum recommended GB value is displayed for the total of three machines.
- 2172519, 2171735: The following issues occur when you browse the datastore while editing instant-clone desktop pools:
- After an instant-clone desktop pool has all the machines in the available state, edit the desktop pool, on the vCenter Settings tab, click “Browse Datastore”. The Minimum Recommended (GB), Maximum Recommended (GB), and 50% Utilization values have positive values.
- After an instant-clone desktop pool has all the machines in the available state, edit the desktop pool, on the Provisioning Settings tab, increase the maximum number of machines, then on the vCenter Settings tab click “Browse Datastore”. The Minimum Recommended (GB), Maximum Recommended (GB), and 50% Utilization values increase but get added to the existing value.
- For a desktop pool that contains three machines with one available and one still in the customizing or provisioning phase, edit the desktop pool and then select the vCenter Settings tab, and click “Browse Datastore.” The Minimum Recommended (GB), Maximum Recommended (GB), and 50% Utilization values are shown for all three machines.
- 2166765: After you create an automated desktop pool that contains full virtual machines with two or more names with the “#Unassigned machines kept powered on” value less than the actual names specified and then edit the pool, the “#Unassigned machines kept powered on” field does not accept a value equal to the total number of names specified during the pool creation process and displays an incorrect error message.
- 1629622: Attempts to connect to the HTML Access portal or one of the administration consoles using an IP address or CNAME fails for most browsers without additional configuration. In the majority of these cases, an error is reported but sometimes a blank error message is displayed.
Workaround: To resolve this issue, see “Origin Checking” in the Horizon Security document.
- 2175332: When configuring Skype for Business, there is an optional feature to enable Media Bypass which bypasses the Mediation Server.For Skype for Business optimized calls to and from PSTN users, media will always route through the Mediation Server regardless if Media Bypass is enabled.
Workaround: None. Media Bypass is not supported with the Virtualization Pack for Skype for Business. See VMware Knowledge Base (KB) article 56977.
- 2217199: If the same user exists in both Connection Server pods that need to be paired in a Cloud Pod Architecture environment, Horizon Console displays the value for “Source Pods” as 2 and sources the user from both pods. An administrator can edit the user from both pods, which might cause inconsistencies in user configuration during hybrid logon. Additionally, hybrid logon for the user cannot be disabled.
Workaround: You must delete the user from both pods and then recreate the user and configure the user for hybrid logon.
- 2222221: Core-dump error messages are generated while adding Virtual Volumes datastores on nested ESXi or nested virtual ESXi.
- 2290228, 2242574: In Horizon Console, custom roles with the Manage Help Desk (Read Only) privilege are shown as being applicable to access groups.
- 2277110: When you add a vCenter Server to Connection Server using an existing PowerShell script, the following error message appears:
Failed to add vc instance: No enum constant com.vmware.vdi.commonutils.Thumbprint.Algorithm.SHA-1
This issue occurs because the certificateEncoding property that indicates a certificate override for self-signed certificates is added in Horizon 7 version 7.8. Therefore, earlier versions of VMware PowerCLI scripts that have an incorrect value of SHA-1 fail.
Workaround: Update the PowerShell scripts to use the property value DER_BASE64_PEM instead of SHA-1. For example, set $certificate_override.sslCertThumbprintAlgorithm = 'DER_BASE64_PEM'.
- 2356156: When a Universal Windows Platform (UWP) application is upgraded, the path containing the version changes, and the application is unreachable by the original path. The app status is Unavailable in Horizon Console and a user cannot launch the app.
Workaround: Update the app path in Horizon Console after an upgrade and verify the app status is Available. Alternatively, do not upgrade the app.
- 2330942: When device filtering is configured for the client drive redirection feature, and a user uses the RDP display protocol to connect, device filtering does not work.
Workaround: When device filtering is configured for client drive redirection, configure Connection Server so that RDP connections are not allowed.
- 2300801: The True SSO desktop unlock feature is supported in PCoIP and Blast protocols, but not in Remote Desktop Protocol (RDP).
- 2358355, 2353567: In Horizon Console, the user or group summary fails to load due to domain trust issues in the following cases:
- When users and groups belong to a one-way trust domain and the logged in administrator has the necessary permissions from a one-way trust domain.
- When users and groups belong to a two-way trust domain and the logged in administrator has the necessary permissions from a two-way trust domain.
- When users and groups belong to a one-way or two-way trust domain and the logged in administrator is from the child domain and has the necessary permissions.
- 2363188, 2354034: In Horizon Console, some events might not be listed because the Connection Server time is set incorrectly with respect to the Connection Server time zone.
- 2366007, 2339388: You can recover an instant-clone virtual machine with an active session in Horizon Console.
- 2516216, 2514333: The Pre-launch and Use Home Site options do not work well together for global application entitlements. When you create a global application entitlement, if you enable both the Pre-launch and Use Home Site options, the pre-launched session might not be created from the home site. This problem occurs because the same session is used to start subsequent applications, and those sessions are not started from the home site.
- 2510477, 2500272: The following error message can appear while installing or uninstalling Connection Server:
Error opening installation log file. Verify that the specified location exists and is writable.
This error occurs due to a third-party Microsoft error. For details see this Microsoft help article.
Workaround: Restart the virtual machine on which the Connection Server is installed.
- 2686004, 2672069: The CSRF feature for Horizon HTML Access introduced in Horizon 2006 does not support the combination of a pre-login message configured on Connection Server with SAML authentication through Unified Access Gateway.
Workaround: If you use this combination of features and Horizon version, disable this pre-login message on Connection Server. A pre-login message should instead be configured on the SAML IdP, so that it is presented to the user before the user enters their credentials.