VMware Horizon 8 2312 | 23 JAN 2024

Check for additions and updates to these release notes.

With VMware Horizon 8, IT departments can run remote desktops and applications in the data center and deliver these desktops and applications to employees. End users gain a familiar, personalized environment that they can access from any number of devices anywhere throughout the enterprise or from home. Administrators gain centralized control, efficiency, and security by having desktop data in the data center.


  • Horizon 8 2312 is not supported with vSphere 6.5 or vSphere 6.7, which are both past the end of General Support.  Horizon 8 2312 Instant Clones are incompatible with vSphere 6.5 and vSphere 6.7 so you must upgrade to vSphere 7.0 or later before upgrading to Horizon 8 2312 if you are using Instant Clones.

  • TLS 1.3 is now supported on most Horizon 8 components and considered the preferred security protocol when operating in non-FIPS mode. However, the Connection Server 2312 release does not support TLS 1.3 and uses TLS 1.2 instead by default. Therefore, TLS 1.2 must remain enabled on components that interact directly with Connection Server.

  • In FIPS mode, Horizon 8 2312 is compatible with all Horizon Client and Unified Access Gateway releases, including versions earlier than 2312. However, to use a Horizon Client version 2312 or later in FIPS mode, you must use Connection Server version 2312 or later; if using Unified Access Gateway, you must also use Unified Access Gateway 2312 or later. For more information, see VMware Knowledge Base (KB) article 95144.

  • Microsoft security update (KB 5014754) will impact customers using certificate-based authentication such as smartcards. If you have applied this update to your Windows Domain Controllers and if you have not mapped certificates to one of the strong mapping types described in the Microsoft KB, then users will be denied authentication when the full enforcement mode is activated by Microsoft.  See the above KB for details on the full enforcement mode date. To address this issue the Horizon 8 2309 release allowed administrators to configure certificate mappings to one of the strong types from the Horizon console. If you are using certificate-based authentication, then we recommend that you upgrade to this release to configure certificate mappings. See KB 91595 for details.

    In the 2312 release, we tested the impact of this Microsoft update on TrueSSO. You do not have to take any action after installing this Microsoft security update if you are using TrueSSO.

  • Horizon Agent no longer supports Windows Server 2012 R2 in a guest OS for new and existing deployments. Starting with this release, the use of Windows Server 2012 R2 is no longer supported for Horizon Connection Server and Horizon Enrollment Server deployments. Please use Windows Server 2016 or later. See https://learn.microsoft.com/en-us/lifecycle/announcements/windows-server-2012-r2-end-of-support for details. 

  • Microsoft released security updates KB5008383 and KB5020276.  While VMware has determined that KB5008383 does not impact Horizon Full Clones and Instant Clones, KB 5020276 does if you have selected “Allow Reuse of Existing Computer Accounts”.  See KB 92214 for details.

What's New

VMware Horizon 8 version 2312 includes the following new features and enhancements.

Horizon 8 2312 is an Extended Service Branch (ESB). Approximately once a year, VMware designates one VMware Horizon release as an Extended Service Branch (ESB). An ESB is a parallel release branch to the existing Current Releases (CR) of the product. By choosing to deploy an ESB, customers receive periodic service packs (SP) updates, which include cumulative critical bug fixes and security fixes. Most importantly, there are no new features in the SP updates, so customers can rely on a stable Horizon platform for their critical deployments. For more information on the ESB and the Horizon versions that have been designated an ESB, see VMware Knowledge Base (KB) article 86477.

  • Blast Secure Gateway

    • Blast Secure Gateway now supports the TLS 1.3 security protocol. This release drops support for TLS 1.0.

  • Virtual Desktops and Applications

    • Administrators can now use the Suspend Remote Machine Power Policy for NVidia vGPU enabled instant clone pools. This is enabled by ESXi which has support for suspend/resume power policies on VMs with Nvidia vGPUs.  Note only ESXi versions 6.7 or higher has this support.

    • Administrators can provide a method for launching a desktop or published application on a specific machine within the pool or farm, for testing and troubleshooting purposes.  To configure and use this feature, see the Desktops and Applications in Horizon 8 guide for details on the Allow Machine Name Selection setting, and the VMware Horizon Client for Windows guide for details on the -machineName command line option.

    • When scheduling maintenance for automated instant clone farms, and selecting the Wait for users to logoff option, Horizon will automatically disable RDS Hosts, thereby preventing new connections, to allow sessions to drain and maintenance to occur.  See the Schedule Maintenance for an Automated Instant-Clone Farm in Horizon topic in the Desktops and Applications in Horizon 8 guide for more details.

    • Administrators can set the Used VM Policy setting in the UI within pool settings, eliminating the need for manual ADAM DB configuration, This will eliminate a desktop that is set to refresh or delete after logging off is reset, the desktop goes into the Already Used state, or possibly the Agent Disabled state.

    • The agent auto upgrade feature allows customers to automatically initiate upgrades without manual intervention. To utilize this feature, on-premises systems must have access to CDS servers and the Horizon View Pods need to be onboarded to Horizon Cloud Service - next-gen  Control Plane. Customers without CDS access can establish their webserver, host the agent components, and then register the agent build with the connection server to upgrade agents in VDI/RDSH desktops.  This feature requires Horizon Plus or Horizon Universal License, and is available for Full Clone Desktops and RDSH Servers only.  To upgrade Horizon Agent in Instant Clone Desktop Pools or RDS Farms, upgrade Horizon Agent on the Golden Image and schedule maintenance to push the new image.

    • You can now configure a timeout value for the unprime task which is part of instant clone provisioning workflows. Use the new LDAP setting "cs-UnprimeImageTimeoutMins" to change the default timeout value of 30 minutes. This is useful in scenarios where you want to update the golden image on hundreds of vGPU-enabled instant clone VMs at the same time. This can lead to longer times for power on/power off operations resulting in extended duration of lock on a golden image during the unprime task and can cause a timeout error if the lock duration exceeds the current default of 30 minutes. Adjusting the timeout as needed can avoid such errors.

    • Horizon 8 now supports vSAN 8 Express Storage Architecture (ESA) for both full and instant clones.  For more information on vSAN 8 ESA, see the ESA FAQ.

  • Horizon Console

    • You can now personalize the reset client password message directly through the Connection Server Admin console. This enhanced feature allows administrators to tailor a specific message for end users attempting to reset their password, especially when the password policy requirements are not met.

    • Horizon 8 now provides a GUI for the forensics feature. This feature delivers Forensics Administrators user-related information and details on forensic actions directly within the machines section and is specifically designed for instant clone desktops.

  • Horizon Connection Server

    • Horizon Connection Server and Horizon Enrollment Server are no longer supported on Windows Server 2012 R2.  Please use Windows Server 2016 or later.

    • This release of Horizon Connection Server includes Apache Tomcat 9.0.83.

    • The Certificate Management feature now supports management of cluster level certificates (vdm.ec) from Horizon console. Earlier, this feature was limited to machine level certificates (vdm). With this addition, Admins can generate CSR and import CA-signed certificates into a certificate store on Connection Server. Admins can also view certificate information, export in-use certificates and delete certificates from Horizon console. This feature also adds a capability to temporarily remove certificates and then restore them when necessary allowing Admins to keep the certificates without permanently deleting them from the certificate store.

    • The tombstone-lifetime period for Horizon LDAP is decreased from 180 to 60 days for new and upgraded environments, thereby reducing the length of time that deleted objects remain in Horizon LDAP and improving replication performance.  This change affects both the local pod LDAP as well as the global LDAP used in CPA environments. For a description of the tombstone-lifetime attribute, see https://learn.microsoft.com/en-us/windows/win32/adschema/a-tombstonelifetime.

    • The Horizon Cloud Entitlement On-Ramp feature eliminates the requirement for multiple URLs, logouts, or additional authentication for users when accessing Horizon 8 and Horizon Cloud on Azure desktops. This feature is currently supported for users of Horizon Client for Windows 2312 and later.

  • Horizon Agent for Windows

    • DEEM agent integration was enhanced to support in-guest VM telemetry, including use cases for application resource utilization, usage, hang and crash information, and more.

    • Media Optimization for Microsoft Teams allow users to blur backgrounds, select effects, or select an available background image before or during a video call or meeting. Administrators can also specify a background image for users as part of a company mandate.

    • The TLS 1.3 security protocol is supported. This release drops support for TLS 1.0.

    • Horizon Agent no longer supports the Blast protocol EncoderSwitch. See kb.vmware.com/kb/96214 for details.

    • Horizon Agent adds lossless support in the Blast protocol by introducing the Build to Lossless GPO setting and EncoderBuildToLossless registry key.

  • Horizon Agent for Linux

    • This release adds support for the following Linux distributions:

      • Debian 12.2

      • Red Hat Enterprise Linux (RHEL) Workstation 8.9 and 9.3

      • Red Hat Enterprise Linux (RHEL) Server 8.9 and 9.3

      • Rocky Linux 8.9 and 9.3

    • The new Easy Setup Tool (easyinstall_viewagent.sh) simplifies the preparation of Linux machines by performing all required system configurations and agent installation steps.

    • The TLS 1.3 security protocol is supported. This release drops support for TLS 1.0.

    • Horizon Agent no longer supports the Blast protocol EncoderSwitch. See kb.vmware.com/kb/96214 for details.

    • Horizon Agent adds lossless support in the Blast protocol by introducing the RemoteDisplay.buildToLossless configuration option in /etc/vmware/config.

  • Horizon GPO Bundle

    • You can configure file filter for drag and drop redirection when you set the group policy Configure file filter for drag and drop.

    • Blast uses build-to-lossless mode, which results in the highest display quality when you set the group policy Build to Lossless.

    • You can set the group policy Synthetic Keystroke Blocking to block client endpoints from sending potentially malicious, synthetic keystrokes to remote desktops and applications.


    Horizon 2309 release introduced a new variation of guest customization using sysprep where computer accounts are pre-created using Microsoft Sysprep and not by Horizon. This feature is useful for users facing instant clone customization errors in their multi-site and multi-domain environments as described in KB2147129. This release adds support for REST API for this feature.

Horizon 8 API

For the latest set of Horizon 8 APIs, see the VMware Horizon API and navigate to the current release in the drop down.  Click on the Documentation tab for more details and examples on how to use the API.

Horizon Cloud Connector and Horizon Edge

Applicable to customers with VMware Horizon Universal Subscription, Horizon Enterprise Plus Subscription, Horizon Standard Plus Subscription, Horizon Apps Universal Subscription, or Horizon Apps Standard Subscription. 

The Horizon Cloud Connector virtual appliance is a required component for connecting VMware Horizon 8 to Horizon Control Plane current-gen for subscription licensing enablement and additional Horizon Cloud SaaS services.  The Horizon Edge is a required component for connecting VMware Horizon 8 to Horizon Control Plane next-gen for subscription licensing enablement and additional Horizon Cloud SaaS services.

Horizon 8 Deployed on Public Cloud SDDCs

For a list of VMware Horizon 8 features supported on Azure VMware Solution (AVS), see VMware Knowledge Base article 80850.

For a list of VMware Horizon 8 features supported on VMware Cloud on AWS, see VMware Knowledge Base article 58539.

For a list of VMware Horizon 8 features supported on Google Cloud VMware Engine, see VMware Knowledge Base article 81922.

For a list of VMware Horizon 8 features supported on Oracle Cloud VMware Solution, see VMware Knowledge Base article 88202.

For a list of VMware Horizon 8 features supported on Alibaba Cloud VMware Service, see VMware Knowledge Base article 92140.

Before You Begin

  • You cannot mix IPv4 and IPv6 pods in a single CPA federation.  They have to all be IPv4 or IPv6.

  • Microsoft Internet Explorer is no longer supported for Horizon Console from Horizon 2111 onward. As Horizon Console is migrating to VMware clarity widgets which do not support Internet Explorer, we have removed Internet Explorer from the list of supported browsers for Horizon Console.

  • VMware Virtualization Pack for Skype for Business is no longer supported in this release. When using this release of Horizon Client with Horizon Agent 2212 or earlier, VMware Virtualization Pack for Skype for Business will continue to run in fallback mode.

  • Important note about installing VMware Tools: If you plan to install a version of VMware Tools downloaded from VMware Product Downloads, rather than the default version provided with vSphere, make sure that the VMware Tools version is supported. To determine which VMware Tools versions are supported, go to the VMware Product Interoperability Matrix. (Supported versions: 11.1.0, 11.0.6, 10.3.22, 10.3.21). There are also performance issues with the 11.x versions of VMware Tools. For more information, see VMware Knowledge Base article 78434.

  • Downgrading Connection Server instances is not supported. To revert to a previous version after an upgrade, restore from backup. For more information, see Create a Replicated Group After Reverting Connection Server to a Snapshot.

  • It is possible that the ordering of cipher suites can be enforced by Connection Server. For more information, see Horizon Security.

  • Connection Server must be able to communicate on port 32111 with other Connection Servers in the same pod. If this traffic is blocked during installation or upgrade, installation will not succeed.

  • TLS handshakes on port 443 must complete within 10 seconds, or within 100 seconds if smart card authentication is enabled. In previous releases of VMware Horizon, TLS handshakes on port 443 were allowed 100 seconds to complete in all situations. You can adjust the time for TLS handshakes on port 443 by setting the configuration property handshakeLifetime. Optionally, the client that is responsible for an over-running TLS handshake can be automatically added to a blacklist. New connections from blacklisted clients are delayed for a configurable period before being processed so that connections from other clients take priority. You can enable this feature by setting the configuration property secureHandshakeDelay. For more information about setting configuration properties, see Horizon Security.

  • If you have FIPS mode enabled, you cannot mix Horizon 7.10.3 pods and any Horizon 8.x pods in a single CPA federation.  In addition, you cannot upgrade the original Horizon 7.10.3 version directly to a Horizon 8.x pod.  You will first need to upgrade to a patched 7.10.3. Contact VMware Customer Connect on how to obtain the patch.

  • When you deploy an instant clone as a RDS host, do not reboot the RDS host directly from within the Windows Server OS. Instead, refresh the instant clone VM using the push image workflow.

  • In VMware Horizon 8, internal validation checks determine if the instant clone and internal template have valid IP addresses and a network connection. If a virtual machine has a NIC that cannot be assigned an IP address during provisioning, instant-clone provisioning fails.

    The forwarding rules for HTTP requests received by Connection Server instances have changed at this release. If you have defined custom frontMapping entries in locked.properties, you should remove them before upgrading. If you wish to disallow administrator connections to certain Connection Server instances, then instead of defining custom frontMapping entries, add this entry to locked.properties:

    frontServiceWhitelist = tunnel|ajp:broker|ajp:portal|ajp:misc|moved:*|file:docroot

  • In VMware Horizon 8, the viewDBChk tool will not have access to vCenter credentials and will prompt for this information when needed.

  • Microsoft Windows Server requires a dynamic range of ports to be open between all Connection Servers in the VMware Horizon 8 environment. These ports are required by Microsoft Windows for the normal operation of Remote Procedure Call (RPC) and Active Directory replication. For more information about the dynamic range of ports, see the Microsoft Windows Server documentation.

  • Screen DMA is disabled by default in virtual machines that are created in vSphere 6.0 and later. VMware Horizon 8 requires screen DMA to be enabled. If screen DMA is disabled, users see a black screen when they connect to the remote desktop. When VMware Horizon 8 provisions a desktop pool, it automatically enables screen DMA for all vCenter Server-managed virtual machines in the pool. However, if Horizon Agent is installed in a virtual machine in unmanaged mode (VDM_VC_MANAGED_AGENT=0), screen DMA is not enabled. For information about manually enabling screen DMA, see VMware Knowledge Base (KB) article 2144475.

  • To use View Storage Accelerator in a vSphere environment, a desktop virtual machine must be 512GB or smaller. View Storage Accelerator is disabled on virtual machines that are larger than 512GB. Virtual machine size is defined by the total VMDK capacity. For example, one VMDK file might be 512GB or a set of VMDK files might total 512GB. This requirement also applies to virtual machines that were created in an earlier vSphere release and upgraded to vSphere 5.5.

  • The Global Policy, Multimedia redirection (MMR), defaults to Deny. To use MMR, you must open Horizon Console, edit Global Policies, and explicitly set this value to Allow. To control access to MMR, you can enable or disable the Multimedia redirection (MMR) policy globally or for an individual pool or user. Multimedia Redirection (MMR) data is sent across the network without application-based encryption and might contain sensitive data, depending on the content being redirected. To ensure that this data cannot be monitored on the network, use MMR only on a secure network.

  • The USB Redirection setup option in the Horizon Agent installer is deselected by default. You must select this option to install the USB redirection feature. For guidance on using USB redirection securely, see Deploying USB Devices in a Secure VMware Horizon Environment.

  • For information on security considerations and disallowing inter-virtual machine transparent page sharing, see VMware KB article 2080735.

  • If a PCoIP Secure Gateway (PSG) has been deployed for PCoIP connections, zero client firmware must be version 4.0 or later.

  • RC4, SSLv3, TLSv1.0 and TLSv1.1 are disabled by default in VMware Horizon 8 components, in accordance with RFC 7465, "Prohibiting RC4 Cipher Suites," RFC 7568, "Deprecating Secure Sockets Layer Version 3.0," PCI-DSS 3.1, "Payment Card Industry (PCI) Data Security Standard", and SP800-52r1, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations." If you need to re-enable RC4, SSLv3, TLSv1.0 or TLSv1.1 on a Connection Server or Horizon Agent machine, see Older Protocols and Ciphers Disabled in View.

  • VMware Horizon 8 uses version m86 of Microsoft WebRTC source code.

  • For best practices on using Carbon Black with Horizon 8, see VMware KB article 95512.

  • Horizon 8 supports vSAN 8 Express Storage Architecture (ESA) for both full and instant clones.  For more information on vSAN 8 ESA, see the ESA FAQ.

  • Horizon 8 supports a maximum of 500 virtual machines per ESXi host when using vSAN 8 ESA datastore. The achievable maximum depends on the workload and specifics of the hardware. For information on all Horizon configuration maximums, see VMware Configuration Maximums.


Check the VMware Product Interoperability Matrix before upgrading your Horizon deployment. Note the following guidance:

  • You can only upgrade to a version with a release date later than your current deployment. This may be confusing if you are upgrading from an ESB maintenance release.  For example, Horizon 7.13.3 was released after Horizon 8 version 2212, so you cannot upgrade from Horizon 7.13.3 to Horizon 2212.  You can only upgrade to a version that is released after the Horizon 7.13.3 release date, such as Horizon 2303.

  • When upgrading from a non-ESB version to an ESB version, the target ESB version must  be later that your current non-ESB release. For example, you cannot upgrade from Horizon 8 2203 (non-ESB) to Horizon 8 2111.1 (ESB) even though 2111.1 was released after 2203 (or you will lose features).  You can only upgrade to Horizon 8 2212 or later versions.

Compatibility Notes

The table below contains specific compatibility information as well as links to information located elsewhere.


Compatibility Information or Link

Horizon Client

Horizon Client with Windows 10 and 11


Horizon Agent

Horizon Agent with Windows 10 and 11 - guest operating systems on single-user machines and RDS hosts


Horizon Agent with OSs other than Windows 10 and 11 - guest operating systems on single-user machines and RDS hosts


Horizon with Windows 10 - update or upgrade requirements


Horizon Agent with Linux guest operating systems

System Requirements for Horizon Agent for Linux


Horizon Server

Horizon with Operating Systems, MSFT Active Directory Domain Functional Levels, and Events Databases


Horizon Software Interoperability

Horizon 8 2312 interoperability with VMware products

VMware Product Interoperability Matrix - Horizon 8 2312

Horizon 8 2312 with third-party products

VMware Product Interoperability Matrix - Horizon 8 2312 - 3rd Party

Horizon Hardware Compatibility

Horizon with third-party peripherals

VMware Validated Peripherals

Horizon with NVIDIA GPU cards


Resolved Issues

The list below indicates major issue(s) resolved in this release. The number provided before each resolved issue refers to the VMware internal issues tracking system.

  • HZN-1083: In Horizon CPA, unable to launch desktop from another pod after upgrading to 2306 or 2309, getting error "This desktop is currently not available."

Known Issues

The numbers included before the known issues refer to the issues logged in the VMware internal issue tracking system.

Horizon Connection Server

  • HZN-722: When users authenticate using a smartcard with Horizon Client, an event is logged that says "User null failed to authenticate". This event is harmless and can be ignored. This occurs only when Smart card authentication for users is set to Required.

    Workaround: None.

  • HZN-717: Smartcard certificate SSO to desktop fails when subject DN has non-English or special characters and the certificate does not contain the UPN of the user.

    Workaround: At the failed SSO screen, manually select the smartcard and input the PIN to log in.

  • 3154957: Customers connecting their Horizon 8 pods to the Horizon Cloud next-gen control plane to consume the Horizon SaaS Subscription licensing (Universal License and Plus License) see an incorrect license expiration date in the Horizon Console.

    Workaround: Ignore the License Expiration field in Horizon Console and refer to the customer connect portal for the actual expiration date. See https://kb.vmware.com/s/article/91037 for details.

  • 3073725: Number of issues reported for ESXi Hosts in the dashboard summary may not match with number of issues reported in the dedicated ESXi Host issues section in the dashboard.

    If NVIDIA GRID vGPU support detects a mismatch with the supported vGPUs for the given host, the issue count should be incremented but the count may not display in the UI.

    Workaround: View the warnings in Dashboard > System Health > View  > vSphere > ESX Hosts.

  • 3117780: The Edit vCenter model cannot be closed using the OK button when no changes are made.

    Workaround: Use the Cancel button to close the model.

  • 3076811: Admin console doesn’t open with localhost(loopback address) in IPv6.

    Workaround: Use the fully Qualified domain name instead of localhost in the URL to open the admin console. For example, if the fully qualified domain name is (test-machine-1.hzeipv6.local) then the URL to open the admin console would be: https://test-machine-1.hzeipv6.local/admin/

  • 2712612: Substituting cluster certificates causes True SSO configuration to fail.

    Workaround: Contact your VMware representative for assistance with this. The issue will be fixed in an upcoming release.

  • 3020358: Horizon Connection Server fails to validate the server certificate of a vCenter instance, preventing a successful connection. This can happen even if an older version of Horizon can connect successfully using the same certificate. In the Connection Server debug log, you will see an exception similar to this:

    2022-08-14T08:59:19.762-04:00 DEBUG (207C-17B4) <ajp-nio-> [Connection4] [EXCEPTION] Connection to the vCenter Server https://SITE-VCENTER.DOMAIN.FOREST:443/sdk failed.: javax.xml.ws.WebServiceException: Could not send Message. com.vmware.vdi.logger.Logger.debug(Logger.java:44)

    javax.xml.ws.WebServiceException: Could not send Message.....

    This is caused by javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://SITE-VCENTER.DOMAIN.FOREST:443/sdk: Certificates do not conform to algorithm constraints

    Workaround: Follow the steps in https://kb.vmware.com/kb/89331

  • 3004222: View API consumers like the MP4H Adapter invoke MachineDetailsView. This API fails intermittently with user data not found error.

    Workaround: None

  • 1778303: When you restart or reset a virtual machine for which an end user session exists in a desktop pool from vCenter Server or from the Windows Operating System menu, the virtual machine restarts but the status of the virtual machine might appear in the “Already Used” state in Horizon Console.

    This problem can occur for the following pool types:

    • Instant-clone desktop pools.

    • Full-clone floating desktop pools with "Delete on log Off" enabled.

    Workaround: Use Horizon Client to restart or reset the virtual machine in the instant-clone desktop pool. If the virtual machine is already in the “Already Used” state, remove the virtual machine. This action automatically creates a new virtual machine based on the pool provisioning settings.

  • 1817536: If you provision instant clones on local datastores, the corresponding hosts cannot be put into maintenance mode. This occurs because the internal VMs and the instant clones are stored on local datastores so they cannot be migrated.

    Workaround: Delete the instant-clone desktop pool. This will delete the related VMs and enable the corresponding hosts to enter maintenance mode.

  • 1548405: Universal Windows Platform (UWP) applications are not supported as published applications on Windows Server 2016 and Windows Server 2019 RDS hosts.

  • 1605667: For True SSO, the connectivity status between the Connection Server instance and the enrollment server is displayed only on the System Health Status dashboard for the connection server that you are using to access Horizon Console. For example, if you are using https://server1.example.com/admin for Horizon Console, the connectivity status to the enrollment server is collected only for the server1.example.com connection server. You might see one or both of the following messages:

    • The primary enrollment server cannot be contacted to manage sessions on this connection server.

    • The secondary enrollment server cannot be contacted to manage sessions on this connection server.

    It is mandatory to configure one enrollment server as primary. Configuring a secondary enrollment server is optional. If you have only one enrollment server, you will see only the first message (on error). If you have both a primary and a secondary enrollment server and both have connectivity issues, you will see both messages.

  • 1850273: When you set up True SSO in an environment with CAs and SubCAs with different templates set up on each of them, you are allowed to configure True SSO with a combination of templates from a CA or SubCA with another CA or SubCA. As a result, the dashboard might display the status of True SSO as green. However, it fails when you try to use True SSO.

  • 1864310: In Horizon Help Desk Tool, the pod name does not appear if the session is a local session or a session running in the local pod.

    Workaround: Set up the Cloud Pod Architecture environment to view pod names in Horizon Help Desk Tool.

  • 1880134: The Workspace ONE mode setting is not reflected in the replica server from Workspace ONE.

    Workaround: Configure the Workspace ONE mode in Connection Server.

  • 1880355: In a Cloud Pod Architecture environment, pre-launched application sessions from global application entitlements are not shown in Inventory > Search Sessions in Horizon Console.

    Workaround: Log in to the Horizon Console user interface for a Connection Server instance in the hosting pod and select Monitoring > Events to view pre-launched session information.

  • 1569435: For Intel vDGA, only the Haswell and Broadwell series of Intel integrated GPUs are supported. Broadwell integrated GPUs are supported only on vSphere 6 Update 1b and later. Haswell integrated GPUs are supported on vSphere 5.5 and later. The GPU must be enabled in the BIOS before it can be recognized by ESXi. For more information, see the documentation for your specific ESXi host. Intel recommends leaving the graphics memory settings in the BIOS set to their default values. If you choose to change the settings, keep the aperture setting at its default (256M).

  • 1946086, 1936954: For vCenter Server 6.0 U3 or later, including vCenter Server 6.5, internal parent VMs migrate to another host during failure. This migration causes an issue because unnecessary parent VMs reside on the destination host.

    Workaround: Manually remove these parent VMs. For more information, see the Windows Desktops and Applications in Horizon document.

  • 1951074, 1936743: To reduce the possibility of memory exhaustion, vGPU profiles with 512 MB or less of frame buffer support only one virtual display head on a Windows 10 guest operating system.

    The following vGPU profiles have 512 Mbytes or less of frame buffer:

    • Tesla M6-0B, M6-0Q

    • Tesla M10-0B, M10-0Q

    • Tesla M60-0B, M60-0Q

    • GRID K100, K120Q

    • GRID K200, K220Q

    Workaround: Use a profile that supports more than one virtual display head and has at least one GB of frame buffer.

  • 1952105, 1928484: Virtual desktops and published desktops and application pools fail to launch if they have the client restriction feature enabled and are entitled to a domain that is configured with a one-way AD trust.

    Workaround: None.

  • 1961900: After an upgrade, the bookmarks do not appear in Workspace ONE.

    Workaround: Add the bookmarks from the catalog in Workspace ONE again.

  • 2020365, 2018588: After you disconnect and reconnect the network cable and click "Disconnect and Log Off" on the client machine, the remote desktop does not disconnect and log off.

    Workaround: Manually close the window of the remote desktop and disconnect from the remote session.

  • 2024833: When you create full clones with the Sysprep customization method, customization and domain joining sometimes fails on Windows 10 guest operating systems.

    Workaround: This occurs because of a Microsoft Windows issue. To resolve this issue, follow the steps in this Microsoft help article: Sysprep fails after you remove or update Microsoft Store apps that include built-in Windows images.

  • 2085284, 2001591: When you use Safari version 10.1.1 as the Web browser to log in to Horizon Console with a Fully Qualified Domain Name, user interface issues such as the bottom panels appearing blank can occur.

    Workaround: Safari version 10.1.1 is not a supported Web browser version for Horizon Console. Use a Safari version earlier than version 10.1.1 or version 11.0.2 and later to log in to Horizon Console.

  • 2074958, 2067873: The following user interface issues occur in Horizon Help Desk Tool for global Linux sessions in a Cloud Pod Architecture deployment:

    • An internal error occurred message appears, the Skype for Business status is not displayed, and the operating system version displays as “-” when you click the session details on the Details tab.

    • A “failed to get Remote Assistance ticket” message appears when you click Remote Assistance.

    • An internal error occurred message appears when you click the Applications tab.

    Workaround: None. Horizon Help Desk does not support the following user interface features for Linux desktops: Skype for Business status, Remote Assistance, Applications tab, and the session idle status.

  • 2104955, 2104953: Horizon Console does not update the space reclamation information for a vCenter Server on vSphere version 6.7 that uses the VMFS6 with the automatic UNMAP feature.

    Workaround: None.

  • 2085281, 2000267: Login to Horizon Console fails if you use the IP address to login to Horizon Console on a Firefox, Google Chrome, Microsoft Edge, Firefox, or Safari Web browser.

    Workaround: Use the Fully Qualified Domain Name (FQDN) to login to Horizon Console. For more information on using FQDN to log in to Web applications, see the Horizon Security document.

  • 2091333: After an upgrade to vSphere 6.7, you cannot use the custom specification created with a vSphere version earlier than 6.7.

    Workaround: After an upgrade to vSphere 6.7, create a new custom specification and use this specification for pool provisioning.

  • 2093129, 2069708: Horizon Help Desk Tool displays the logon time for both the brokering pod and the hosting pod but does not display the logon time for a pod that is neither the brokering pod nor the hosting pod. Horizon Help Desk Tool displays the logon time after a few minutes for the hosting pod if the brokering pod is a remote pod.

    Workaround: If Horizon Help Desk Tool does not display the logon time for the hosting pod, close the page that displays session details, wait 7-8 minutes and navigate to the Details tab to view the session details again.

  • 2111978, 2073141: VMware Identity Manager sometimes fails to launch desktops. When you save SAML configuration details for the first time in VMware Identity Manager with SAML enabled on Connection Server, desktops do not start.

    Workaround: Save the profile again and perform a sync operation on the new profile. The sync operation can occur every hour or day, as set by the administrator.

  • 2126853: Horizon Single Sign On fails when the scope of the trust authentication setting is set to “Selective Authentication".

    Workaround: Use one of the following workarounds to resolve this issue.

    • Use domain-wide authentication.

    • Continue to use the “Selective Authentication” security setting, but explicitly grant each Horizon Connection Server host (local system) accounts the "Allowed to Authenticate" permission on all the domain controllers of the computer objects (resource computers) that reside in the trusting domain or forest. For information on how to grant the "Allowed to Authenticate" permission, see the Microsoft article "Grant the Allowed to Authenticate permission on computers in the trusting domain or forest."

  • 2146919: With the Cloud Pod Architecture feature, in certain circumstances RDS licensing servers issue multiple permanent licenses to the same client in a mixed-mode licensing environment.

    Workaround: None. This problem is a third-party issue and is in line with the way Microsoft RDS license servers issue licenses.

  • 1629622: Attempts to connect to the HTML Access portal or one of the administration consoles using an IP address or CNAME fails for most browsers without additional configuration. In the majority of these cases, an error is reported but sometimes a blank error message is displayed.

    Workaround: To resolve this issue, see “Origin Checking” in the Horizon 8 Security document.

  • 2217199: If the same user exists in both Connection Server pods that need to be paired in a Cloud Pod Architecture environment, Horizon Console displays the value for “Source Pods” as 2 and sources the user from both pods. An administrator can edit the user from both pods, which might cause inconsistencies in user configuration during hybrid logon. Additionally, hybrid logon for the user cannot be disabled.

    Workaround: You must delete the user from both pods and then recreate the user and configure the user for hybrid logon.

  • 2222221: Core-dump error messages are generated while adding Virtual Volumes datastores on nested ESXi or nested virtual ESXi.

    Workaround: None.

  • 2277110: When you add a vCenter Server to Connection Server using an existing PowerShell script, the following error message appears:

    Failed to add vc instance: No enum constant com.vmware.vdi.commonutils.Thumbprint.Algorithm.SHA-1

    This issue occurs because the certificateEncoding property that indicates a certificate override for self-signed certificates is added in Horizon 7 version 7.8. Therefore, earlier versions of VMware PowerCLI scripts that have an incorrect value of SHA-1 fail.

    Workaround: Update the PowerShell scripts to use the property value DER_BASE64_PEM instead of SHA-1. For example, set $certificate_override.sslCertThumbprintAlgorithm = 'DER_BASE64_PEM'.

  • 2356156: When a Universal Windows Platform (UWP) application is upgraded, the path containing the version changes, and the application is unreachable by the original path. The app status is Unavailable in Horizon Console and a user cannot launch the app.

    Workaround: Update the app path in Horizon Console after an upgrade and verify the app status is Available. Alternatively, do not upgrade the app.

  • 2330942: When device filtering is configured for the client drive redirection feature and a user uses the RDP display protocol to connect, device filtering does not work.

    Workaround: When device filtering is configured for client drive redirection, configure Connection Server so that RDP connections are not allowed.

  • 2300801: The True SSO desktop unlock feature is supported in PCoIP and Blast protocols, but not in Remote Desktop Protocol (RDP).

  • 2358355, 2353567: In Horizon Console, the user or group summary fails to load due to domain trust issues in the following cases:

    • When users and groups belong to a one-way trust domain and the logged in administrator has the necessary permissions from a one-way trust domain.

    • When users and groups belong to a two-way trust domain and the logged in administrator has the necessary permissions from a two-way trust domain.

    • When users and groups belong to a one-way or two-way trust domain and the logged in administrator is from the child domain and has the necessary permissions.

    Workaround: None.

  • 2363188, 2354034: In Horizon Console, some events might not be listed because the Connection Server time is set incorrectly with respect to the Connection Server time zone.

    Workaround: None.

  • 2366007, 2339388: You can recover an instant-clone virtual machine with an active session in Horizon Console.

    Workaround: None.

  • 2516216, 2514333: The Pre-launch and Use Home Site options do not work well together for global application entitlements. When you create a global application entitlement, if you enable both the Pre-launch and Use Home Site options, the pre-launched session might not be created from the home site. This problem occurs because the same session is used to start subsequent applications, and those sessions are not started from the home site.

    Workaround: None.

  • 2510477, 2500272: The following error message can appear while installing or uninstalling Connection Server:

    "Error opening installation log file. Verify that the specified location exists and is writable."

    This error occurs due to a third-party Microsoft error. For details see this Microsoft help article.

    Workaround: Restart the virtual machine on which the Connection Server is installed.

  • 2686004, 2672069: The CSRF feature for Horizon HTML Access introduced in Horizon 2006 does not support the combination of a pre-login message configured on Connection Server with SAML authentication through Unified Access Gateway.

    Workaround: If you use this combination of features and Horizon version, disable this pre-login message on Connection Server. A pre-login message should instead be configured on the SAML IdP, so that it is presented to the user before the user enters their credentials.

  • 2986303: Certificates signed using SHA-1 are no longer supported in FIPS mode.

    Workaround: See Older Protocols and Ciphers Disabled in VMware Horizon in the Horizon Security guide.

Horizon Cloud Connector

  • 2295015: When you use the HTML5-based vSphere Web client to deploy the Horizon Cloud Connector virtual appliance OVA file, the following error occurs: “Invalid value 'false' specified for property proxySsl. Failed to deploy OVF package.”

    Workaround: Use the vSphere Web Client to deploy the Horizon Cloud Connector virtual appliance OVA file.

  • 2360709, 2360707: When starting Horizon Cloud Connector, you encounter the message "[FAILED] Failed to start Wait for Network to be Configured. See 'systemctl status systemd-networkd-wait-online.service' for details."

    This message is displayed incorrectly and does not indicate an actual problem with the network. You can disregard the message and continue to use Horizon Cloud Connector as usual.

Horizon Agent for Linux

This section describes issues that might occur with Horizon Agent for Linux or when you configure a Linux desktop.

  • HIX-374: When a user opens a remote session to a physical Linux machine, the local monitors for the machine go blank and the local console cannot be accessed.

    Workaround: To restore access to the local monitors and console, disconnect from the remote session. If the remote session cannot be disconnected, unplug the network cable from the physical machine. After about 5 minutes, the agent will return control to the physical machine and allow logins to the console.

  • VCART-1502: The Session Collaboration icon disappears from the system tray after resizing a Debian 12.x desktop.

    Workaround: Disconnect from and reconnect to the desktop. The Session Collaboration icon usually appears after reconnection to the desktop. Alternatively, you can try restarting GNOME Shell with the following steps:

    1. Press Alt+F2 to display the Run a Command dialog box.

    2. Type "r" in the dialog box.

    3. Press Enter.

  • VCART-438: Pressing Ctrl+Alt+F1 or Ctrl+Alt+F2 does not display the graphical desktop on a physical host machine after Horizon Agent is installed. Since TTY1 is reserved for the Gnome Display Manager, Horizon Agent uses TTY7 instead.

    Workaround: To display the graphical desktop on a physical host machine, press Ctrl+Alt+F7.

  • 2969881: NVIDIA GRID 14.0 GPU with P100 vGPU profile is not supported for Linux desktops.

    Workaround: Use NVIDIA GRID 14.1 GPU instead.

  • 2213769: Sometimes the Collaboration window might not appear after you connect to a remote desktop and click the Collaboration UI icon.

    Workaround: Resize the desktop window or reconnect to the remote desktop.

  • 1823753: The Linux agent's keyboard layout and locale do not synchronize with the client if the Keyboard Input Method System is set to fcitx.

    Workaround: Set the Keyboard Input Method System to iBus.

  • 2326969: When a client user authenticating with smart card redirection connects to an Ubuntu 18.04 desktop and removes or reinserts the smart card before entering the PIN, the desktop does not appear to recognize the change. The desktop will only detect a change in the smart card's state after the user closes the prompt asking for the PIN.

    Workaround: At the prompt, enter the smart card PIN and click OK. Or click Cancel to dismiss the prompt without entering a PIN.

  • 2322548: When a client user connects to an Ubuntu 18.04 desktop, "Error 2306: No suitable token available" appears on the login screen. This error message indicates that a smart card has been removed from the client system.

    Workaround: The user can log in to the desktop by entering the user password or reinserting the smart card.

  • 2322562: On Ubuntu 18.04, the desktop screensaver does not lock as expected when the user removes a smart card from the client system. By default, the desktop screensaver does not lock even after the client user removes the smart card used to authenticate into the desktop.

    Workaround: Configure pkcs11_eventmgr to specify the correct screensaver behavior in response to smart card events.

  • 1850274: If you configure two monitors with different resolutions, and the resolution of the primary screen is lower than that of the secondary screen, you might not be able to move the mouse or drag application windows to certain areas of the screen.

    Workaround: Make sure that the primary monitor's resolution is at least as large as the secondary monitor's.

  • 2258947: When you use a smart card on a RHEL 7.x desktop and enable the option to lock the screen upon removal of the card, the screen might lock immediately after you log in with the smart card. This is a known issue with RHEL 7.x.

    Workaround: To access the desktop, unlock the screen after logging in with the smart card.

  • 2398096: If a client user minimizes the window of a Linux published application using the Minimize command and then selects the Maximize command, the window is restored to its previous size instead of changing to full-screen mode as expected.

    Workaround: To change to full-screen mode, select the Maximize command again.

  • 2483646: Linux published applications do not support using the window taskbar to divide the work area in a multiple-monitor display. For example, suppose a client user has two monitors arranged side by side. If the user moves the taskbar to the right side of the left monitor's screen or the left side of the right monitor's screen, the work area is divided into two parts. However, if the user then maximizes the application window, the window is displayed incorrectly in relation to the taskbar.

  • 2502364: When connecting to a Linux published application from Horizon Client for Mac, the application window is displayed with square corners instead of rounded corners.

  • 2536164: If a client user leaves a nonmodal dialog box open in a Linux published application and then makes active a native application on the client system, part of the dialog box will appear to be missing when the user returns to the published application.

  • 2538998: If the client user minimizes a Linux published application window or brings another application in front of the published application window, the taskbar fails to display the thumbnail preview of the published application window. Hovering over the published application icon in the taskbar displays a blank thumbnail instead of the contents of the published application window.

  • 2539011: Linux published applications do not support the Aero Snap feature on Windows client systems. Users connecting to a Linux published application from Horizon Client for Windows do not have the capability to snap or fix windows to the edges of the computer screen using the keyboard or mouse.

  • 2539030: Linux published applications do not support the jump list feature on Windows client systems. If a user connects to a Linux published application from Horizon Client for Windows and right-clicks the taskbar icon for the application, no jump list is displayed.

  • 2539088: Due to a limitation in the work area, Linux published application windows cannot be moved partially off the edge of the client's screen or work area. If the user attempts to move a published application window past the edge of the screen, the window will bounce back inside the screen's boundaries.

  • 2540474: If the client user opens a modal dialog box from a Linux published application, that dialog box might not appear in front of native windows.

  • 2541343: When connecting to a published application from a Windows client system, there are some differences between the context menus of the Windows taskbar and the application window's title bar. Shift + right-clicking the application icon in the Windows taskbar displays a menu with the items: Restore, Move, Size, Minimize, Maximize, Close. Right-clicking the application window's title bar displays a menu with the items: Minimize, Maximize, Move, Resize, Close.

  • 2397650: Published applications do not support the Move and Size context commands for the taskbar on Windows client systems. When a user Shift + right-clicks the published application icon in the Windows taskbar, Move and Size appear in the menu but neither command has any effect if selected.

  • 2541928: Published applications do not support the Size command from the application window's context menu. When a user right-clicks the title bar of the application window, Size appears in the menu of commands but has no effect if selected.

  • 2557790: When a user opens multiple session windows for the same published application on a Windows client system, the Cascade all windows command has no effect.

  • 2567292: If a Windows client user with a dual monitor configuration maximizes a published application in the lower-resolution monitor's work area, the Windows taskbar turns black.

  • 2568171: After publishing a LibreOffice application as an application pool, duplicate LibreOffice icons might appear in Horizon Client.

    Workaround: From the Connection Server, manually assign the icon for the LibreOffice application.

  • 2569231: Linux published applications do not support the Multi-Session Mode option in the application pool settings in Horizon Console.

  • 2536161: When connected to a Linux published application, if the user opens a dialog box related to user account controls (such as when editing firewall settings), the desktop will not show.

  • 2523872: Horizon Agent for Linux does not support session stealing between published desktops and published applications. For example, if a user has opened a published desktop session and then attempts to open an application session based on the same farm, the desktop session remains active and the application session is not established. Likewise, if the user has opened an application session and then attempts to open a published desktop session based on the same farm, the application session remains active and the desktop session is not established.

  • 2662387: If a user types an entry into the Session Collaboration invitation text box and moves the cursor away from the text box, the original entry is cleared.

  • 2684670: If a client user with a multi-monitor system opens a published application in seamless window mode, display problems might occur when moving the application window between monitors.

    Workaround: Shift + right-click the application icon in the client's task bar and select Maximize to enlarge and refresh the window display.

  • 2684687: Display problems might occur when a client user opens published applications in seamless window mode on a multi-monitor system where some monitors have portrait orientation and other monitors have landscape orientation. If the user maximizes the application windows in all the monitors, the task bar appears black in the landscape monitors.

  • 2668258, 2576341: When client users copy content containing images in rich text format and then paste the content into an application on a remote Linux desktop, the images might be missing from the pasted content. This issue is caused by a limitation in certain third-party applications such as OpenOffice or LibreOffice, not by Horizon Agent for Linux.

    Workaround: Use a clipboard manager to retrieve the missing content from the clipboard.

  • 2786998: When a user prints a document using the Printer Redirection feature from LibreOffice or Firefox, the document's headers and footers are missing from the output.

    Workaround: Use a different office application or browser to print the document.

  • 2787001: When a user prints a document in landscape orientation using the Printer Redirection feature, the print job sometimes fails.

    Workaround: None

  • 2745267: Horizon Agent for Linux only recognizes valid characters in printer names. The agent replaces invalid characters in the printer name with underscores and truncates the name if its length exceeds 128 bytes.

    Workaround: None

  • 2748100: The page margins and offsets in print jobs redirected from a remote desktop do not match the page margins and offsets in print jobs printed locally from the client system. This inconsistency is caused by different implementations of page scaling on the agent and client.

    Workaround: Turn off the page scaling option by setting it to 100% or None, on both the remote desktop and the client system.

  • 2741260: When print jobs are redirected from the remote desktop to a Windows client, N-up layouts do not print correctly. These layouts always output as left to right, and top to bottom.

    Workaround: None

  • 3051022: The Enter Ctrl + Alt + Del control in Horizon Client does not take effect when connected to a RHEL 7.9 desktop with MATE desktop environment.

    Workaround: Use the default keyboard shortcut for logging out of a MATE desktop. Or, define a custom keyboard shortcut for logging out.

  • 3158384: A small blank recording (2-3 kb) is sometimes created when a blast session running on Linux agent is being recorded by the Horizon Recording solution.

    Workaround: None. There is no adverse effect on the functionality except that a small recording can be seen in the recordings page for some of the sessions during a fresh logon.

Horizon Agent

  • 2975449: When a Microsoft Teams user selects background blur image for their video call or meeting, that setting does not persist after user disconnects/logs off from the desktop or restarts the Teams service inside the desktop.

    Workaround: User needs to remember to preselect Background blur when they log in or restart Teams.

  • 2980199: Default audio device cannot be set successfully when microphone privacy is disabled for first logged in user.

    Workaround: Disconnect the remote session or change the default audio device on client side; this triggers the device to change in the remote session.

  • 1993397: If a collaborator joins a multi-monitor session and enables relative mouse mode on their client, it is possible for the mouse to move to a secondary monitor that the collaborator cannot see.

    Workaround: Move the mouse back on to the screen. Alternatively, don't use relative mouse mode in a multi-monitor session.

  • 2776478, 2708700: When the URL Content Redirection feature is configured, Horizon Client presents an alert message that asks you to change your default web browser to VMware Horizon URL Filter for using third-party apps, not including the Chrome and Microsoft Edge (Chromium) browsers. You must click Yes to use the URL Content Redirection feature. In macOS 11 (Big Sur), even when you click Yes to the alert message, the VMware Horizon URL Filter user interface is not shown in the default web browser of the general option, which means you cannot change the default web browser from another browser to VMware Horizon URL Filter manually, and you must connect to the server again. In macOS 10, the user interface is shown in the default web browser of the general option. The URL Content Redirection extensions for the Chrome and Microsoft Edge (Chromium) browsers are not influenced by macOS 11.

    Workaround: None. This problem is a third-party issue.

  • 1799790: A warning message about applications in use appears when you uninstall Horizon Agent on Windows Server 2016.

    Workaround: Click “Ignore” in the dialog box that appears when you use Windows Add or Remove Programs to uninstall Horizon Agent. If you uninstall Horizon Agent from the command line, use the command msiexec /x /qn {GUID of Agent} instead of the command msiexec /x {GUID of Agent}.

  • 1874531, 1699275: When you uninstall the Horizon Agent, the mouse speed becomes slow and jerky. Uninstalling Horizon Agent also uninstalls the vmkbd.sys driver.

    Workaround: Repair VMware Tools on the Horizon Agent virtual machine.

  • 1993397: If a collaborator joins a multi-monitor session and enables relative mouse mode on their client, it is possible for the mouse to move to a secondary monitor that the collaborator cannot see.

    Workaround: Move the mouse back on to the screen. Alternatively, don't use relative mouse mode in a multi-monitor session.

  • 2003328: If you use Chrome with URL Content Redirection, and you set ".*.google.*" for the https protocol in filtering rules and you set Google as your home page in Chrome, redirection to google.com occurs each time you open a new tab.

    Workaround: Change the home page or the filtering rules.

  • 2022449, 2022448: When setting up a collaborative session, adding a collaborator by the email address from a two-way trusted domain fails.

    Workaround: Add the collaborator by using domain\user.

  • 2390130: After you connect to a remote desktop that has the Real-Time Audio-Video feature enabled, you might see the following message: "Your PC needs to be restarted to finish setting up this device: devicename (VDI)."

    Workaround: You can ignore this message as the device is usable in the remote desktop. Alternatively, you can turn off the Windows Settings notifications to prevent the message from being displayed.

  • 2417249: Users cannot use a serial printer with the serial port redirection feature when Horizon Agent is installed in an RDS host if the agent group policy setting COM Port Isolation Mode is set to Full Isolation (the default setting). This problem affects both Windows and Linux clients. This problem does not occur for virtual desktops.

    Workaround: Edit the COM Port Isolation Mode group policy setting, change the mode to Isolation Disabled, and restart Horizon Agent. For more information, see Configuring Serial Port Redirection Group Policy Settings in the Horizon Remote Desktop Features and GPOs document.

  • 2512363, 2401690: sysprep fails for full clones with Windows 10 1903, Windows 10 1909 guest OS with error:

    SYSPRP Sysprep_Clean_Validate_Opk: Audit mode can't be turned on if there is an active scenario.; hr = 0x800F0975

    Workaround: Apply these instructions on the golden image and then provision the desktop.

  • 2481953: When you update the OS from Windows 1809 to 1903, you might see a black screen on Horizon Agent.

    Workaround: Apply the procedure in this KB article on the OS image. If Horizon Agent is installed on an RDS host, and the Printer Name for RDSH Agents group policy setting for the VMware Integrated Printing feature is configured to use the client machine name as a suffix, the client machine name supports only English-language characters. If the client machine name contains characters in a non-English language, the VMware Integrated Printing feature does not work in published desktops and published applications.

  • 2591431, 2588938: Windows 10 2004 remote desktops respond very slowly when VBS is enabled.

    Workaround: None

  • 2590496, 2588784: Updating the None guest customization to any other guest customization on a desktop pool causes existing virtual machines to go into an unreachable state after a reboot or power cycle operation.

    Workaround: In Horizon Console Desktop Pool settings, set the guest customization to None, then reboot the existing unreachable agent VMs.

  • 2593663, 2589371: With VMware Horizon desktops using Nvidia GRID, Windows 10 build 2004, PCoIP protocol, and in multi-monitor mode, some areas of the desktop might appear black and need to be manually refreshed.

    Workaround: Use Blast protocol if available, or continue using Windows 10 build 1909.

  • 2590453, 2585527: Switching the agent desktop from window mode to multi-monitor mode with 4x4k monitors can sometimes take a few seconds.

    Workaround: None.

  • 2574035: When you run the Horizon Agent installer from a web browser download directory, the installer fails to complete installation.

    Workaround: Download the installer to a non-download directory, such as the desktop, and run it from there for a successful installation.

  • 2539025, 2357111: HTML5 Multimedia Redirection does not work with an Edge browser in an IPv6 environment.

    Workaround: None.

  • 2682571, 2672155: Remote desktops and published applications configured in Horizon 8 do not sync when using Workspace One Access Connector

    Workaround: Revert to Workspace One version 19.03.0 and perform the sync operation again.

  • 2770035, 2744714: HTML5 Multimedia Redirection does not work with https://www.glamour.com/video.

    Workaround: None.

  • 2776478, 2708700: When the URL Content Redirection feature is configured, Horizon Client presents an alert message that asks you to change your default web browser to VMware Horizon URL Filter for using third-party apps, not including the Chrome and Microsoft Edge (Chromium) browsers. You must click Yes to use the URL Content Redirection feature. In macOS 11 (Big Sur), even when you click Yes to the alert message, the VMware Horizon URL Filter user interface is not shown in the default web browser of the general option, which means you cannot change the default web browser from another browser to VMware Horizon URL Filter manually, and you must connect to the server again. In macOS 10, the user interface is shown in the default web browser of the general option. The URL Content Redirection extensions for the Chrome and Microsoft Edge (Chromium) browsers are not influenced by macOS 11.

    Workaround: None. This problem is a third-party issue.

  • 2783745: If you disable the IE browser URL Plugin, enable the Edge browser URL Content Redirection extension, and input a URL in the IE mode of the Edge address bar, Edge stops responding.

    Workaround: None.

  • 3025092: Smart Card Authentication and Redirection does not work for AWS WSP Workspaces.

    Workaround: Use AWS PCoIP Workspaces instead of WSP Workspaces.

Horizon Client

This section describes problems that end users might encounter when using Horizon Client or HTML Access to connect to remote desktops and applications. For problems that occur only in a specific Horizon Client platform, see the Horizon Client release notes on the VMware Horizon Documentation page.

  • 3235572: Horizon Client crashes with "VMware Horizon View unrecoverable error" dialog when connecting to remote desktop.

    Workaround: None. You must upgrade the Horizon Client version to the 2306 or later release.

  • 2384662: Most keyboard shortcuts supported by the Google Chrome browser do not work on pages redirected using Browser Redirection.

    Workaround: None.

  • If you use Skype for Business inside a non-persistent desktop, you might reach the Skype for Business limit of 16 device certificates. When this limit is reached and Skype for Business attempts a new logon, a new certificate will be issued and the oldest assigned certificate will be revoked.

    Workaround: None.

  • 1996301: Sometimes an audio call does not start correctly from Skype to Skype for Business. The call status is "Connecting call..." on the Skype for Business client.

    Workaround: Set the English IME on the client device and set the non-English IME on the remote desktop.

  • 1704144: When you connect to a Linux desktop, some keyboard inputs do not work. For example, if you are using a non-English IME on both the client device and the remote desktop, some non-English keys are not displayed correctly.

    Workaround: None.

  • 1850278: Unicode keyboard input does not work correctly with HTML Access when connected to Linux desktops.

    Workaround: None.

  • 1711664: When you use the Ambir Image Scan Pro 490i to perform a scan on a remote desktop or application, the dialog box always displays “Scanning…” and does not complete.

    Workaround: Perform a scan on the client. The client scan calibrates the scanner. After the calibrate operation is finished, save the calibration file and deploy it in ProgramData\AmbirTechnology\ImageScanPro490i.

  • 1865373, 1863461: If a VDI desktop is in a remote location and experiencing high network latency, then a recursive unlock using smart card authentication might not work.

    Workaround: Unlock the desktop manually.

  • 2761441, 2739372: HDR support for full screen mode is limited to a scenario where the selected monitor is the primary monitor.

    Workaround: None.


VMware Horizon 8 documentation is in the VMware Horizon Documentation Center.


For Horizon 8, both the user interface and the documentation are available in English, Japanese, French, German, Simplified Chinese, Traditional Chinese, Korean, and Spanish.

To switch to a different language, click the language icon in the UI and select your preferred language.

Support Contact Information

To receive support, access VMware Customer Connect. To learn more about the support policies, see Support Policies.

For information on filing a support request in Customer Connect and via Cloud Services Portal, see the VMware knowledge base article at https://kb.vmware.com/s/article/2006985.

check-circle-line exclamation-circle-line close-line
Scroll to top icon