When trying to deploy a desktop using VMware View (Horizon), you receive the following error in your connection server:
Mar 31, 2013 1:41:45 PM CDT: View Composer agent initialization state error (16): Failed to activate license (waited 1215 seconds)
This error is caused by Windows not being activated. To solve this error, make sure you have Windows Activated or that Windows can properly reach your KMS server to activate Windows. Once the OS is activated, simply restart the VMware Agent service or reboot the machine to have your vconnect server set the desktop to available.
Here are the steps involved to change the SSL certificates from the default VMware Self-Signed certificate to one signed by either your internal CA or a public CA. This tutorial works for both the View Connection Server or Security Server services. An official KB article by VMware on this subject can be found here: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2020913
In this particular guide, we cover generating an SSL certificate with an Internal CA. If we wanted to sign our server with a public CA, we could use a tool like openSSL to generate a certificate request, send the request to a public CA. Next, we would import a PFX12 file with the private and public key into the Local computer's Personal certificates and change set Friendly Name to vdm.
Opening the Certificates Management Console
- In the Connection Server, click Start, type mmc, and click OK.
- Click File > Add/Remove Snap-in.
- Select Certificates and click Add.
- Select Computer account and click Next.
- Select Local computer and click Finish > OK.
Requesting a new certificate
- Expand Certificates and click Personal.
- Under Object Type, right-click and select All Tasks > Request New Certificate.
- Read the information on certificate enrollment and click Next.
- Click Active Directory Enrollment Policy > Next.
- Select the template for certificate enrollment and click Details > Properties.
- Ensure you choose the Windows Server 2003 certificate template option. Do NOT choose Windows Server 2008.
For information on creating a certificate template, see the Microsoft Technet article Creating Certificate Templates.
- If you notice that the service starts but you are unable to navigate to the SSL page, this is because the Windows Server template was set to Server 2008.
- Click the General tab.
- Under Friendly name, type vdm.
- Click the Private Key tab.
- Click the arrow next to Key options and select the Make private key exportable option.
- Click OK > Enroll.
- Click Finish.
- Restart the Connection Server service.Notes:
- If you use any browser other than Internet Explorer to access the View Administration console, you must add an exception for the connection to be trusted.
- It may take a few minutes for the certificate to be recognized as valid in the View Administration console.
All credit for this guide goes to VMware for this information. This post is merely for archival purposes and self-reflections on the subject.
This process does NOT work for VMWare View 5.1 only 5.0
Here are the steps involved to change the SSL certificates from the default VMware Self-Signed certificate to one signed by either your internal CA or a public CA. This tutorial works for both the View Connection Server or Security Server services.
- Navigate to the following directory via command prompt (if running server 2008, make sure you run command prompt as an administrator):
- C:\Program Files\VMware\VMware View\Server\jre\bin
- Execute the following command to generate a new Java Keystore:
- keytool -genkeypair -keyalg "RSA" -keysize 2048 -keystore keys.jks -storepass secret
- Note: This will ask for your first and last name, type in your FQDN here (I.e. viewserver.mydomain.com); also hit RETURN to use the same password as your keystore password when you are done.
- Execute the following command to generate a CSR:
- keytool -certreq -file certificate.csr -keystore keys.jks -storepass secret
- Sign the certificate.csr file that was just generated with your certificate authority (GoDaddy, Verisign, Internal CA, etc.)
- Copy the signed .cer or .crt file that you just received from your CA to the same keytool directory
- Copy any root or intermediate public certificates to the same keytool direcotry
- Execute the following commands for each of your root and intermediate certificates
- Root CA Example
- keytool -importcert -keystore keys.jks -storepass secret -alias rootCA -file rootCA.cer
- Intermediate CA Example
- keytool -importcert -keystore keys.jks -storepass secret -alias intermediateCA -file intermediateCA.cer
- Execute the following command to import your public certificate for your certificate.csr file:
- keytool -importcert -keystore keys.jks -storepass secret -keyalg "RSA" -trustcacerts -file certificate.cer
- Next, we need to configure a View Connection Server Instance or Security Server to use the new certificate
- Move the keys.jks file that we just created (C:\Program Files\VMware\VMware View\Server\jre\bin\keys.jks) to the following directory:
- c:\Program Files\VMware\VMware View\Server\sslgateway\conf\keys.jks
- Next, we need to add the keyfile, keypass, and storetype properties to the locked.properties file
- If the locked.properties file does not already exist,go ahead and create a new file with notepad.
- Once the locked.properties file is open, ensure the following lines are in it:
- Restart the View Connection Server service or Security Server service for your changes to take effect.
- Once you have verified the new certificate works, delete the following files from C:\Program Files\VMware\VMware View\Server\jre\bin
Want to allow users to copy/paste rich-text from their local machine to their View VM? Here is how to do it.
- Go to your View Connection server and browse to the following directory:
- c:\Program Files\VMware\VMware View\Server\extras\GroupPolicyFiles\
- Copy the pcoip.adm template and paste it on your domain controller's desktop/whereever you modify group policies for the domain.
- Create a new policy on the OU that you want for your virtual desktops (view clients)
- Edit the policy
- Expand Computer Configuration->Policies
- Right click on Administrative Templates and click Add/Remove Templates
- Click the Add... button and browse to the pcoip.adm file
- Click the Close button
- Expand Computer Configuration->Policies->Administrative Templates->Classic Administrative Templates (ADM)->PCoIP Session Variables->Overridable Administrator Defaults
- Modify the following policies to enable clipboard access
- Configure clipboard redirection
- I.e set this option to Enabled and configure clipboard redirection for Enabled in both directions.
- Configure PCoIP virtual channels
- Set this option to enabled
- Restart the desktop to ensure policies take over
- Overridable Administrator Defaults allow administrators to change the values.
- Non-Overridable Administrator Settings prevent Administrators from changing the settings as well.
- It is only possible to copy/paste rich-text. Files are not supported at this time.
When installing VMware View Composer, I was receiving the following error:
"Application Error, The exception unknown software exception (0x0000409) Occurred"
Turns out this was an issue with installation privileges. Rather than installing the software as a domain administrator, I simply logged into the local Administrator account on the machine and installed it.