Last week I performed an in-place upgrade from VMware View 4.6 to VMware Horizon View 5.2. Things mostly went well, though I have a few remaining issues waiting to be resolved.
SSL Certificates
View 5.2 has more SSL requirements than 4.6. Out with the self-signed certs and in with certificate authority certs.
When it came to SSL documentation, nothing beats Derek Seaman’s blog. Here are the most helpful resources:
- Create Windows CA VMware Certificate Template
- vCenter 5.1 U1 Install: Part 2 (Create vCenter SSL Certificates)
- VMware View 5.1 Installation Part 1 – View Connection Server
Thank’s Derek for the great documentation.
VMware documentation
In general, VMware’s documentation is quite good. I greatly appreciate that they publish their documentation in HTML, PDF, epub and mobi formats. Thanks so much for the mobile versions.
I did find two errors in their documentation that I’d like to point out and correct. I have provided VMware both corrections and they have acknowledged receipt.
Firewall Rules for DMZ-Based Security Servers
Incorrect: Security server > TCP Any > MMR > View desktop > TCP 4927
Correct: Security server > TCP Any > MMR > View desktop > TCP 9427
Upgrade View Security Server
Incorrect: Prerequisites > Verify that you have a domain user account with administrative privileges on the hosts that you will use to run the installer and perform the upgrade
Correct: This prerequisite should be omitted. VMware View Security Servers should not be on the domain and do not require a domain user account to perform an installation or upgrade.
Firewall Diagram
Thank you to Ivo Beerens for posting a nice diagram of the firewall requirements for View 5.2 in your “Tips for implementing a VMware Horizon View Security Server” post. My network engineer and I greatly appreciated it.
External View 5.2 Problem
My remaining problem resides with the View 5.2 Agent and external access. If I publish a desktop pool using a VMware View Agent version 4.6.0 to 5.1.3, external PCoIP works well. If I upgrade the desktop pool to use the VMware View Agent version 5.2.0, I am unable to establish a PCoIP connection (RDP works). Internally, PCoIP with the 5.2 Agent works fine.
I have an open ticket with VMware and hope to have this resolved so that I can complete my View 5.2 upgrade and begin working on my VMware vCenter upgrade.
After spending another day researching why desktops with the View 5.2.0 Agent cannot establish an external PCoIP connection, I decided to start a thread on VMware Community in hopes that someone else with have a suggestion that I have not tried.
https://communities.vmware.com/thread/445712
In the meantime, I’m waiting for VMware Support to return to my ticket. Their availability seems more difficult to obtain lately.
Tried to disable SEP and try