Home > Blogs > VMware Support Insider > Author Archives: Rick Blythe
Rick Blythe

About Rick Blythe

Social Media Program Manager for VMware, Rick Blythe manages the Twitter handle @vmwarekb and curates the Support Insider Blog.

Horizon View PCoIP issues?

Here’s our latest top list of KB articles you should know about when encountering issues with PCoIP with Horizon View. It can be a tricky thing to configure and troubleshoot even for the best of us, so here’s some golden nuggets to help you on your way.

New Free Webinars

VMware Support Delivery has announced a new series of webinars for our customers. Customers can join these live sessions on Thursdays. There is something for both beginners and more advanced customers. Anyone that is unable to attend the live events will be able to view the recorded versions of the sessions on the Friday of the same week.

To register to these webinars, open the attached 2015 Webinar catalog [pdf].

All webinars start at 15:00 GMT and will run for 45 – 60 min

26th Feb Journey to the Horizon from View to FLEX
(LEVEL) Beginner – Intermediate
* Wide focus from Horizon View over Mirage to FLEX
* New features in View, technology and features behind Mirage and FLEX
* Best practices for successful implementations and known issues

5th March vSphere Data Protection Extra
(LEVEL) Intermediate
* Broken Comms to vCenter
* Some MCS/GSAN views
* Manual Disk Restore via command line
* VMRun
* Q+A

12th March vCloud Director – Design and Scale
(LEVEL) Intermediate
* Highlight a recommended design
* How you can scale that design without hitting the config maximums and still getting the most out of your setup
* Some commonly encountered issues that occur due to bad practice rather than bad design

19th March vRealize Business
(LEVEL) Beginner
* vRB Standard: “How much does my VM cost?”
* vRB Advanced: “How much does my IT cost?”
* vRB Enterprise: “Are my IT Providers complying with their SLA’s?”

26th March NSX
(LEVEL) Beginner
* SDDC and network virtualization (concepts and connection between them)
* NSX components and features explained
* A typical lab walk-through with commands
* Q&A

9th April SSL Certificate handling in vSphere 6.0
(LEVEL) Beginner
* What’s new in 6.0
* Introduction to VECS and VMCA
* Demo of common replacement tasks
* Q&A

16th April vRealize Automation
(LEVEL) Intermediate
* Tuning for scale

23rd April vCloud Air – Disaster Recovery
(LEVEL) Intermediate
* What’s new
* Architecture
* How does it work
* Use case study

30th April Introduction to vRealize Orchestrator
(LEVEL) Beginner
* Orchestrator Overview
* What’s new in 6.0
* vRealize Orchestrator Elements
* Create a Simple Workflow
* Workflow Parameter Binding
* Invoking/Creating Actions

7th May Database maintenance
(LEVEL) Intermediate
* Backing up your database
* Getting the best performance from your vCenter
* Avoiding corruption on the vCenter appliance
* Q+A

14th May Overview of Storage I/O Control
(LEVEL) Intermediate- Advanced
* Why SIOC
* SIOC features
* Noisy Neighbour
* How SIOC helps
* Shares and increasing priorities
* Recommended latency thresholds
* Limit IOPS and SIOC

21st May What’s new in vSphere 6
(LEVEL) Beginner
* An overview of new features in vSphere 6
* Feature changes from vSphere 5.5
* New best practices

28th May vSphere Networking – Best Practices and Troubleshooting
(LEVEL) Beginner – Intermediate
* NIC Teaming
* Redundancy and Load Balancing
* VLANs
* vDS
* Common Issues

4th June Datacentre to vCloud Air over IPSec VPN
(LEVEL) Intermediate
* Overview of vCloud Air and vCloud Air networking
* Discussion on IPSEC VPN and how it is implemented in vCloud Air
* Setup example to an Edge Gateway in vCloud Air

11th June Migrating workloads to vCloud Air with vCloud Connector and Datacentre Extension
(LEVEL) Intermediate
* What is vCloud Connector and what does it do
* Configuration and setup of vCloud Connector Server and Node
* Copy templates from private datacentre to vCloud Air
* What is the Datacentre Extension
* Additional setup of vCloud Connector for Datacentre Extension
* Demonstration of a vm being stretched to vCLoud Air

Ghost – glibc gethostbyname* buffer overflow

In case you missed it, on January 27th, 2015 a buffer overflow vulnerability in the glibc gethostbyname() function was disclosed. The issue is identified by CVE-2015-0235 and was given the name “Ghost.”

The VMware Security Engineering, Communications, and Response group (vSECR) began investigating this issue immediately.

The security blog at VMware released a blog post concerning this vulnerability, and a KB article was published:
VMware Response to CVE-2015-0235 – glibc gethostbyname buffer overflow, aka “Ghost” (2105862).

VMware has an established software security engineering group that integrates these techniques into the software development cycle, provides security expertise, guidance on the latest security threats and defensive techniques, and training within the development organization. This group is also responsible for driving VMware products through external security accreditations and certifications.

Many VMware products, including vSphere™, VMware vCenter™ Server, and vCloud Networking and Security (vCNS) have achieved Common Criteria certification under the Common Criteria Evaluation and Certification Scheme (CCS).Common Criteria is an international set of guidelines (ISO 15408) that provides a common framework for evaluating security features and capabilities of Information Technology (IT) security products.

For more information, visit VMware’s Common Criteria and FIPS-140 Certifications.

Top 20 Horizon with View KB articles

announcementHappy New Year VMware View implementers! We have a fresh new top 20 list of VMware View specific KBs to help you avoid these issues. Pass it on!

  1. Manually deleting linked clones or stale virtual desktop entries from the View Composer database in VMware View Manager and Horizon View (2015112)
  2. Generating and importing a signed SSL certificate into VMware Horizon View 5.1/5.2/5.3/6.0 using Microsoft Certreq (2032400)
  3. Pool settings are not saved, new pools cannot be created, and vCenter Server tasks are not processed in a Horizon View environment (2082413)
  4. VMware Horizon View Best Practices (1020305)
  5. Finding and removing unused replica virtual machines in the VMware Horizon View (2009844)
  6. Network connectivity requirements for VMware View Manager 4.5 and later (1027217)
  7. Collecting diagnostic information for VMware Horizon View (1017939)
  8. Forcing replication between ADAM databases (1021805)
  9. Manually deleting replica virtual machines in VMware Horizon View 5.x (1008704)
  10. Connecting to the View ADAM Database (2012377)
  11. Restart order of the View environment to clear ADLDS (ADAM) synchronization in View 4.5, 4.6, 5.0, and 5.1 (2068381)
  12. Removing a standard (replica) connection server or a security server from a cluster of connection/security servers (1010153)
  13. Provisioning View desktops fails due to customization timeout errors (2007319)
  14. Generating a Horizon View SSL certificate request using the Microsoft Management Console (MMC) Certificates snap-in (2068666)
  15. Performing an end-to-end backup and restore for VMware View Manager (1008046)
  16. Manually deleting linked clones or stale virtual desktop entries from VMware View Manager (1008658)
  17. View Connection Server reports the error: [ws_TomcatService] STDOUT: java.lang.OutOfMemoryError: Java heap space (2009877)
  18. Location of VMware View log files (1027744)
  19. Troubleshooting Persona Management (2008457)
  20. Administration dashboard in VMware Horizon View 5.1/5.2/5.3 reports the error: Server’s certificate cannot be checked (2000063)

Top 20 Articles for December 2014

Here is our Top 20 KB list for December 2014. This list is ranked by the number of times a VMware Support Request was resolved by following the steps in a published Knowledge Base article.

  1. VMware ESXi 5.x host experiences a purple diagnostic screen mentioning E1000PollRxRing and E1000DevRx (2059053)
  2. Installing async drivers on VMware ESXi 5.0, 5.1, and 5.5 (2005205)
  3. Investigating virtual machine file locks on ESXi/ESX (10051)
  4. Commands to monitor snapshot deletion in VMware ESX/ESXi (1007566)
  5. An ESXi 5.x host running on HP server fails with a purple diagnostic screen and the error: hpsa_update_scsi_devices or detect_controller_lockup_thread (2075978)
  6. Determining Network/Storage firmware and driver version in ESXi/ESX 4.x and ESXi 5.x (1027206)
  7. Broadcom 5719/5720 NICs using tg3 driver become unresponsive and stop traffic in vSphere (2035701)
  8. Unmounting a LUN or detaching a datastore/storage device from multiple VMware ESXi 5.x hosts (2004605)
  9. VMware ESXi 5.x host experiences a purple diagnostic screen mentioning E1000PollRxRing, E1000DevRx and Net_AcceptRxList (2079094)
  10. vSphere handling of LUNs detected as snapshot LUNs (1011387)
  11. Recreating a missing virtual machine disk descriptor file (1002511)
  12. Using esxtop to identify storage performance issues for ESX / ESXi (multiple versions) (1008205)
  13. Storage device performance deteriorated (2007236)
  14. Committing snapshots when there are no snapshot entries in the Snapshot Manager (1002310)
  15. Snapshot consolidation in VMware ESXi 5.5.x fails with the error: maximum consolidate retries was exceeded for scsix:x (2082886)
  16. Testing VMkernel network connectivity with the vmkping command (1003728)
  17. Information about the error: state in doubt; requested fast path state update (1022026)
  18. Identifying and addressing Non-Maskable Interrupt events on an ESX/ESXi host (1804)
  19. Understanding virtual machine snapshots in VMware ESXi and ESX (1015180)
  20. Best practices for virtual machine snapshots in the VMware environment (1025279)

Top 20 VMware Fusion issues

Here’s a list of the top 20 KB issues our VMware Fusion customers are encountering in the past 30 days. Take a look over the list, maybe you’ll see something you or a friend could use.

  1. VMware Fusion 7.0 sales, licensing and compatibility FAQs (2081968)
  2. Downloading and Installing VMware Fusion (2014097)
  3. Troubleshooting Fusion virtual machine performance issues (1015676)
  4. Uploading diagnostic information for VMware (1008525)
  5. Installing VMware Tools in a Fusion virtual machine running Windows (1003417)
  6. Installing Windows in a virtual machine using VMware Fusion Easy Install (1011677)
  7. Troubleshooting networking and internet connection issues in VMware Fusion (1016466)
  8. Uninstalling, reinstalling, and upgrading VMware Fusion (1014529)
  9. Uploading diagnostic information for VMware using FTP (2070100)
  10. Troubleshooting Fusion virtual machine startup issues (1014534)
  11. Upgrading from VMware Fusion 6.x to 7.x (2081993)
  12. Uninstalling and manually installing VMware Tools in VMware Fusion (1014522)
  13. Manually uninstalling VMware Fusion (1017838)
  14. Troubleshooting printer connection issues in VMware Fusion (1014535)
  15. Troubleshooting Fusion startup issues (1003484)
  16. Converting a physical machine for Fusion, Workstation, or Player using Converter Standalone (2005129)
  17. Troubleshooting USB device connection and functionality in a Fusion virtual machine (1027964)
  18. Sharing a folder from your Mac to a virtual machine (1004055)
  19. System requirements for VMware Fusion (2005196)
  20. Resizing a virtual disk in VMware Fusion (1020778)

PCoIP issues with Horizon View Desktops

There are various reasons a user might experience a blank (black) screen when using the PCoIP protocol with Horizon View and our Support Engineers get calls on this every day. These include, but are not limited to:

  • Misconfiguration of connection server settings.
  • vRAM shortage on the View virtual machine.
  • Incorrect video driver version installed on the View virtual machine.

Note: Troubleshoot your PCoIP issues in the proper order

It is important that the steps outlined in KB article:
Troubleshooting a black screen when logging into a Horizon View virtual desktop using PCoIP (1028332) be followed in the order provided in order to quickly isolate and identify the proper resolution. They are also ordered in the most appropriate sequence to minimize data loss. The KB walks you through a serious of checks, verifying that various requirements are met and that your systems are configured properly. You will see many articles referenced as you work through each step. Do not skip steps. A slow, methodical approach works best here.

If you still see a problem after reading through the body of the KB article, there are also a number of related articles listed in the ‘See Also’ section. If you want to be notified when this article is updated there is an rss link you can subscribe to.

Announcement!

Many of you who read this blog also follow our social media accounts @vmwarekb, @vmwarecares, Facebook, and others. When we set out to engage with our customers online we wanted to be both proactive and reactive about it — that is, we would push out content like newly published KB articles, and we would answer customer questions. This has worked really well for us over the years and we thank all of you for helping making the ecosystem richer and a better place to work.

On the flip side, the number of channels tended to grow as new social networks came online. And grow. Eventually, what we ended up doing is confusing our customers as to which channel was for what purpose? We’re fixing that.

To stop this channel creep, over the next few weeks we will be consolidating some channels as follows:

Twitter:

Change: @vmwarekb is being retired. @vmwarecares will be the single voice going forward. We’re going to do this by renaming the vmwarekb account (as it has far more followers) to vmwarecares.

Action: If you currently follow vmwarekb you don’t need to do anything. You will still be subscribed to us, but the name will now be vmwarecares. If you follow vmwarecares currently you will need to re-follow us.

Facebook:

Change: VMware Knowledge Base is being retired and will go dormant. VMware Cares will be the single page going forward.

Action: Please ‘Like’ our VMware Cares.

By consolidating channels we hope to simplify and clarify the contact options to serve you better.

ALERT: Bash Code Injection Vulnerability aka Shellshock

VMware Support AlertOn Sept 24, 2014, a critical vulnerability in Bash (CVE-2014-6271, CVE-2014-7169) was published that may allow for remote code execution. The VMware Security Engineering, Communications, and Response group (vSECR) has been actively investigating the impact this vulnerability may have on our products.

For further information and updates on this vulnerability, refer to KB article:
VMware assessment of Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271 CVE-2014-7169, aka “Shellshock”) (2090740)
.

Note: For information regarding VMware customer portals and web sites, see Impact of bash code injection vulnerability on VMware Customer Portals and web sites (CVE-2014-6271 and CVE-2014-7169, aka “shellshock”) (2090817).

Generating and Troubleshooting SSL certificates in View

VMware View SecurityNext up in our series of VMware View topics, we’re going to talk about security. I spoke with a couple of our top support engineers about View security and they identified three Knowledgebase articles that solve more support requests than any others in the area of security, namely SSL certificates.  They recommend customers use:

In View 5.1 and later, you configure certificates for View by importing the certificates into the Windows local computer certificate store on the View server host. By default, clients are presented with this certificate when they visit a secure page such as View Administrator. You can use the default certificate for lab environments, and one could even make the argument that it is OK for fire-walled environments, but otherwise you should replace it with your own certificate from a trusted CA (Verisign, GoDaddy, others) as soon as possible. They also told me you should use an SSL certificate from a trusted CA when setting up a Security Server for your environment when the Security Server can be used from outside your firewall (Internet) to access View desktops inside your firewall.

My engineers stressed to me the importance of following each step in these KBs one at a time when you are filling out the forms on those sites to obtain your certificate. It is easy to make a mistake and you might not receive something that will work for you.

Note: The default certificate is not signed by a commercial Certificate Authority (CA). Use of noncertified certificates can allow untrusted parties to intercept traffic by masquerading as your server.