VMware Horizon Clients 2312

Last Modified: Jan 25, 2024 @ 7:29 am

Navigation

This article applies to all versions of Horizon Client for Windows, including versions 2312 and 5.5.6.

💡 = Recently Updated

Change Log

Horizon Client Versions

Starting August 2020, the client versioning changed to a YYMM format. Horizon Client 2312 is the latest release.

  • Horizon 8.x no longer supports Horizon Client 5.x and older.
  • Features, like ThinPrint, were removed from Horizon Client 2006 and newer, so don’t use the 2xxx (8.x) clients with Horizon 7.13 and older.
  • Microsoft Teams optimization features depend on Horizon Client version and Horizon Agent version. See VMware Knowledgebase Article 86475 MS Teams Optimization Feature Compatibility Matrix for Horizon 7 and Horizon 8 Recent Releases.
  • Windows 21H2 and Windows 11 are supported with Horizon Client 2111.
  • Horizon Client 2006 and newer no longer support Windows 7, Windows 8.1, or Windows 10 1809.

The Software Updates feature of Horizon Client 5.5 will not upgrade to Horizon Client 2006 or newer. Instead, you must manually download Horizon Client 2006 or newer and install it.

Horizon Client 5.5.3 and newer resolve security vulnerabilities.

Connection Server can be configured to prevent older clients from connecting. Find it in the Global Settings node in Horizon Console.

Windows 10 / Windows 11 Support

  • Windows 10 22H2 and Windows 11 22H2 are supported with Horizon Client 2209 (8.7) and newer.
  • Windows 10 21H2 and Windows 11 are supported with Horizon Client 2111 (8.4) and newer.
  • Windows 10 21H1 is supported with Horizon Client 2103 (8.2) and newer.
  • Windows 10 20H2 is supported with Horizon Client 2012 (8.1) and newer.
  • Windows 10 2004 is supported with Horizon Client 2006 (8.0) and newer
  • Windows 10 1909 is supported with Horizon Client 5.3 and newer
  • Windows 10 1803 is supported with Horizon Client 4.8 and newer

Manual Installation of Horizon Client

The Horizon Clients can be downloaded from http://www.vmware.com/go/viewclients.

  1. Logon to the client machine as an administrator. Administrative rights are required for the Horizon Client installation. You can also push the client silently as described in the next section.
  2. Open a browser and enter the name of your Horizon Connection Server in the address bar (e.g. https://view.corp.local). Use https://.
  3. Click the Install VMware Horizon Client link. If the Horizon Clients are installed on the Connection Server, the client will download immediately. Or, you’ll be taken to vmware.com to download the client.
  4. If you are redirected to the Clients download page (https://customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_horizon_clients/horizon_8), then find the VMware Horizon Client for Windows, and click Go to Downloads. Note: if you are running Horizon 7, then use the Change Version drop-down to select Horizon 7 (5.0) instead of Horizon 8.

  5. Then click Download Now.
  6. On the client machine, run the downloaded VMware-Horizon-Client-2312-8.12.exe.

    • If you want to use the URL Content Redirection feature in Horizon 7 and newer, run the installer with the following switch: /v URL_FILTERING_ENABLED=1.
    • If you want the UNC Path Redirection feature in 2209 (8.7) and newer, then you run the Client installer with the following switches: /v ENABLE_UNC_REDIRECTION=1. You can combine the two switches.
  7. Click Agree & Install. Or you can click Customize Installation. Horizon Client 2203 and newer has an option to Enable Keylogger Blocking, but only in Custom installation. Or Horizon Client 2309 and later let you enable Keylogger Blocking in the Settings interface.

    1. If you selected Customize Installation, you can enter a Default connection server, install Teams Optimization, etc.
    2. Horizon Client 2203 and newer has an option to Enable Keylogger Blocking.
    3. Click Agree & Install when done.
  8. In the Success page, click Finish.
  9. Click Restart Now when prompted to restart.
  10. Note: Horizon Client 2106 and newer have an updated user interface.

Verify URL Redirection

  1. To verify that URL Content Redirection is installed, verify the presence of the file C:\Program Files\VMware\VMware Horizon View Client\vmware-url-protocol-launch-helper.exe.
  2. There’s also an IE add-on.
  3. URL Content Redirection is configured using group policy.

Software Updates

  1. In the Horizon Client, click the hamburger icon on the top right, and click Software Updates. It will be green if there is an update available. Note: Horizon Client 5.5 will not offer an upgrade to Horizon Client 2006 or newer.
  2. There is an option to Show pop-up message when there is an update.
  3. The Horizon GPO Templates for Horizon Client have GPO settings to control the pop-up message. The settings are Update message pop-up and Allow user to skip Horizon Client update.

Install – Horizon Client Silent

Installing Horizon Client From the Command Line at VMware Docs has instructions on how to install the Horizon Client silently. Common methods for installing the client silently include: SCCM and Active Directory Group Policy Computer Startup Script.

Keylogger Blocking

Horizon Client 2309 and newer let you enable Keylogger Blocking if you did not select it during installation.

  1. In Horizon Client, before you open a server, click the Settings button.
  2. On the Security page, set Keylogger Blocking to On. Then restart the Horizon Client.

Launch Horizon Client

To launch a View Desktop or application manually:

  1. From the Start Menu run VMware Horizon Client.

    1. Horizon Client 4.7 and newer has a GPO setting to prevent the Client from being launched multiple times.
    2. Install the Horizon GPO templates if you haven’t already.
    3. Create or edit a GPO that is linked to an OU containing the Horizon Client machines. These are the end-user PCs, not the virtual desktops.
    4. The Block multiple Horizon Client instances per Windows session setting is at Computer Configuration | Policies | Administrative Templates | VMware Horizon Client Configuration.

  2. To change SSL certificate verification:
    • In Horizon Clients version 2106 and newer, click the Settings button on the top right. Switch to the SSL Configuration page. Then make a selection. This is also configurable using Group Policy as detailed at Certificate Validation below.


    • In Horizon Clients older than version 2106, open the Options (hamburger) menu, and click Configure SSL. This is also configurable using Group Policy as detailed at Certificate Validation below.

  3. If there is no server in the list, then use the New Server button on the top left or click Add Server on the top right.

  4. Enter the load balanced FQDN for the Connection Server and click Connect.

  5. You can click the Options menu to Hide the selector after launching an item.

  6. If you want to perform pass-through authentication, click the hamburger icon, and select Log in as current user. This option is only available if selected during installation, the client machine was rebooted, and is not prohibited using group policy. Also, the Connection Server must allow Log on as current user.

  7. Horizon 7.2 and newer have Recursive Unlock, which is enabled by default. See Using the Log In as Current User Feature Available with Windows-Based Horizon Client at VMware Docs.
  8. If you have apps published to an Unauthenticated User, click the hamburger icon, and select Unauthenticated access or Log in anonymously using Unauthenticated Access.

  9. Before connecting to the server, click Settings and then switch to the VMware Blast page. Or click the hamburger icon and then click Configure VMware Blast.

  10. In Horizon Client 4.8 and newer, network condition is determined automatically and no longer configurable in the client.
    1. If your Horizon Client is older than 4.8, then adjust the network condition and click OK. This affects TCP vs UDP for Blast connectivity. Excellent = TCP only. Typical = UDP if the ports are open. Poor = UDP plus packet duplication, which is best for 20% packet loss networks. More info in the Technical White Paper VMware Blast Extreme Display Protocol in Horizon 7.
  11. You can optionally enable Allow High Color Accuracy.

  12. In Horizon Client 2106 and Horizon Agent 2106 and newer, High Efficiency Video Decoding (HEVC) is enabled by default.
  13. Horizon Client 5.2 and newer have an option to Allow Blast connections to use operating system proxy settings, which is deselected by default. You can configure a client-side group policy to enable proxy. Or users can manually enable it.
  14. Double-click the server.

  15. If the certificate is not trusted, click Show Certificate, and then click Continue. To disable this prompt, see Certificate Validation below.

  16. Enter your username and password, and then click Login.

    • Horizon 7.8 and newer no longer send the domain list by default but you can enable it in Horizon Console. Or, instruct users to login using their userPrincipalNames.

  17. If you see too many domains in the Domain list:
    1. You can filter them by running the vdmadmin -N command. See Configuring Domain Filters Using the ‑N Option at VMware Docs.
    2. Horizon 7.1 and newer have an option to Hide domain list in client user interface. If you enable this in Global Settings, then users must enter UPN, or Domain\Username. This is the same place you can configure Horizon to send the Domain List to the client.

  18. If any of your published applications or desktops are configured with a Category Folder, click Yes when asked for shortcuts to appear in your Start Menu or desktop.


    • Horizon Client 5.1 and newer have an interesting command line switch -installShortcutsThenQuit that connects to a Connection Server, creates the shortcuts on Start Menu and Desktop, and then quits. Here is sample syntax:
      vmware-view.exe -serverURL serverurl -loginAsCurrentUser true -installShortcutsThenQuit
  19. If any of your published application icons have Pre-launch enabled, then a session will be started on one of the Horizon Agents that hosts the icon. All it does is create a session; the icon that Pre-launch was enabled on is not launched until the user double-clicks the icon. When the user launches any icon published from the Horizon Agent, it will launch quickly.

    • After the user closes the Horizon Client, the Pre-launch session remains disconnected for the duration specified in the RDS Farm.
  20. If you have a bunch of icons, click one of the icons and then start typing in the name of the icon and it will highlight.
  21. If the pool settings allow it, you can right-click an icon and then select a protocol. VMware Blast is the recommended protocol.


    1. When editing a pool, you can force users to use a particular protocol by setting Allow Users to Choose Protocol = No.
    2. In Horizon Console, at Monitor > Sessions, if you scroll to the right, you can see which Protocol the clients are using.
  22. You can synchronize num lock and cap lock status.
    1. Right-click a desktop icon and click Settings.

    2. The left side of the screen shows all published desktops. On the right, enable the option to Automatically synchronize the keypad, scroll, and cap lock keys.

    3. You can also automatically enable this setting by configuring a client-side group policy setting.
  23. Either double-click an icon, or right-click an icon, and click Launch.

  24. When connecting, you might be prompted to access your local files.

    • You can change your file sharing options by clicking the Settings button (or gear icon) and switching to the Data Sharing (or Sharing page.

  25. If you are connected to a remote desktop, you can use the menu at the top of the screen, click the three dots, and then click Settings.. An interesting option is Autoconnect to this Desktop. This setting is stored on the Horizon Connection Server in LDAP and there doesn’t appear to be any way to automate enabling it.


  26. In Horizon Client 4.4 and newer, administrators can enable a Desktop Pool Setting that allows users to Restart the remote desktop gracefully.

  27. Horizon can show the client’s battery status in the remote desktop. The user will have to click the up arrow in the system tray to see the battery icon. The battery icon is shown in both single-user Virtual Desktops and multi-user RDS Desktops.
  28. There are client-side group policy settings to define a hotkey combination for grabbing and releasing input focus.
  29. The Horizon Client also has a taskbar jump list showing recently launched applications and desktops.
  30. Some of the menu items in Horizon Client can be hidden by configuring Group Policy using the Horizon GPO Templates.

VMware Fling View Auto-Connection Utility: The View Auto-Connection Utility allows you to connect the VMware View Client automatically into a View desktop or an application pool when the system starts up.

Shortcuts and Favorites

In the Horizon Client, once you are connected to a server, you can right-click an icon and click Create Shortcut to Desktop or Add to Start Menu.

In the Horizon Client, each desktop/app icon has a star icon you can click, or right-click an icon and Mark as Favorite. Favorites are stored in the LDAP database on the Horizon Connection Server.


  1. On the top right of the Horizon Client, you can switch to the Favorite view so that only icons selected as Favorites are displayed.

  2. Or switch back to the All View by deselecting the Favorite button.

Support information

  1. In Horizon Client 2106 and newer, in the menu is About VMware Horizon Client.

    1. Or on the Question Mark menu is Support Information.
  2. Users can click this to find the client name, client operating system, Horizon Client version, the Horizon Connection Server name, and entitled desktops.

Certificate Validation

When you connect to a Horizon Connection Server, and if the certificate is not trusted or valid, then the user is prompted to accept the certificate. You can disable this prompt for any client machine that can be controlled using group policy.

  1. Copy the Horizon .admx files to PolicyDefinitions if you haven’t already.
  2. Create a GPO that is linked to an OU containing the Horizon Client machines. These are the end-user PCs, not the virtual desktops.
  3. Edit the GPO.
  4. Go to Computer Configuration | Policies | Administrative Templates | VMware Horizon Client Configuration | Scripting Definitions.
  5. On the right, double-click Server URL.
  6. Set the URL to your Horizon View URL and click OK.
  7. On the left, click Security Settings. On the right, open the setting Certificate verification mode.
  8. Enable the setting and make your choice. No Security will disable the certificate prompt. Then click OK.

Horizon 2306 (8.10) and newer with Horizon Client 2306 (8.10) and newer can enforce certificate checking on the client.

  1. Go to Settings > Global Settings > Client Desired Configuration and click Edit.
  2. Make your choices and click OK.

Device Redirection

Client Drive Redirection

  1. When you connect to a Horizon Agent that has Client Drive Redirection enabled, you are prompted to allow file redirection.

  2. By default, only the user’s local profile is redirected.
  3. You can redirect more folders or drives by opening Settings, or click the Options menu, and click Share Folders.

  4. In the Drive & Folder Sharing tab (or Sharing tab), on the Global Sharing sub-tab, add drives or folders.

    • Horizon Client 2206 and newer with Horizon Agent 2206 and newer have an Exclusive Sharing tab that lets you share a client drive exclusively with the remote desktop for faster file transfer performance. The Storage Drive Redirection feature is installed by default on Horizon Agent 2206 and newer.
  5. The folders or drives you added are now visible within Explorer in the Horizon Desktop.
  6. Client Drive Redirection also works in published applications.
  7. Horizon Agent 7.7 and newer with Horizon Client 4.10 and newer let you drag files from the local machine into the remote machine. This is drag only. You can’t copy/paste. If you drag the file onto a remote application, then then application opens the file.

    1. This feature can be disabled and/or controlled in a GPO that applies to the Horizon Agent. Make sure the Horizon 7.7 or newer GPO templates are installed. In the Computer half of the GPO, go to Administrative Templates > VMware Blast and edit the setting Configure drag and drop direction.
    2. The Configure drag and drop direction setting is also configurable for PCoIP under the Computer-half node named PCoIP Session Variables > Overridable Administrative Defaults.
  8. The client drive redirection prompt configuration is stored in %appdata%\VMware\VMware Horizon View Client\prefs.txt. You can edit this file to disable the prompt. See Rob Beekmans Customizing the VMware Horizon Client sharing pop-up for more info.

  9. Horizon has some GPO settings for Client Drive Redirection that let you control drive letters for client drives in the remote session. Install the Horizon GPO Templates if you haven’t already. Edit a GPO that applies to the Horizon Agents. Then find the settings under VMware View Agent Configuration > VMware Horizon Client Drive Redirection.

Serial Port Redirection

  1. If you connect to a Horizon Agent that has Serial Port Redirection enabled, then a new icon will appear in the system tray.
  2. Right-click the icon to map the remote COM port to the local COM port.

Scanner Redirection

From VMware Blogs Scanner Redirection in Horizon with View: we have added scanner redirection to Horizon with View for use with both VDI desktops and Remote Desktop Session Host (RDSH) applications and desktops. The new scanner redirection functionality in View works by capturing the entire image at the client with the scanning device, compressing the image, and sending that compressed image to the guest in the data center, where the image is presented by a “virtual scanner device” to the application that requested the image capture. The scanner redirection functionality supports both TWAIN and WIA scanning modes and allows images to be captured from both scanners and other imaging devices (such as webcams).

The scanner redirection functionality requires the Horizon Agent version 6.0.2 or later, and the Windows Horizon Client 3.2 or later.

When you install the Horizon Agent component, be sure to select the scanner redirection feature if you want to use it; it is disabled by default. If you are installing the feature onto a server-based OS (Windows Server 2008 R2 or Windows Server 2012 R2) for either VDI desktops or RDSH desktops or applications, then be sure that the Desktop Experience feature (a Microsoft operating system feature) is installed on the server OS first. (This is a prerequisite for installing scanners in a server-based OS.)

After a user makes a connection from a compatible Windows Horizon Client to the new Horizon Agent, a new tool-tray application icon appears. The user clicks the icon to reveal the compatible image acquisition devices available for scanning.

The default mode of operation is, however, that “it should just work,” and the seamless hosted application should be able to acquire an image without needing manual intervention. The user may need to adjust the preferences if more than one imaging device is connected to the client machine, and the user wants to select a specific scanner, or if the user wants to adjust the scan resolution, and so on.

Scanner Redirection Preferences, available by clicking Preferences from the tool-tray icon, allows further configuration of the scanning process, for example, adjusting the default compression applied to the scanning. This can greatly reduce the bandwidth needed to transmit the image (the compression is applied on the client side before the image is transmitted to the guest), but, of course, the more an image is compressed, the lower the image quality. In addition, in the Scanner Redirection Preferences, options are available to adjust the default image capture device (for example, automatic mode, last-used, or an absolute specified device).

These preferences can also be adjusted by way of Group Policy options in the guest OS. A new GPO file (available in the Horizon with View GPO Bundle) allows this configuration. See Configuring Scanner Redirection in Setting Up Desktop and Application Pools in View for more information

Scanner Redirection Caveats

From VMware Communities:

  • Scanner redirection does not create a device on your virtual desktop that matches the name of the actual scanner.  It creates a generic scanner in Device Manager called VMWare Virtual WIA Scanner (or VMWare Virtual TWAIN Scanner I am assuming).  For us this stinks because the image capture software our client uses (Vertex by Jack Henry), has a prepopulated list of scanners you can select.  So if we plug in a Canon-CR50 and select Canon CR50/80 in the application, it does not recognize that this scanner is attached to the virtual desktop.
    1. There is a tick box option in the scanner preferences dialog box titled “Use vendor defined names for TWAIN scanners”. This should solve the issue you mention, and we added it specifically to cover the problematic use case you mention.
    2. This only applies to TWAIN scans, WIA can’t use the vendor name.
  • You must install a TWAIN or WIA driver on your thin client.  If you can’t find a TWAIN or WIA driver, you are out of luck.  For teller check image scanners, we have found no TWAIN or WIA drivers for the TellerScan TS-230, TS-240, or the Canon CR-55.  We have found a TWAIN driver for the Canon CR-50 (from the Canon Europe site no less), but issue #1 above means we are out of luck.

Client Printers

Horizon 7.7 and newer with Horizon Client 4.10 and newer have a new VMware Integrated Printing (aka VMware Advanced Printing) feature that replaces the older ThinPrint technology. ThinPrint is no longer available in Horizon Agent 2006 and newer.

When printing from an application, if you highlight a printer and click Preferences, the VMware Horizon icon on the Layout tab shows you that this printer is using VMware Integrated Printing.

If you open the client printer Properties as an administrator, on the Advanced tab, you will see the VMware Universal EMF Driver.

If older ThinPrint:

  • Inside the virtual desktop, if you go to Devices and Printers, it will look a little weird. To see all of the client printers, right-click on a TP printer and use the expandable menus.
  • But when you print from an application, all printers appear normally.

File Type Association

Some published applications might have file types associated with them. When you double-click a file with the configured extension, you might be prompted to open the file using the remote application.

In Horizon Client, if you right-click an icon and click Settings:

  • On the Applications page (or Sharing page), you can disable this functionality.

It’s also configurable in the client-side registry at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware VDM\Client by creating a String value at named AllowFileRedirection and setting it to false. See VMware Communities for more information.

Session Collaboration

Horizon 7.4 and newer have an Allow Session Collaboration checkbox in Pool Settings and RDS Farm Settings.

This setting enables a VMware Horizon Collaboration icon in the system tray of the remote desktop, which lets you invite users to collaborate.

The invite is a URL that you can run (or click) on the collaborator’s machine that has Horizon Client 4.7 or newer installed.

To give control to the collaborator, double-click the green icon to open the Session Collaboration window. Or open the icon in the system tray.

Performance Tracker

Horizon Agent 7.5 and newer have an optional component called Performance Tracker.

When installing Horizon Agent, the last option is Horizon Performance Tracker. It is deselected by default.

After it’s installed in an RDS farm, you can publish the Performance Tracker as an Application Pool

Or connect to a Desktop and launch it from the Desktop icon.

It can display protocol performance information in graphical or tabular form. The overview UI also shows the name of the Horizon Agent machine.

There’s also a Floating Bar option.

Performance Tracker can be configured to launch automatically:

  1. Install the Horizon GPO templates if you haven’t already.
  2. Edit a GPO that applies to the Horizon Agents. These are Computer settings.
  3. Go to Computer Configuration | Policies | Administrative Templates | VMware Horizon Performance Tracker.
  4. On the right, you’ll see two options for auto starting the Performance Tracker.
  5. Both settings let you Show or Hide the overview UI.
  6. If Hide is selected, then users can open the Tracker from the systray icon.

HTML Blast

From the Horizon Connection Server webpage, you can click the VMware Horizon View HTML Access link to launch a desktop or application inside your browser. While Internet Explorer 9 is supported, some functionality, like clipboard and audio, is only available in Internet Explorer 10 and newer, Chrome and Firefox.

In Horizon 6.2 and later, you can launch applications as well as desktops from HTML Blast.

If you click the star icon then you can Mark the icon as a Favorite. Favorites are stored in the LDAP database on the Horizon Connection Server.

Applications and desktops are launched within the browser window. You can click the vertical lines on the left to switch to a different application or desktop.

You can open the Copy & Paste panel to copy between the local machine and the remote machine.

Thin Clients

VMware View Thin Client Compatibility Guide – Thin Client Device and Model Information. It shows thin client models and the version of Horizon View that is supported with the model.

Repurposed PCs

From Chris Halstead VMware Horizon View AutoConnection Utility: I decided to write an app in .NET that is essentially a wrapper for the View Client.  It creates the command line variables based on what the user configures in the GUI and automatically connects to the specified desktop or application pool.  All of the user configured information is stored in the registry under the current user hive.

The application silently and automatically connects into either a desktop or application pool each time a user logs in by placing it in the startup folder.

Once you have tested your connection, you are ready to enable AutoConnection.  You enable AutoConnection by checking the “Enable AutoConnection” box.   A common use case would be to place the .exe in the Windows startup folder so that every time a user logs in it will automatically connect to the Virtual Desktop.

This will run the application with the GUI hidden and will automatically connect to the specified pool.   The application will minimize to the system tray and a balloon will indicate the connection process is occurring.

Horizon Client Group Policy – Security Settings

The Horizon GPO Bundle includes policy templates for the Horizon Client. See https://www.carlstalhood.com/horizon-group-policy-and-profiles/#viewtemplates to install the ADMX files.

Here are some security GPO settings recommended (VMware Horizon with View Security Hardening Overview) by VMware:

GPO Setting

Computer Config | Policies | Administrative Templates | VMware Horizon Client Configuration | Scripting definitions

Disable 3rd-party Terminal Server plugins = enabled

Computer Config | Policies | Administrative Templates | VMware Horizon Client Configuration | Security Settings

Allow command line credentials  = disabled

Certificate verification mode = enabled, Full Security

Default value of the ‘Log in as current user’ checkbox = disabled

Display option to Log in as current user = disabled

Servers Trusted for Delegation = enabled

 

91 thoughts on “VMware Horizon Clients 2312”

  1. Hi Carl,
    I’m facing issue when after I login to the VDI the mouse is not visible inside the VDI session but when I switch outside the VDI session the mouse is visible. So only inside the Horizon 2312 client session the mouse cursor is not visible. The horizon client and the VDI are both running Windows 11 23H2. The vmware agent and Horizon client are both 2312.
    Any advice?

    Kind Regards
    Gerard

  2. Hello Carl,

    Thank you for the detailed info on Horizon Infrastructure.
    I have a question which VMware is unable to solve.
    How to block VDI URL from getting accessed over public internet and from phone.

    When I enter my vdi URL over public internet. It open below page.

    =============================

    You must use Horizon Client to access this Server.

    Horizon Client may already be installed.
    To connect, start the Horizon Client and enter the server address.
    If the Client is not installed, you may download it from the link below.
    Contact your local Administrator if you have any questions.
    Horizon Client

    1. If you want to completely block it, then remove the public IP or remove the NAT.

      If you only want to disable the web portal, then edit C:\ProgramData\VMware\VDM\portal\portal-links-html-access.properties and set enable.download and enable.webclient to false.

      1. Hello Carl,
        I have tried the second solution to set enable.download and enable.webclient to false (lower case), restarted Connection server and it still shows VDI URL getting accessed via public internet. I am running Horizon version 8.8.0-21073894.

        There was security scan that detected this vulnerability. I have already uninstalled html role from both my connection server so the html access is removed.

        My VDI URL and IP is on F5 VIP with 2 UAGs in the pool.
        Where do we need to remove the NAT or are there any changes we can make at F5 level to block public internet accessing getting to the point where accessing VDI URL gets them to download Horizon client page.

        1. You can create an iRule to only allow internal client IPs to connect to the VIP. Or block it on your firewall.

  3. Hello Carl,

    I’m trying to use the “Session Collaboration” feature. Unfortunately, I keep getting the message “Loading Failed. You are using an unsupported client type or version.” I can send the invitation without any issues, and the invitee receives the email or sees it in the client. Do you have any idea what might be causing this?

    Best regards,
    Özay

  4. Hi Carl,

    Im not able to see the client’s battery status on our VDI sessions.

    Does this need to be configured somewhere? Cant find too much documentation on this…

    Thanks!

  5. Hey Carl – Thanks a ton for all of the content you provide! It is always useful!

    I had a question about VMware Horizon agent compatibility.
    Is the Horizon 2206 agent compatible with Horizon 2303?

    We’re upgrading from 2206 to 2303 and have a ton of pools based on departments application requirements.
    We’re also implementing App Volumes and will be moving everyone into a general pool and assigning them the appropriate App Volumes applications..

    The thought process is that we upgrade to 2303, create a new gold master for the “General pool” that will be the latest and greatest of everything 2303.
    As we develop the App Volumes applications that will remove the need for their department pool, we will migrate them to the new “General pool” while assigning them their respective App Volumes applications (appstacks).

    During this time, because we will ultimately be decommissioning the “Department pools” I had planned to keep those old pools on the 2206 agent rather than go through the effort of updating them since they will be decommissioning ~1-2 months after moving to 2303.

    Do you foresee any issue with this process?

    Thank you!

    1. VMware officially only supports Horizon Agents that are the same version as the Connection Servers, but older Horizon Agents do work.

  6. In a user’s VDI, is there a way you call tell whether applications installed are from the appvolumes or they are applications installed on the golden image

  7. Hi.. Thanks for the awesome guide. I’m new to horizon 8 and just set up windows 10 pool with a tesla p4 vgpu. Over 5ghz WiFi 3d performance is laggy especially when gaming with low details. Are there any optimisation tips to improve performance?

  8. Hi,
    Thx for sharing all this info, it’s saving a lot of time in my case, but i have a question for you, it’s possible to enable copy/paste text and images between the Horizon VDI and the host running it?, can’t see any place where i can setup it, i’m running Horizon client 2206

    1. Are you asking to enable clipboard from Agent to Client? There’s a GPO setting in VMware’s GPO templates that let you enable clipboard redirection in both directions.

  9. Hi, thank you for such a useful information. My concern: My client always opened a new tab in the browser but I wan to use the client itself, any idea on how to change that behavior?

    1. You can use Horizon Client to login to a UAG or Connection Server. You don’t need to use a browser. Is that what you’re asking?

  10. I noticed the command line installation instructions for client 2206 do not mention the INSTALL_TEAMS_REDIRECTION option anymore. Do you know if this option has been dropped, and why?

    v2206 client instructions:
    https://docs.vmware.com/en/VMware-Horizon-Client-for-Windows/2206/horizon-client-windows-installation/GUID-2DDF9C24-A1E9-4357-A832-2A5A19352D61.html

    v2203 instructions for comparison:
    https://docs.vmware.com/en/VMware-Horizon-Client-for-Windows/2203/horizon-client-windows-installation/GUID-2DDF9C24-A1E9-4357-A832-2A5A19352D61.html

  11. Hello, I might not be providing enough info here but if you could help see what could be wrong with my system or point me to what info you need. But I’m able to login and use the desktop and apps through the html access. But when I tried to use the horizon client app I connect then when I connect as my user I get kicked out. With an error message about error reading from tunnel http socket:connection reset by peer. Not sure what that means. But html access works fine.

  12. Hi Carl
    We’re planing to update our Horizon farm to 2111. We’re using still the client 5.0.0 and now I’ve a question about “Horizon 8.x no longer supports Horizon Client 5.x and older.”. That means that it is not supported but it should work till we updated all clients, right?

  13. Carl, Do you of or do you have a list of the custom uri settings that would be in the admx templates for INTUNE or are you aware of a way to get them into intune

    1. Direct connection from Horizon Connection Server has to be enabled to allow this. Currently it would be restricted.

  14. Hi All,

    I’m using Vmware Horizant client. I’m facing issue when I try to connect to the VDI. After I login to the VDI the mouse is not reacting properly inside the VDI but when I switch outside the VDI the mouse is working. Only inside the VDI it is reacting very slowly. I’m using DELL 13 inch laptop. I tried connecting in different laptop and its working fine. Its not working in DELL 13 inch laptop. Can someone help on this please ?

  15. Hi Carl, I’ve issues enabling copy & paste between client and hosted applications (Chrome).
    Horizon 7.12 is my version.

  16. Hi… I have 10000+ Sessions in my infra using CPA.. management needs to know what all horizon view clients versions are used by end users. Please help with step to get that information or any script to export the details

  17. I have devices with the Horizon Client v5.0.0.5596 (auto upgrade is off) and we are going to install 2012 8.1.0.15949 using SCCM. Does the new client upgrade the existing client on the Windows PC or should I remove the previous version prior to installing the new client version?

  18. Hi Karl,

    I’m having a small issue with the VMWARE Horizon Client. We have the 7.11 Version installed. Last week End I have updated my master image with the latest Windows Updates and did some changes to Office and 2 other programs. Until last friday everything was working well, after I have changed the master image and the snapshot in the console, Drive forwarding and sharing are not working anymore, even I’m not getting the message “Do you want to access your local files when using remote desktops and applications”.

    I have tried to setup the settings under the client options, shared more than one drive, but unfortunately when the user login no drives are visible, only the mapped drives appear. I usually share Overdrive folder, we have our folders that are important, nothing on the GPOs has changed, only the master image.
    Any suggestions what should I do to fix this issue?

    1. Did you upgrade the version of Windows 10 in your master image? If so, then you’ll have to uninstall the VMware Horizon software and reinstall it.

          1. Karl,

            You are the best, that fixed my issue. Thank you for your quick help.

            Regards
            Eyad

  19. Hi Carl,
    We are planning to upgrade our 3 App volumes manager servers which are installed on Windows server 2012 to version 4.3 but version 4.3 isn’t supported on Server 2012. We are not sure if we should first do an inplace upgrade for the Windows server 2012 (where appvolumes manager is installed) to server 2016 or should we go with a new server 2016/2019 and create new servers for which we arent sure about the next steps. Please advise.

    1. You didn’t say what version of AppVols you’re running now.

      Typically you build a brand new App Volumes implementation on the new OS and new AppVols version. New load balanced DNS name. Then upgrade your AppVols agents and point it to the new AppVols name.

      1. Makes sense but we have many appstacks already created using Appvolumes version 2.18.2 so if we go this way then aren’t we going to lose all existing appstacks ?

          1. Isn’t there any way to do an in-place upgrade like upgrade the OS of Appvolumes 2.18 server from Windows Server 2012 to 2016 and then upgrade Appvolumes manager from 2.18 to 4.x or create a new server 2019 and join it to existing appvolumes database ? Thanks.

  20. Carl, Have you ever seen issue where a large amount of data can be copied between the Agent and Client(external) or from the Agent to the client(external) via UAG? I had two users that our traffic monitor showed transfer 4Gb of data in a short period of time between the Agent at source port 22443 and the client at a random port. Both of the user’s are on the Client externally, using Blast protocol, and I have disabled any copy/paste, drive redirection, or clipboard redirection via GPO. Both users both also indicated they were not actively on their machine at 2AM. Just wondering how so much data could have been passed from Agent to the Client. Are there any other types of data that regularly get transferred between the two?

  21. Carl, Do you know if it is possible to configure a Wyse/Dell terminal to connect to 2 different connection Servers. Can’t find anything in the config on the terminal or via profile in teradici. Probably an old scenario but we are migrating to a new View estate but will need to run in parallel for a while.

    1. Probably supported during upgrades but not long term. Usually you upgrade the Connection Servers first and then leisurely upgrade the Horizon Agents.

  22. Howto redirect a SmartCard-Reader to an application inside the Desktop VM with Horizon 7.12/2006?
    Not to use as authentication service, but we have an application (DATEV) which needs this for signaturecards to sign secret data transfers. We tried “Allow smartcards”, then nothing happens, no device shows up in the VM (Windows10), we tried “USB-redirection” in addition to allowing smartcards as above. Then strange things happen: when you put in a smartcard before starting the Horizon client connection, you must use the smartcard to sign in (which we don’t use/need). But still, the device does not show up inside the VM in device manager. No success.
    Only if we us “USB-redirection” alone, we have an usable device “smartcard reader” in device manager and when we put in a signature card, we can use this inside our application.
    BUT: we dont have a mouse or touchpad inside the VM anymore, then.
    VMware Support was not of any help, they are thinking about this case for over a week without any progress.
    Any hint is highly appreciated.
    Regards from Germany,
    Philipp

    1. If its a zero client you may need to authorise the pid and vid of the device and then bridge it so that it is in the inside of the VM..

    2. Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmwvscrd]
      “Type”=dword:00000001
      “Start”=dword:00000004
      “ErrorControl”=dword:00000001
      “ImagePath”=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,\
      64,00,6f,00,77,00,73,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
      00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,76,00,6d,00,77,00,\
      76,00,73,00,63,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00
      “DisplayName”=”VMware Horizon View-Smartcard-Redirector”

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmwvscrd\Parameters]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmwvscrd\Parameters\Wdf]
      “KmdfLibraryVersion”=”1.9”
      “WdfMajorVersion”=dword:00000001
      “WdfMinorVersion”=dword:00000009
      “TimeOfLastSqmLog”=hex(b):d2,cd,26,7b,b8,62,d7,01

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vmwvscrd\Enum]
      “0”=”Root\\LEGACY_VMWVSCRD\\0000″
      “Count”=dword:00000001
      “NextInstance”=dword:00000001

      save it as .reg then merge it, restart the machine.. should work … already tested

  23. Hello, is the session collaboration a license software? I have gone through the installation of the Farm and i do not have that option to enable session collaboration.

  24. Hi Carl
    Greetings of the day!

    I am looking for some security policies to restrict users from taking print screen from their Laptops/desktops, as I’ve a use case for my banking customer. Let me know if there is any policy we can apply via admx template or via registry. The setting should be applicable at Virtual desktop level as we might not be able to restrict the Client devices for WFH users.

  25. Hello Carl one of our corporations are now on our domain and using Xendesktop windows 10, however a lot of them are connecting back to VMware horizon and using VMWARE remote via the xendesktop session, do you recommend we should use the latest front end horizon application and are there any similar optimizations which can be implemented similar to how our citrix team optimized the wifica32.exe for legacy XenApp 6.5 access from Xendesktop , The problem we have is constant high cpu usage usually around 30%

    1. Blast? Or PCoIP? There are some group policies for Horizon that can reduce the codecs (e.g. lower frames per second).

  26. Hi Carl.

    Do you know how use GPO – VMware Horizon Client Configuration – URL for Horizon Client online update ? Any examples.

  27. Hi carl:
    when I use Horizon Client Connect virtual desktop,I need modify DNS HOST file! I do not want to do this,I want to use IP,is there a way to do?

    1. Are you getting certificate errors that prevent you from connecting? You could add the IP address in the certificate’s Subject Alternative Name field.

  28. Supporting a small environment that is still on 5.2. After updating some clients to 4.10 they get a disconnection right after clicking on the desktop icon. Has anyone ran into this? Is this due to TLS 1.0 being disabled?

  29. I have installed horizon client 4.9 and some of my thinclients do not show the pool icons. I saw this was an issue with version 3.0. But somehow it’s back. What van I do?

  30. Carl, real interesting one we have here… We’ve been using Horizon VDI for a while. External clients would often choose their connection protocol (BLAST or PCoIP) depending on what worked on their network, usually Blast worked better, but some clients need Scanner redirection which Blast doesn’t support officially, yet.

    Now that we’ve started using Workspace ONE we are forcing external clients to multi factor authenticate (MFA). Since Workspace ONE won’t let a client choose the protocol before connecting them to the pool clients are having display issues (black VM screens) when I believe Blast would fix it, but can’t be selected.

    Is there a registry or GP tweak that we could do on the client’s end to make Blast the default protocol on all new connections? This would only be for those that don’t have to use PCoIP which the pool is at by default.

  31. There’s a weird quirk with the desktop shortcuts. I have three VDI desktops on two different servers, two in my local office and one in corporate HQ, and I created desktop shortcuts for all three. If I launch one local desktop from the shortcut it goes through the normal authentication. When I launch the second local desktop, it skips all that and just opens. So far, so good. If I try to launch the 3rd desktop on a different connection server from the shortcut, it warns me it will disconnect all active desktops/sessions if I continue (and it does if I do). However, if I launch the actual Horizon client, I can connect to that 3rd VM on the other server without affecting the active local ones.

  32. I am trying to add horizon client 4.7 to SCCM but I am needing the msi file. I have read articles saying to open the %temp folder% to get the msi file but I am not seeing it there. any info will help

  33. How are you handling syncing display settings from the THIN Client to the VM. My biggest issue with VDI is getting both the Wyse 5060 and Windows 8.1 VM to start with 1600×900 resolution. Wyse Management Suite only has 1600×1200 as an option and there doesn’t seem to be a clear cut GPO to force resolution. Have you had to address this issue yet?

  34. I have added the relevant registry settings to force sharing local folders by admin only and have added relevant ‘default shares’ as per the VMware documentation and this works great with Windows clients. I cannot find any documentation on how the path of the share should be entered into the registry to work with a Mac OSX client. Any ideas if this is possible with allowing the user to add this themselves with the ‘Sharing’ GUI?

  35. how do i get the login prompted again in the guest OS ? Is there a way to stop the carry through of the Authentication once i have logged into the horizon client ?

  36. Carl,
    Any way to HIDE apps from the horizon client, so it only shows desktops?
    We use Dell and 10zig thin-clients, that are configured to auto launch a desktop if it is the only available item… But we also publish RDS apps… So when a user has “Standard Pool” and one or more published apps…. when they log into the thin-client, it no longer auto-launches their “Standard Pool” as it has one desktop (Pool) and 1 or more RDS Apps…
    We are slowly replacing Citrix with RDS Apps in Horizon…
    We publish all our RDS Apps in Horizon, and users now use the Horizon client to launch the apps they used to use in Citrix (Working great)
    But now they have to select their pool on logon…

    1. I have the same question. Has anyone figured out a way to do this? It was simple in Citrix. Doesn’t appear to be so simple in Horizon.

      1. Maybe create Connection Servers just for the thin clients and then configure Connection Server tags on published apps so they don’t appear on the thin client-specific Connection Servers.

  37. Hi Carl,

    Quick query re: Horizon 7 and published applications. From testing, it seems that if you try and open a file located on a UNC path (i.e.a network redirected folder), and select Open With to launch a published application, the Horizon View client opens the application, but unsuccessfully tries to pass the file through as a \\tsclient hosted file. This of course fails, but suggests that in order to open any UNC hosted files, the user must do this within the published application, rather than leveraging a simple double click. Are you aware of this limitation? Mapping the UNC path as a fixed drive letter is a workaround but surely this is more of a known and widespread issue?

    Thanks

  38. Hi – just a quickie I hope! is there a way to prevent users from right clicking their entitlement (within the HV Client after authentication) and saving the entitlement shortcut to their desktop?

    I have configured a GPO to prevent users from doing this within Windows, but the HV Client still allows this behaviour which we would like to prevent.

    Thanks in advance

  39. All my users are now being prompted for a username/password when trying to download the client from VMware.

    This is via the default link to download the client using Horizon (same as you post above). Any insight into why that is happening?

  40. is there a way to disable completely a user getting any opportunity to share any drives at all? From a security policy we can’t have even the user profile shared or any way for the user to add a drive or folder etc afterwards. It’s not enough that the user says no when prompted about allowing sharing. If it can’t be done from a GPO or something what is the firewall port that perhaps can be blocked that allows client device redirection?

      1. Thanks for the quick reply! Didn’t think it was an agent option that could be deslected. So even though this is a View client issue, by disabling it in the View agent will prevent the Client from redirecting their own local drives?

Leave a Reply

Your email address will not be published. Required fields are marked *