Troubleshooting Instant Clones in the Internal VM Debug Mode
Last Updated 09/01/20171
Add To MyLibrary
<Ask New Question
You can use the internal VM debug mode to troubleshoot internal virtual machines in instant-clone desktop pools. With the internal VM debug mode, you can analyze failed internal virtual machines before these virtual machines are deleted. You must enable the internal VM debug mode before you create an instant-clone desktop pool.
Procedure
In the vSphere Web Client, select the master VM, and click Manage > Configure > VM Options > Edit > VM Options > Advanced > Edit Configuration.
The Configuration Parameters window displays a list of parameter names and values.
In the Configuration Parameters window, search for the cloneprep.debug.mode parameter.
If the master VM does not have the cloneprep.debug.mode parameter, you must add cloneprep.debug.mode as the parameter name and add a value of ON or OFF. If the master VM has the cloneprep.debug.mode parameter, you can change the value of the parameter to ON or OFF.
Enable or disable the internal VM debug mode for internal VMs.
To enable the internal VM debug mode, set the value of cloneprep.debug.mode to ON. If you enable the internal VM debug mode, the internal VMs are not locked and cannot be deleted by Horizon Server.
To disable the internal VM debug mode, set the value of cloneprep.debug.mode to OFF. If you disable the internal VM debug mode, the internal VMs are locked and can be deleted by Horizon Server.
For instant clones actions such as prime, provision, resync, or unprime, the internal virtual machines use the value set in the master virtual machine. If you do not disable the internal VM debug mode, then the VMs remain in vSphere till you delete the VMs.
Instant Clones provisioning fails with the error: "Unable to prepare migration" (60397)
Last Updated: 12/19/2018Categories: Troubleshooting1Language:subscribe
Symptoms
When creating a new Horizon Instant Clones pool or during Push Image/Maintenance operation on Horizon Instant Clones pool, you experience these symptoms:
Some of the Horizon Instant Clones fail with the error:
Unable to prepare migration.
This error is visible on vCenter Server tasks for all the clones that failed.
Cause
This issue occurs because very rarely on vSphere 6.7, a cp-parent VM fails to quiesce properly. This causes "Unable to prepare migration" error when creating Horizon Instant Clones.
Resolution
This is a known issue affecting VMware vSphere 6.7.x with Horizon 7.5 and later.
Currently, there is no resolution.
Workaround
To work around this issue, follow either one of the workarounds:
Workarounds for on-prem Horizon deployment
Workaround #1
Identify the cp-parent VM that is causing the failures by looking at the vCenter Server tasks.
Navigate to the host on which this cp-parent VM resides.
Set InstantClone.Maintenance attribute to value 1 in "Custom Attributes" on the the "Summary" page of the host. This deletes all the cp-parent VMs from the host, including the problem one.
Once the cp-parent VMs are deleted, the host InstantClone.Maintenance will be set to 2.
Edit the InstantClone.Maintenance attribute value to an empty string.
Enable provisioning on the pool or recover the clones in error state.
Workaround #2
Identify the cp-parent VM that is causing the failures by looking at the vCenter Server tasks.
Navigate to the host on which this cp-parent VM resides.
Put the host into maintenance mode. This deletes all the cp-parent VMs from the host, including the problem one. The host will enter maintenance mode once all cp-parent VMs on it are deleted.
Exit the host from maintenance mode.
Enable provisioning on the pool or recover the clones in error state.
Workaround for Horizon instances on VMC
Identify the cp-parent VM that is causing the failures by looking at the vCenter Server tasks.
Navigate to the host on which this cp-parent VM resides.
Power off the cp-parent VM and delete it.
Enable provisioning on the pool or recover the clones in error state.
Horizon 8 2006 is now available and I am using this new release exclusively moving forward for new installations and upgrades. So far I have been pleased with the ease of implementation and configuration, upgrades and ability to utilize vSphere 7.
Below are some really good links to review before going down the Horizon 8 Path and some details from https://techzone.vmware.com/blog/whats-new-vmware-horizon-8-2006-cart-app-volumes-and-dynamic-environment-manager
Here are some of the most notable new enhancements and updates to the platform:
Branding and Versioning. We’ve moved to the YYMM-style format to version the Horizon Server, Horizon Client and Horizon Agent. This new format applies to product installations and Horizon Console as well.
Updates to Core Platform. Horizon 2006 now supports parallel upgrades of Connection Servers. Note that this applies to a maximum of 3 pods at a time in parallel. If another host in a local or global pod is in an inconsistent state, the installer is blocked.
Up to 32 GB of cache in CBRC 2.0 is now supported, up significantly from 2 GB in CBRC 1.0.
False memory alarm for IC Parents on vSphere 7.0 can be removed.
Note that now HTML is on by default for desktop pools and RDSH farms.
Deployment Options. You can now choose your deployment environment when you set up a new pod, during the connection server installation process. The following deployment environments are supported, and help you determine how the installation will be completed:
General (typical vSphere On-Premises)
AWS (either VMware Cloud on AWS, or EC2 Native)
Dell EMC (the VMware Cloud on Dell EMC solution)
Azure (the Azure VMware Solution solution)
Google Cloud (the Google Cloud on VMware Engine)
Oracle Cloud (the Oracle Cloud on VMware Engine) Note: This option is available only when setting up a new pod. Subsequent pods use the deployment options that were set in the first.
Digital Watermark. You now have the option of configuring a digital watermark for ownership protection, authenticity, and verification of intellectual property. This allows you to prove ownership and establish a chain of custody on your property. You can set up variables in the watermark, such as IP address, username, domain name, and so on, as well as customizing the opacity, margin, and layout.
REST API. This release offers a plethora of new endpoints, including entitlements and inventory sections that include many new options. This release also includes a Swagger UI that is available locally on the installation. Visit https://<FQDN of your connection server>/rest/swagger-ui.html to see the REST APIs, learn about them, explore their endpoints, and test them out. For more information, see Using the VMware Horizon Server REST API. https://techzone.vmware.com/resource/using-vmware-horizon-server-rest-api
Smart Provisioning. Horizon automatically choose the type of desktop to create, based on density of VMs per host in selected cluster. Low density types are created without parent VMs, high density are created with parent VMs. Horizon directly clones replica without a parent VM, which takes a lot of memory and disk space. This lowers the number of parent VMs in lower-density clusters, and reduces the footprint. For high density, traditional instant clones are created with parent VMs. To learn how this works, including how to force it instead of relying on the automatic functionality, see VMware Horizon Version 8 (2006) – Feature Overview: Instant Clone Smart Provisioning.
Feature mapping. If you compare Horizon 8 (2006) to Horizon 7, you will notice some deprecated features, such as linked clones in the Composer and persistent disks. These features still exist, but are slated to be removed in a future version. Some features have been removed, such as support for older versions of Windows, the JMP Server, persona management, FLEX admin, ThinPrint, and Security Server, all of which have been replaced by newer functionality. Note that instant clones are now available across all license types.
Deprecation notifications have been added to the UI to remind you of the features that are now deprecated and slated to be removed in a future release.
Linked Clone/Instant Clone Gaps. There are a few feature gaps between linked clones and instant clones, which might be reason to continue using linked clones until the gaps are filled. Gaps include unique BIOS IDs, multi-NIC, Sysprep for Instant Clones, and statically assigned computer names.
Horizon Console
You will find the following new features and enhancements in the VMware Horizon Console:
General Updates
A number of general updates are included in the new Horizon Console, including the ability to set a display name for global entitlements, an improved grid where more detailed data can be displayed in the easy-to-read layout.
Horizon Client Restrictions
This release includes a restriction against connecting with older Horizon Clients:
In Global Settings, you can configure multiple criteria for what to block, and set up a customized warning message to remind users to upgrade. Only the 8.x (2006) client and later versions can support this warning message (it is not supported on thin clients).
More Detail on Network Display
You can now see many more details on ports, which is helpful when selecting a network during the pool creation process. This includes details about the individual network such as binding, network name, total ports, and available ports, as well as incompatible network types.
In-Product Feedback
You can now send direct in-product feedback to the product teams in 11 languages. The static format is always available (see the bubble in the upper right corner of your console):
The popup format is also available, based on logins and duration. You also have the ability to opt out.
Client Restrictions for Desktop Pools
You can now set it up so that only privileged workstations can connect to a pool. To do this, create an entitlement that restricts both the user and the desktop, so that the specific user must use a specific desktop.
Linux Desktop
You now have support for Red Hat Enterprise Linux 7.8, as well as multi-session support on Red Hat 7.8, 8.1, and Ubuntu 1804. You can set it up by installing a Linux agent with --multiple-session and see a demonstration at https://techzone.vmware.com/vmware?share=video2743.
Blast Extreme
This release gives you a number of improvements to full-screen video and memory utilization in Blast Codec, which is now enabled by default. You can also enjoy support for HEVC 4:4:4 Codec with Intel CPUs, which is the 10th generation of Intel Ice Lake. This is Windows VMs only with the 2006 client, and it is on by default if the hardware exists. In addition, there is support for up to two 8K monitors, and an improvement to how the client topology is sent.
Horizon Agent
This release includes new optimizations in real-time audio and video, including H.265 encode and decode. These optimizations improve the user experience for webcam usage and video conferencing. Support includes Zoom, Microsoft Teams, and Skype for Business, as well as Windows Tablet.
With a new UI, you can set up location-based printing in VMware Integrated Printing. You configure this in the GPO Bundle and set location-based printing parameters, which flow to the endpoint.
Horizon Clients
Each type of Horizon client has new enhancements and updates, including the new Client Restriction Messages mentioned earlier. You will see this option in the UI of all Horizon Clients.
Video and Desktop Sharing Optimization – Microsoft Teams
This popular feature is optimized for video and desktop sharing with Microsoft Teams on Horizon 2006. A specific set of configurations are supported, including Horizon 2006 Server, Horizon 2006 Windows Client, and that has Teams for VDI installed with the per machine option enabled. Note that this is not supported on RDS desktop pools or application pools.
Windows Client
In addition to the new Client Restriction Message mentioned earlier, the Horizon Windows Client also includes Windows 10 2004 support, Microsoft Edge Chromium support for URL redirection, and the option to skip certification revocation list checking.
Linux Client
In addition to the Client Restriction Message, the Horizon Linux Client also now supports Ubuntu 20.04 LTS, full IPv6, custom display resolutions, and an updated SDK that allows you to customize the Linux client and get more brokering and remote sessions data.
Mac Client
In addition to the Client Restriction Message, the Horizon Mac Client now has USB auto-connect for RDSH apps.
iOS Client
In addition to the Client Restriction Message, the Horizon iOS now supports VMware Integrated Printing, including location-based printing options.
Android Client
In addition to the Client Restriction Message, the Horizon Android Client also supports VMware Integrated Printing, as well as the ability to pass the Android device ID to OPSWAT.
Chrome Client
In addition to the Client Restriction Message, Horizon Chrome Client also now supports ChromeOS 81 and ChromeOS 82.
HTML5 Client
In addition to the Client Restriction Message, the Horizon HTML5 Client now supports Edge Chromium, as well as the option to save the monitor layout on Windows, MacOS, and ChromeOS desktop endpoints.
VMware App Volumes
The new release of VMware App Volumes includes a variety of new enhancements and updates, including the new naming convention:
Improvements in this release include performance improvements to speed up user logins, diverse application support, and more. Here’s a summary of some of the most notable improvements:
Microsoft LDAP Channel Binding
App Volumes Manager is upgraded to now communicate with Domain Controllers configured for LDAP Channel Binding, in keeping with the March 2020 ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing. App Volume Manager and App Volumes Agent 2006 4.1 are required, and Channel binding support is enabled by default. Note that the LDAP AVM setting works only if AD LAPServerIntegrity is set to 0.
Assignment Filters – Limit Attachment of Assignments to Specific Computers
You can now limit the delivery of application packages to specific computers by appending the computer’s name to set application assignments. This prevents packages from attaching when users login to an unsupported desktop pool. Note that this is not available when assigning directly to a computer object.
Support was added for:
Microsoft Office 2019
Microsoft SQL Server 2019
Microsoft Windows 10, version 2004
Rolling Upgrades
Rolling upgrades are now supported, meaning you can upgrade from one version of App Volumes to the next with no downtime. You can also update one sever at a time while others continue running. For more information, see App Volumes Installation Guide.
Tech Preview - MSIX App Attach Integration
This release gives you an early-access tech preview of new packaging options and wider format support. App Volumes Manager enables packagers to use the same lifecycle and assignment marker features with different package formats, side-by-side. The App Volumes agent can leverage Microsoft’s native app to attach functions alongside its own App Volumes virtualization format. See the App Volumes Packaging Utility fling, which helps package applications and supplements the VHD with the required metadata before importing.
A number of new features and enhancements come with the latest release of VMware Dynamic Environment Manager.
Editions
New editions are now available: Standard and Enterprise. The Standard edition is available to you if you have new or existing Horizon Standard and Advanced deployments. If you have a Horizon 7.x deployment with current SNS, you will receive DEM Standard with Horizon 8. To learn how to migrate from legacy solutions to modern solutions in detail, see Modernizing VDI for a New Horizon. https://techzone.vmware.com/resource/modernizing-vdi-new-horizon , including scripts to help you automate the process of migration.
Standard Feature List
The standard feature list includes complete personalization, complete condition sets, application profiler, and helpdesk support tool, as well as limited user environment, such as:
Drive Mappings
Folder Redirection
Logon Tasks
Logoff Tasks
Printer Mappings
Privilege Elevation Enhancement
In this feature walk-through, you will see how the privilege elevation feature of Dynamic Environment Manager has been enhanced to run elevated tasks. You have had privilege elevation for executables and application installers in past releases. This release brings a new privilege elevation type, called elevated task. You can use elevated tasks to elevate privileges during login, logoff, session reconnect, and so on. Find out more about how this new feature works:
Manage ADMX Settings
You can use Dynamic Environment Manager to manage user and computer-based ADMX policies without the need for group policy options. You have been able to manage user-based templates in the past, but now computer-based templates are available as well. This streamlines your job by reducing the number of consoles to manage. You have granular control of policy application. Find out more about the benefits and use of this feature:
Unified Access Gateway provides remote connectivity to internal Horizon Agent machines. For an explanation of how this works (i.e. traffic flow), see Understanding Horizon Connections at VMware Tech Zone.
Unified Access Gateway (formerly known as Access Point) is a replacement for Horizon Security Servers. Advantages include:
You don’t need to build extra Connection Servers just for pairing. However, you might want extra Horizon Connection Servers so you can filter pools based on tags.
Between Unified Access Gateway and Horizon Connection Servers you only need TCP 443. No need for IPSec or 4001 or the other ports. You still need 4172, 22443, etc. to the View Agents.
No need to enable Gateway/Tunnel on the internal Horizon Connection Servers.
Additional security with DMZ authentication. Some of the Authentication methods supported on Unified Access Gateway are RSA SecurID, RADIUS, CAC/certificates, etc.
However:
It’s Linux. You can deploy and configure the appliance without any Linux skills. But you might need some Linux skills during troubleshooting.
Horizon View Security Server is still developed and supported so you’re welcome to use that instead of Unified Access Gateway. But some of the newer Blast Extreme functionality only works in Unified Access Gateway (Access Point) 2.9 and newer. See Configure the Blast Secure Gateway at VMware Docs.
Horizon Compatibility – Refer to the interoperability matrix to determine which version of Unified Access Gateway is compatible with your version of Horizon.
UAG version 3.7 is UAG ESB for Horizon 7.10 ESB.
UAG version 3.3.1.0 is UAG ESB for Horizon 7.5.2 ESB.
Open these ports from any device on the Internet to the Unified Access Gateway Load Balancer VIP:
TCP and UDP 443
TCP and UDP 4172. UDP 4172 must be opened in both directions. (PCoIP)
TCP and UDP 8443 (for HTML Blast)
Open these ports from the Unified Access Gateways to internal:
TCP 443 to internal Connection Servers (through a load balancer)
TCP and UDP 4172 (PCoIP) to all internal Horizon View Agents. UDP 4172 must be opened in both directions.
TCP 32111 (USB Redirection) to all internal Horizon View Agents.
TCP and UDP 22443 (Blast Extreme) to all internal Horizon View Agents.
TCP 9427 (MMR and CDR) to all internal Horizon View Agents.
Open these ports from any internal administrator workstations to the Unified Access Gateway appliance IPs:
TCP 9443 (REST API)
TCP 80/443 (Edge Gateway)
Network Profile
Note: in Unified Access Gateway 3.3 and later, Network Protocol Profile is no longer necessary and you can skip this section.
Before importing the Unified Access Gateway OVF, you will need to configure a Network Profile. In vSphere Web Client, go to the Datacenter object. On the right, switch to the Manage (or Configure) tab > Network Protocol Profiles.
Click the plus icon.
In the Select name and network page, enter a name, select the DMZ VM Network for your Unified Access Gateway appliance, and click Next.
In the Configure IPv4 page, enter the subnet information, and Gateway.
Don’t configure an IP pool. Click Next.
In the Ready to complete page, click Finish.
If you are configuring multiple NICs on your Unified Access Gateway, create Network Protocol Profile for the remaining subnets.