Author Archives: SteveD

Horizon Mirage – Failed to authenticate device


Horizon Mirage has been available for some time now.  Although I’ve been exposed to the capabilities this solution brings, attended a couple of Mirage specific VMworld 2013 sessions and completed the Mirage VMware Hands-On labs, I’m yet to get my hands dirty in my own environment.  The other week, I managed to spend a few days installing, configuring and working my way through some of the features and use cases, Mirage brings to market.  I’ll assume readers are up to speed on Mirage in general and the benefits it brings.  There’s numerous blog posts and content already out there covering this.  VMware offers Mirage Fundamentals e-learning course  and I was pleasantly surprised by the content.

VMware_MirageFor anyone with a few hours spare looking to bring themselves up to speed, I would encourage and recommend to view this offering, I found it beneficial and a good refresher for some of the Mirage terms and concepts.


Firstly, my home lab is simply a power workstation with 64GB RAM, three SSD drives, running VMware Workstation 10. There is nothing fancy or complex.  For most part, it’s more than sufficient for my requirements, although of course it does have it’s limitations.

Mirage lab component wise, consists of virtual machines for the Mirage Server and the Mirage Management Server.  In addition I have a Windows 7 Reference Machine and a Windows XP Reference Machine.  Finally, Windows 7 and Windows XP clients (virtual machines – endpoints).


Having installed all the components (above), the Mirage dashboard showed a clean bill of health.  I successfully centralised the devices (endpoints) where I installed the Mirage client, however the endpoints didn’t start the scanning phase and centralising to the datacentre, like below…


From the Inventory in Mirage, All CVDs were still showing ‘Pending Assignment’ and no progress. I even tried installing the client onto a couple of laptops, to verify if perhaps a limitation or configuration issue existed with my lab.

mirage2From the Pending Devices, I promoted my Windows 7 Reference Machine to a Reference CVD.  I then attempted to capture a Base Layer using the wizard.  Same result (no progress), the clients (endpoints) and Mirage server were simply not communicating.

mirage3I verified the usual network checks, such as open ports via telnet and ping\DNS tests among all components.

Mirage Ports and Protocols -

At this point, the Mirage clients were also showing as ‘disconnected’ – I found the following KB article and followed a few of the steps:

Continuing my investigation, I checked the Event Logs within Mirage, and I stumbled across this warning which had been generated from the Mirage Server (source).


A small extract below, from the logs on the Mirage Server (Program Files>Wanova>Mirage Server>Logs)

2014-02-07 14:43:02,335 CTX:(null) [ 27] DEBUG Wanova.Server.Common.Volumes.RealVolumeMounter Creating non-SIS file system for: ([Name='DefaultVolume', Description='The default volume', Path='C:\MirageStorage', Capacity=42,947,571,712, FreeSpace=26,736,009,216, State=Mounted, Id=616766272, UserState=Accepting, ]), optimized path: C:\MirageStorage, verification: True

2014-02-07 14:43:02,335 CTX:(null) [ 27] WARN Wanova.Server.Server.ServerCore Client authentication failed (unexpected exception), request-id=10

System.IO.InvalidDataException: StorageId.dat is not found.

At this point, I recalled during the setup of my Mirage Management Server, leaving the default path of C:\MirageStorage for storage. I checked the VMware documentation @

My Scenario:-

The UNC path to the storage is required whenever Horizon Mirage is installed on more than one host, for example, when the Management server and one or more other servers are each on separate machines.

Typical smaller environment (lab or pilot):-

The use of local storage, for example E:\MirageStorage, is supported for smaller environments where a single server is co-located on the same machine as the Management server

Indeed, the Mirage Server was unable to communicate with this storage path, since it’s a local path on the Mirage Management Server.  I verified storageid.dat existed on the Management Server under C:\MirageStorage\Nonsis


Performed the following steps:-

  • Within Mirage, browse to System Configuration>Volumes
  • Right-click the DefaultVolume and select Unmount
  • Mirage Management Server – Create a share with relevant permissions for the C:\MirageStorage
  • Right-click the DefaultVolume and select Edit
  • Change ‘Path’ to UNC path (created from new share) for example   \\MirageServer\MirageStorage
  • Right-click the DefaultVolume and select Mount
  • Restart Mirage Server service and Mirage Management service.
  • Double check the status of Mirage Server from System Configuration>Servers

Now my endpoints were centralising to the Mirage Server!  I was also able to capture a Base Layer successfully from my ‘Reference CVD’.


In hindsight, because I’m running a lab, I could have setup the Mirage Server and Management Server on the same machine (not recommended for production!). The Mirage Server could then happily see the default path for storage – C:\MirageStorage.

However, my preference is to install\configure as close to real world deployment as possible, as it promotes good habits and cements my knowledge.  Of course, sizing is always an exception in a home lab. The Mirage Server recommendation of 16GB RAM (1500 endpoints) is impossible to justify in most folks lab environment!  I’ve re-sized my server to 4GB and it’s running smoothly enough.

Ultimately the point of the post, is to help anyone who comes across the same Mirage server error ‘failed to authenticate device’, or the Mirage client constantly sits at ‘disconnected’ and you wonder why?  Hopefully, the above may provide some guidance and starting point(s) to trouble-shoot your issue.

External References

Horizon Mirage Essentials book

Mirage Architecture and Use Cases 

Mirage Design and Architecture Detail

Mirage Lab Setup Guide -

Excellent Mirage blog - HorizonFlux

Microsoft Office and VDI – Performance tips

A couple of months back, during a recent engagement, I was trouble-shooting end user performance problems.  To keep it short and sweet, Microsoft Office (Outlook and Word), were monopolizing the CPU.  The virtual desktop just became unresponsive.

Note: Microsoft Office 2013 had been deployed in the parent image.

Platform: vSphere 5.1 and Horizon View 5.2

Whilst investigating and searching for a solution, I came across many articles with tweaks\tips which I put together in a quick Word document.  However, I thought it would be useful for others, as I searched Google extensively for ‘microsoft office vdi performance’

Known Performance Issues

Highly recommend downloading this report -

Windows related settings

  • Disable Windows Search (linked to Outlook)

  • Set ‘Adjust for best performance’ to disable unnecessary Windows visual effects and animations

Microsoft Office 2013 (some apply to Office 2010)

  • Disable Office 2013 animations via registry

  • Check and ensure latest patches are applied
      • MS Word>File>Account>Update Options

  • Use Office customization tool to disable unnecessary settings
  • Install Office 2013 with only necessary applications and features (not all defaults are required)


  • Set to Online mode (no Cached mode)

  • Ensure no OST file being created or stored in user profile on network
  • Disable ‘Reading Pane’ view
  • Disable ‘Live Preview’
  • Disable ‘Hardware Graphics Acceleration’
  • Manage ‘COM Add Ins’ and disable unnecessary add-in’s, if necessary

Microsoft Word

  • Disable ‘Reading View’ aka Reading Pane
  • Set the following:-

Note: The above certainly isn’t a comprehensive list of all tips\tweaks to cure to all issues!  However, it’s a good ’round up’ from my research, whether some of the above are effective or not, it’s a case of picking out the tweaks which best suit the environment and test, test, test and measure the results!

In this instance, because some of the above tweaks didn’t make a major difference for Office 2013 (results with Office 2010 could vary), Office 2010 was re-installed due to growing pressure from the user base, and the virtual desktop performance was much improved.


VCAP-DTA Section 10 Notes

Section 10 – Troubleshoot a View Implementation

  • Objective 10.1 – Troubleshoot View Pool creation and administration issues
  • Objective 10.2 – Troubleshoot View administration management framework issues
  • Objective 10.3 – Troubleshoot end user access
  • Objective 10.4 – Troubleshoot network, storage, and vSphere infrastructure related to View 

**See View Administration guide p379**

Troubleshooting View Components


Troubleshooting KB articles

Virtual desktop is not available

Desktop not available message

Black screen when connecting via PCoIP

Black screen when connecting via PCoIP (2)

Unable to connect using PCoIP

VCAP-DTA Section 9 Notes

Section 9 – Configure Persona Management for a View Implementation

Objective 9.1 – Deploy a Persona Management Solution

  • Create a Persona Management repository
    • Separate from Windows Roaming profile location.  Create share\UNC on file server.
    • Or you can use existing Windows profile location (Persona repository location – leave blank)
    • Set path for new repository in ViewPM.adm settings
  • Implement optimized Persona Management GPOs
    • Add ViewPM.adm to Computer Configuration>Policies>Administrative Templates via new GPO or Local Policy (gpedit.msc)
    • Settings are under VMware View Agent Configurations
    • Settings to enable for optimization are under the following folders:
      • Roaming and Synchronization
      • Folder Redirection
  • Implement optimized Windows Roaming Profiles with Persona Management

Deployments where users access both View desktops managed by Persona Management and standard Windows desktops managed by roaming profiles can cause problems. The best solution if the desktops are in the same domain is to use different profiles for the two desktop environments. To accomplish this:

  • Configure Windows roaming profiles (either with Windows GPO settings or on the user object in Active Directory)
  • Configure View Persona Management and Enable Persona repository location
  • Enable Override Active Directory user profile path, if it is configured

This prevents Windows roaming profiles from overwriting a View Persona Management profile when the user logs out of the desktop.

If users will share data between Windows roaming profiles and View Persona Management profiles, configure

Windows folder redirection. In folder redirection group policy settings for user profile folders, be sure to include %username% in the folder path      \\lab-dc\personadata\%username%\MyVideos

You can specify files and folders within users’ personas that are managed by Windows roaming profiles functionality, instead of View Persona Management. You use the Windows Roaming Profiles Synchronization policy to specify these files and folders.

Persona Management deployment guide

Objective 9.2 – Migrate a Windows Profile

  • Ensure pre-requisites are met for a profile migration
    • Run the migration utility on a Win 7 or Win 8 32-bit system, because most V1 profiles are 32-bit
    • Run the migration utility on a Win 7 Win 8 physical computer or virtual machine
    • Ensure network access to v1 profiles and login as administrator on Win7\Win8 machine
    • Ensure users are not logged in and don’t use their profile until migration complete

User profile migration

  • Perform profile migration using migprofile.exe

When you install View Agent with the View Persona Management setup option on a virtual machine, the migprofile.exe utility is installed in the directory \VMware\VMware View\Agent\bin

    • migprofile.exe [/s:source_path] [/t:target_path] [/r-:] [/takeownership] [config_file]

The following example migrates all V1 user profiles under the \\file01\profiles folder to the same location. V2 user profiles are created with .V2 appended to each user’s root folder name. The utility takes ownership of the user profiles during the migration:

    • migprofile.exe /s:\\file01\profiles\* /takeownership
    • migprofile.exe “/s:\\test\c$\documents and settings\user” /t:\\file01\profiles\ /takeownership /r-
  • Modify migration configuration file 

Note: Copy the content from the official documentation into notepad, then save as .xml to create the configuration file.  Modify as needed.

Migration file configuration

VCAP-DTA Section 8 Notes

Section 8 – Secure a View Implementation

 Objective 8.1 – Configure and Deploy Certificates

Configure two Factor/Smart Card Authentication including truststore

  • Obtain the root CA certificate or export the certificate from the Microsoft CA (PKI)
  • Verify that the keytool utility is added to the system path on your View Connection Server or security server host (see Administration guide). Location below:-
    • VMware\VMwareView\Server\jre\bin
    • On your View Connection\Security Server, use the keytool utility to import the root certificate into the server truststore file.
    • keytool -import -alias alias -file root_certificate.cer –keystore truststorefile.key
    • Copy the truststore file to the SSL gateway configuration folder on the View Connection\Security server.
      • o   VMware\VMwareView\Server\sslgateway\conf\truststorefile.key
    • Create or edit the file in SSL gateway configuration folder on View Connection\Security server h
      • VMware\VMware View\Server\sslgateway\conf\
    • Example shown below, specifies that the root certificate for all trusted users is located in the file lonqa.key, sets the trust store type to JKS, and enables certificate authentication.
      • trustKeyfile=lonqa.key
      • trustStoretype=JKS
      • useCertAuth=true
    • Restart the View Connection\Security Server service.
    • Configure Smartcard authentication via View>Config>Servers>Connection Servers
      • Optional or Required
    • Configure any smartcard removal policies in same window
    • Restart View Connection Server service

Configuring smartcard authentication

VMware Pubs 

  • Configure and deploy View certificates
    • Install Microsoft CA role as ‘root CA’ on server
    • Use provided template for request.inf  - VMware KB
    • Amend as required (Country can only be 2 letters). Include SAN entries, if required.
    • Use certreq tool to generate a request using   certreq –new request.inf request.txt
    • Browse to CA server http://server/certsrv and choose Request Certificate>Advanced Certificate
    • Submit a certificate request using Base-64-encoded…
    • Paste the request.txt contents into the ‘Saved Request’ field and submit.
    • Change Certificate template to ‘Web Server’
    • Download certificates and import into certificates local computer on specific server (Connection\Security\Composer). Import into Personal>Certificates
    • Open properties of old certificate, rename ‘Friendly name’ to ‘old-vdm’ old certificate
    • Open properties of new certificate, ensure ‘Friendly name’ is set to ‘vdm’
    • Restart View Connection Server service
  • Configure certificate revocation checking using the file

Create or edit the file in the SSL gateway configuration folder on the View Connection\Security Server – VMware\VMware View\Server\sslgateway\conf\


Example file:-






Smartcard revocation checking

  • Perform a certificate replacement using sviconfig

View Composer requires an SSL certificate that is signed by a CA (certificate authority). If you intend to replace an existing certificate or the default, self-signed certificate with a new certificate after you install View Composer, you must import the new certificate and run the SviConfig ReplaceCertificate utility to bind your new certificate to the port used by View Composer

  • Stop View Composer service
  • ProgramFilesx86>VMware>Composer
  • SviConfig –operation=replacecertificate –delete=false
  • Start View Composer service

Objective 8.2 – Harden View Components and View Desktops

**See View Administration and View Security guides**

VCAP-DTA Section 7 Notes

Section 7 – Configure and Optimize View Endpoints

Objective 7.1 – Perform View Client Installations

  • Perform manual installation for desktop clients
  • Configure silent installation options for desktop clients
    • For a View Client Silent installation, open a command prompt on the machine where you want to install the View Client and run this command:
      • VMware-viewclient.exe /S /V”/qn
      • VMware-viewclient.exe /S /V"/qn DESKTOP_SHORTCUT=0 VDM_SERVER=<IP-Address> INSTALLDIR=C:\VDM RDPCHOICE=0 REBOOT=Reallysuppress
  • Configure options for various clients
    • REBOOT=Reallysuppress suppresses a reboot after the install. If you remove REBOOT=Reallysuppress, the machine automatically reboots after the install.
    • VDM_SERVER defines the Connection Broker.
    • DESKTOP_SHORTCUT=0 prevents a shortcut from being placed on the Desktop. A shortcut is placed on the Desktop by default. If you do not want a shortcut, set the value to 0.
    • INSTALLDIR=C:\VDM specifies the installation path.
    • RDPCHOICE=0 prevents RDP from being enabled. After the installation, RDP is enabled by default. If you do not want RDP to be enabled, set the value to 0

Performing a silent install for VMware View Client or Agent

View Clients

VCAP-DTA Section 6 Notes

Section 6 – Configure and Optimize View Display Protocols

 Objective 6.1 – Configure PCoIP and RDP for Varying Network Conditions

  • Determine appropriate configuration parameters based on network performance

Consider configuring the following settings for special use cases:

  • Image quality levels
  • Maximum Initial Image Quality
  • Minimum Image Quality
  • Maximum Frame Rate
  • Network settings
  • Configure the maximum PCoIP session bandwidth
  • Configure the PCoIP session bandwidth floor

See VMware-View-5-PCoIP-Network-Optimization-Guide

  • Configure QoS and CoS settings for PCoIP

See above objective.

To ensure proper delivery of PCoIP, tag it in Quality of Service (QoS), so that it competes fairly across the network with other real-time protocols. Also prioritize PCoIP above other non-critical and latency-tolerant protocols (such as file transfers or print jobs). Failure to tag PCoIP properly in a congested network environment leads to PCoIP packet loss and a poor user experience, as PCoIP adapts down in response

If traffic shapers are being used, use them in conjunction with a scheduling queue, and assign high priority to this queue based on the CoS value set for PCoIP traffic. This is CBWFQ.

From a vSphere perspective, consider Class of Service (CoS) and Network IO Control.  These can be configured via a Virtual Distributed Switch.


Objective 6.2 – Configure Group Policies for PCoIP and RDP

  • Identify and resolve group policy conflicts
    • gpresult /r  on machine
    • gpupdate /force
    • Resultant Set of Policy wizard – Group Policy Management

GPO Loopback processing


Objective 6.3 – Analyze PCoIP Metrics for Performance Optimization


  • Interpret PCoIP log files

View Agent log files are found in:

  • Windows XP
    • Documents and Settings\All Users\Application Data\VMware\VDM\logs
  • Windows Vista and Windows 7
    • ProgramData\VMware\VDM\logs

The virtual desktop PCOIP logs are called pcoip_agent*.log and pcoip_server*.log and they are located in the same location as the agent logs on the view desktop.

The client PCoIP logs are called pcoip_client*.txt and are located in the user’s %temp% directory on Windows Clients.

The location of View Client log files:

  • Windows XP
    • C:\Documents and Settings\%username%\Local Settings\Application Data\VMware\VDM\Logs\
  • Windows 7 and Windows Vista
    • C:\Users\%username%\AppData\Local\VMware\VDM\Logs\

VCAP-DTA Section 5 Notes

Section 5 – Integrate ThinApp into a View Implementation

 Objective 5.1 – Create a ThinApp Repository

  • Create and configure a ThinApp repository
    • Create folder and Windows share, including shares & NTFS permissions
    • View Administrator>ThinApp Configuration    Use UNC path….i.e.  \\myserver\share\applications
  • Configure a ThinApp repository for fault tolerance using DFS or similar tools
    • Setup DFS on File Server1 – Add feature ‘DFS’ to Role ‘File Services’
    • Create ‘domain-based’ DFS and add target folder(s).  Ensure a share is created first for folder
    • Setup DFS on File Server2 – Add feature ‘DFS’
      • ‘Create a namespace later’ option, then install
    • Ensure target (shared folder) available on both sites
    • On File Server1, run Create Replication Group wizard, with Primary server (pushing data).

Objective 5.2 – Deploy ThinApp Applications using Active Directory

  • Create an Active Directory OU for ThinApp packages or groups
    • Create AD OU – Add security group(s) of users
  • Add users to individual ThinApp package OU or group
    • Add users to security group in AD for ThinApp deployment
    • When creating package, ThinApp allows assignment of permitted security (groups\users) from AD
  • Leverage AD GPOs for individual ThinApp MSIs
    • Create GPO linked to OU for MSI deployment (Software Installation)
    • Select either User (requires user logon) or Computer (applied at startup) Configuration
    • Select ‘Assigned’ to install, or ‘Publish’ to allow user to select through Add\Remove Programs
    • Point policy to MSI file on network share specified as UNC path (place .exe file along with .MSI file)
    • Add security group to GPO (or leave default Authenticated Users) and ensure Read & Apply Group Policy permissions on Delegation tab
  • Create and maintain a ThinApp login script

In View Administrator you are unable to register application using ThinApp to specific users, only to pools\desktops.  Therefore, assignment to users requires a script and GPO

  • Place Thinreg.exe alongside script batch file.  Use sysvol\netlogon on DC or ThinApp repository.
  • Use Group Policy to apply script, link to AD OU containing specific users or group
    • User Configuration>Windows Settings>Scripts>Logon

 Objective 5.3 – Compile and Deliver Full or Streaming Applications

  • Build and modify a ThinApp project
    • Use ThinApp 4.7.2 – Pre-scan\Install App \Post Scan\Build

Update the application\package, remove\add features or config.  Use sbmerge to merge contents from sandbox to package.

    • Use a PC with ThinApp, cmd to C:\Program Files x86\VMware\VMware ThinApp\
    • Sbmerge.exe apply –projectdir “C:\Mozilla Firefox”
    • Sbmerge.exe apply –projectdir “\\lab-dc\ThinApp\Applications\Mozilla Firefox”
    • Run build.bat to re-create the project (update exe and MSI) with new changes
  • Configure MSI streaming
    • Edit package.ini during capture\build phase
      • Set the following parameter within the file    MSIStreaming=1
  • Deploy ThinApp applications to desktop pools
    • View Administrator (deploy ThinApp packages from Pools or Desktops)
  • Configure ThinApp entitlement using View Administrator
    • Inventory>ThinApps
    • Desktop Properties>ThinApp Assignment
    • Pools>Test1>Inventory>ThinApps

See blueprint documentation – ThinApp manual, ThinApp reference architecture and deployment guides.

VCAP-DTA Section 4 Notes

Section 4 – Create, Customize, and Deploy View Desktop Images

 Objective 4.1 – Build, Upgrade and Optimize a Windows Desktop Image

  • Create, configure, optimize and maintain a base Windows desktop image for View Implementation

PDF guide – VMware-View-OptimizationGuideWindows7-EN

Target master image (parent) – Virtual machine hardware

  • Remove floppy drive and other devices not required
  • Memory – Depends on use case (Windows 7 generally 1.5GB-2GB)
  • CPU – Depends on use case (generally start with 1 vCPU)
  • BIOS – Disable unnecessary LPT and COM ports
  • Disk controller – LSI Logic SAS controller for Win7\8

Windows Guest OS

  • Install latest version of VMware tools
  • Install View Agent – selecting appropriate options during install such as Persona management
  • Optimise the image with Commands.bat (if available during exam?)
  • Run ipconfig/release if preparing for image for full or linked clones.  Shut down VM and snapshot ready for View.
  • Adjust for best performance
  • Select high performance power option
  • Set sound scheme to ‘No sounds’
  • Turn off system protection (system restore) for C:\

Disable following services:-

  • Background Intelligent Transfer Server
  • BitLocker Drive Encryption
  • Branch Cache
  • Computer Browser
  • Diagnostic Policy Service
  • Disk Defragmenter
  • Indexing Service
  • IP Helper
  • Security Center
  • Superfetch
  • Tablet PC Input
  • Themes
  • Windows Backup
  • Windows Defender
  • Windows Search
  • Windows Update
  • WLAN AutoConfig

Customizations via Group Policy (disable the following)

Computer Configuration > Administrative Templates > System > System Restore

Computer Configuration > Administrative Templates > Windows Components > Windows Defender

Computer Configuration > Administrative Templates > Windows Components > Windows Sideshow


Objective 4.2 – Deploy Applications to Desktop Images

  • Identify MSI installation options

/s option is required to run a silent installation.

/v “command_line_options”

Instructs the installer to pass the double-quote-enclosed string that you enter at the command line as a set of options for MSI to interpret. You must enclose your command-line entries between double quotes

/qn    Instructs the MSI installer not to display the installer wizard pages

For example, you might want to install View Agent silently and use only default setup options and features:  VMware-viewagent-y.y.y-xxxxxx.exe /s /v”/qn”

REBOOT=ReallySuppress option to allow system configuration tasks to complete before the system reboots.

MSI Install options

MSI Properties for Silently Installing View Agent






MSI Properties for Silently Installing View Client




VCAP-DTA Section 3 Notes

Section 3 – Deploy, Manage, and Customize Pool Implementations

 Objective 3.1 – Configure Pool Storage for Optimal Performance

  • Implement storage tiers
  • Optimize placement of replica virtual machine
  • Configure disposable files and persistent disks
  • Configure and optimize storage for floating or dedicated pools
  • Configure overcommit settings
  • Determine implications of using local or shared storage
  • Configure View Storage Accelerator and regeneration cycle

VMware Horizon View Storage Optimisation

VMware Horizon View Storage Considerations

Objective 3.2 – Configure and Manage Pool Tags and Policies

  • Configure tagging for specific Connection Server or security server access

P 132 and 150 (Administration guide)


Objective 3.3 – Administer View Desktop Pools

  • Create and modify full or linked-clone pools
  • Create and modify dedicated or floating Pools
  • Build and maintain Terminal Server or manual desktop pools
  • Entitle or remove users and groups to or from pools
  • Refresh, recompose or rebalance pools

P 87-147 (Administration guide)