Sure! Here is a 500-word blog post based on the information provided:

—

As a VMware WSO user, I recently encountered an issue while trying to connect my WSO Unified Endpoint Management (UEM) to VMware WSO Access. When I tried to save my configuration, I received an error message saying “Save Failed.” In this blog post, I will show you how I solved this problem and was able to successfully connect my WSO UEM to WSO Access.

Before we dive into the solution, let me provide some background information on VMware WSO and its components. VMware WSO is a cloud-based platform that provides unified endpoint management (UEM) for IT teams. It includes features such as device management, application management, and security management. VMware WSO Access, on the other hand, is a component of WSO that provides secure access to enterprise resources.

When I tried to connect my WSO UEM to WSO Access, I received the “Save Failed” error message. After troubleshooting the issue, I discovered that the problem was caused by an incorrect configuration setting. Specifically, the “Use SSL/TLS” option in the WSO Access settings was not enabled.

To resolve the issue, I followed these steps:

1. Log in to your VMware WSO account and navigate to the WSO Access settings.

2. Click on the “Settings” tab and select the “Advanced” option.

3. Scroll down to the “Use SSL/TLS” option and enable it.

4. Save your changes by clicking the “Save” button at the bottom of the page.

After enabling the “Use SSL/TLS” option, I was able to successfully connect my WSO UEM to WSO Access without receiving any error messages. This solution worked for me, and I hope it helps you as well if you are experiencing the same issue.

In summary, the “Save Failed” error message that appears when trying to connect VMware WSO UEM to WSO Access can be resolved by enabling the “Use SSL/TLS” option in the WSO Access settings. This simple step can help you avoid any further issues and ensure a smooth connection between your WSO UEM and WSO Access.

—

I hope this blog post helps you resolve the issue you are experiencing with connecting your VMware WSO UEM to WSO Access. If you have any questions or comments, please feel free to leave them below. I will do my best to respond to them as soon as possible.

Configuring and Replacing License Changes in Aria Automation with Aira Suite Lifecycle Manager

In VMware Aria Automation, license changes can be configured and replaced easily using either the Command Line Interface (CLI) or through the Aria Suite Lifecycle User Interface (UI). This blog post will demonstrate a convenient way to replace license changes using Aira Suite Lifecycle Manager.

Installing New License in Lifecycle Locker

To begin, we need to install the new license in Lifecyle Locker. Locker is an application that helps manage certificates, passwords, and licenses from a single pane. To do this, follow these steps:

1. Open Lifecycle Locker and select “License” from the left-hand menu.

2. Click on the “Add License” button and enter the new license key.

3. Select the “Next” button to proceed with the installation.

4. Once the license is installed, you can verify it by going back to the previous screen and checking that the license key has been added successfully.

Applying New License to Aria Automation in Lifecycle Operations

Once the new license key is installed in Lifecyle Locker, we can apply it to Aria Automation in Lifecycle Operations. Here’s how:

1. Open Lifecycle Operations and select “License” from the left-hand menu.

2. Click on the “Edit License” button for the appropriate Aria Automation instance.

3. Enter the new license key in the “New License Key” field, and select the “Apply” button to apply the changes.

4. Once the request has been finished successfully, you can verify the new license from the Aria Auto CLI using the command “vracli license”.

Verifying New License with Aria Auto CLI

To verify that the new license has been applied successfully, we can use the Aria Auto CLI command “vracli license”. Here’s how:

1. Open a terminal or command prompt and run the following command:

“vracli license”

2. The output should show the new license key that we installed earlier.

Conclusion

In this blog post, we have demonstrated a convenient way to configure and replace license changes in Aria Automation using Aira Suite Lifecycle Manager. We have covered the steps to install a new license in Lifecyle Locker and apply it to Aria Automation in Lifecycle Operations. Additionally, we have shown how to verify the new license using the Aria Auto CLI command “vracli license”. By following these steps, you can easily manage license changes in your Aria Automation instances without any hassle.

VMware Workspace ONE UEM Tunnel: Troubleshooting DNS Related Issues

As an IT administrator, you may face issues with VMware Workspace ONE UEM Tunnel occasionally. In one such instance, users reported difficulty in connecting to applications through the VMware Tunnel, even though the VMware UAG Tunnel Edge Service showed a green sign indicating it was up and running. To troubleshoot this issue, I delved into the UAG Debug log and found several errors related to DNS. In this blog post, I will discuss the steps I took to resolve the issue and the causes of these DNS-related problems.

Symptoms of the Issue

———————-

The symptoms of the issue were as follows:

* Users were unable to connect to applications through the VMware Tunnel.

* The UAG Tunnel Edge Service showed a green sign, indicating it was up and running.

* The UEM Tunnel Test Connection showed “No information to display” occasionally.

* The UAG Debug log showed errors related to DNS.

Troubleshooting Steps

———————–

To troubleshoot the issue, I followed these steps:

Step 1: Check the UAG Debug Log

I checked the UAG Debug log and found several errors related to DNS. The errors were as follows:

* “DNS resolution failed for .”

* “Failed to resolve hostname .”

* “DNS query timed out for .”

Step 2: Check the Network Settings

I checked the network settings of the host running one of the DNS servers and found that the NIC was faulty. This was causing the DNS resolution to fail.

Step 3: Replace the Faulty NIC

To resolve the issue, I replaced the faulty NIC with a new one. This fixed the problem, and everything worked properly again.

Causes of the Issue

———————-

The cause of the issue was the faulty NIC of the host running one of the DNS servers. The NIC was unable to resolve hostnames correctly, causing the UEM Tunnel to fail.

Conclusion

———-

In conclusion, if you face issues with VMware Workspace ONE UEM Tunnel related to DNS, you should check the network settings and ensure that the hosts running the DNS servers have proper network connectivity. Replacing faulty NICs can help resolve the issue quickly. Additionally, checking the UAG Debug log can provide valuable insights into the problem and help you identify the root cause of the issue.

FAQs

—-

1. Can I use a different DNS server other than the one provided by VMware?

Yes, you can use a different DNS server. However, ensure that the DNS server is properly configured and can resolve hostnames correctly.

2. How do I check the network settings of the hosts running the DNS servers?

You can check the network settings of the hosts running the DNS servers by accessing the network settings in the VMware Workspace ONE console.

3. What are some common errors related to DNS that I might encounter while troubleshooting UEM Tunnel issues?

Some common errors related to DNS that you might encounter while troubleshooting UEM Tunnel issues include “DNS resolution failed,” “Failed to resolve hostname,” and “DNS query timed out.”

This is a comprehensive guide on how to manage and delegate tasks within a Pivotal Cloud Foundry (PCF) environment using roles and permissions. The guide covers the following topics:

1. Understanding Roles and Permissions in PCF: This section provides an overview of the role-based access control (RBAC) model used in PCF, including the different types of roles and permissions available.

2. Creating a New Role: This section explains how to create a new role using the PCF command-line interface (CLI).

3. Assigning Roles to Users: This section covers how to assign roles to users using the PCF CLI and web interface.

4. Understanding Permissions: This section discusses the different types of permissions available in PCF, including read, write, and delete permissions.

5. Granting Permissions to a Role: This section explains how to grant permissions to a role using the PCF CLI and web interface.

6. Delegating Tasks to Users: This section covers how to delegate tasks to users using roles and permissions.

7. Best Practices for Managing Roles and Permissions: This section provides tips and best practices for managing roles and permissions in a PCF environment.

8. Conclusion: This final section summarizes the key takeaways from the guide and encourages readers to explore the PCF documentation for more information.

Overall, this guide provides a comprehensive overview of how to manage roles and permissions in a PCF environment, including creating new roles, assigning roles to users, understanding permissions, granting permissions to a role, delegating tasks, and best practices for managing roles and permissions.

Sure! Here’s a 500-word blog post based on the information provided:

Integrating Azure AD with On-premises UEM: A Step-by-Step Guide

If you’re trying to integrate your on-premises Unified Endpoint Management (UEM) solution with Azure Active Directory (Azure AD), you may not see the On-premises MDM application on the list. This can be a bit confusing, but don’t worry – we’ve got you covered! In this blog post, we’ll walk you through the steps to create an On-premises MDM application in Azure AD and configure it with your UEM solution.

Step 1: Sign in to Azure Portal

To start, sign in to the Azure portal at . If you don’t have an Azure account, you can create one for free here.

Step 2: Navigate to Azure Active Directory

Once you’re signed in, navigate to the Azure Active Directory page by clicking on the “Azure Active Directory” tab in the left-hand menu.

Step 3: Click on Mobility (MDM and MAM)

In the Azure Active Directory page, click on the “Mobility (MDM and MAM)” tab. As you can see, there is no On-premises MDM application listed here.

Step 4: Create an On-premises MDM Application

To create an On-premises MDM application, click on the “Add application” button. When you do this, you won’t see an On-premises MDM application to select – instead, you’ll need to create your own application.

Step 5: Create Your Own Application

To create your own application, click on the “Create your own application” button. In the “Create application” page, enter the name “On-premises MDM Application” and then click on “Create”. You’ll see a notification that the application has been added successfully.

Step 6: Configure Your On-premises MDM Application

To configure your On-premises MDM application, go back to the “Applications” tab and select “On-premises MDM Application”. In the “Overview” page, you can configure your UEM solution by providing the necessary details.

Step 7: Verify Your On-premises MDM Application

After configuring your On-premises MDM application, go back to the “Mobility (MDM and MAM)” tab and verify that your application is listed here. If you don’t see it, try refreshing the page or checking again later.

That’s it! By following these steps, you can create an On-premises MDM application in Azure AD and integrate it with your UEM solution. Remember to check the “Mobility (MDM and MAM)” tab to verify that your application is listed – if you don’t see it, try refreshing the page or checking again later.

If you have any questions or comments, feel free to leave them below. Don’t forget to sign up for our newsletter to stay up-to-date with the latest Azure and UEM news!

Here’s the 500-word blog post based on the information provided:

Port-Based Authentication is a security feature that allows only authorized client devices to access the network. In order to prevent unauthorized devices from gaining access, some organizations use Port-Based Authentication. To enable this feature, the client device must have a certificate. Integrating an internal Certificate Authority with Workspace ONE UEM allows you to provide computer certificates to client devices.

To begin, open the Certification Authority and right-click on Certificate Template. Click on Manage and then right-click on Computer to duplicate the template. On the General tab, change the name of the template to ComputerUEM. On the Subject Name tab, choose the Supply in the request. On the Security tab, add the account that has Enroll permission.

Next, log in to WS1 UEM and go to All Settings. Click on Enterprise Integration and then click on Certificate Authorities. Click Add and type a name for the certificate authority. Choose Microsoft ADCS and enter the CA server name and authority name. Also, enter the service account username and password. Click Test Connection and then save.

After setting up the certificate authority, you can create a request template in WS1 UEM. To do this, click on Request Templates and type the name of the template, issuing template, subject name, and SAN type. Click Save.

Now, when you enroll a Windows device, the device will receive a certificate with the device UDID, which can be used for Port-Based Authentication. To enable this feature on your devices, follow these steps:

1. Create a new profile in WS1 UEM and select Windows as the platform.

2. Select Device Profile and type the name of the profile.

3. Add a smart group that will receive the certificate.

4. Go to Credentials and configure the CA and template.

5. Save and publish the profile.

With these steps, you can ensure that only authorized client devices can access your network using Port-Based Authentication. This feature provides an additional layer of security for your organization’s network and devices.

Configuring Horizon Smart Policies with DEM and Horizon Client Properties

In this blog post, we will discuss how to configure Horizon Smart Policies with DEM (Desktop Environment Manager) and Horizon Client Properties to allow endpoints joined to a specific domain to use the clipboard. We will also explore other options available in the Horizon Client Property registry key and show you how to configure them in your environment.

Before we begin, it’s essential to understand that the steps outlined in this blog post are for educational purposes only and should not be attempted on a production environment without proper testing and validation. It’s also important to note that the screenshots and options may vary based on your Horizon version and configuration.

Step 1: Open the Registry on a Virtual Desktop

To configure Horizon Smart Policies with DEM and Horizon Client Properties, we need to open the registry on a virtual desktop. To do this, log in to a virtual desktop through the Horizon Client, and then follow these steps:

1. Press the Windows key + R to open the Run dialog box.

2. Type regedit and press Enter.

3. Navigate to the following registry key: ComputerHKEY_LOCAL_MACHINESOFTWAREVMware, Inc.VMware VDMSessionData1

This registry key contains all the options available for use with Client Property in DEM Conditions. In our case, we will use ViewClient_Machine_Domain.

Step 2: Create a Condition Set in DEM

Open DEM and create a new condition set. In the condition set, select the Property drop-down menu and choose Is equal to. Then type your domain name (Lab.local) in the Value field. This will create a condition set that allows endpoints joined to the Lab.local domain to use the clipboard.

Step 3: Create a Horizon Smart Policy

Next, we need to create a new Horizon Smart Policy and bind the condition set we created to this policy. To do this, follow these steps:

1. Open DEM and go to the Policies tab.

2. Click the Create Policy button and select Horizon Smart Policy from the drop-down menu.

3. Enter a name for your policy (e.g., Allow Clipboard for Lab.local Endpoints) and click Next.

4. Select the condition set we created earlier and click Next again.

5. Enable the Clipboard option, and then click Finish to save your policy.

Now that you have created your Horizon Smart Policy, all endpoints joined to the Lab.local domain will be allowed to use the clipboard when they log in through the Horizon Client.

Other Options Available in the Horizon Client Property Registry Key

The Horizon Client Property registry key (ComputerHKEY_LOCAL_MACHINESOFTWAREVMware, Inc.VMware VDMSessionData1) contains several other options that you can use with Client Property in DEM Conditions. Here are some of the most commonly used options:

1. ViewClient_Machine_OS: This property specifies the operating system of the endpoint device. You can use this property to allow or block specific OS versions from accessing the Horizon environment.

2. ViewClient_Machine_Architecture: This property specifies the architecture of the endpoint device (e.g., x86 or x64). You can use this property to restrict access to specific architectures.

3. ViewClient_Machine_Language: This property specifies the language of the endpoint device. You can use this property to allow or block access based on the user’s language preferences.

4. ViewClient_Machine_UUID: This property specifies the unique identifier of the endpoint device (also known as the universally unique identifier or UUID). You can use this property to identify specific devices and apply policies accordingly.

5. ViewClient_Machine_Manufacturer: This property specifies the manufacturer of the endpoint device. You can use this property to allow or block access based on the user’s device manufacturer.

6. ViewClient_Machine_Model: This property specifies the model of the endpoint device. You can use this property to allow or block access based on the user’s device model.

7. ViewClient_Machine_BIOS: This property specifies the BIOS version of the endpoint device. You can use this property to allow or block access based on the user’s BIOS version.

8. ViewClient_Machine_Firmware: This property specifies the firmware version of the endpoint device. You can use this property to allow or block access based on the user’s firmware version.

9. ViewClient_Machine_Hardware: This property specifies the hardware version of the endpoint device. You can use this property to allow or block access based on the user’s hardware version.

10. ViewClient_Machine_Software: This property specifies the software version of the endpoint device. You can use this property to allow or block access based on the user’s software version.

Conclusion

In this blog post, we have shown you how to configure Horizon Smart Policies with DEM and Horizon Client Properties to allow endpoints joined to a specific domain to use the clipboard. We have also explored other options available in the Horizon Client Property registry key and showed you how to configure them in your environment. Remember to test your policies thoroughly before deploying them to your production environment.

If you found this blog post helpful, please share it with your colleagues and friends who work with Horizon. We value your feedback and would love to hear your comments and suggestions for future blog posts.

Managing Multiple Users on a Single Windows Device with VMware Workspace ONE UEM

In today’s blog post, we will discuss how to manage multiple users on a single Windows device using VMware Workspace ONE Unified Endpoint Management (UEM). We will cover how to enable features, register devices, and manage different user accounts on a shared device.

Enable Features and Register Devices

To manage multiple users on a single Windows device with UEM, you need to have the following features enabled in your UEM SaaS tenant:

1. MultiUserPhase1EnrollmentSupportFeatureFlag

2. DeviceStateChannelInterfaceEnabledFeatureFlag

You can enable these features by creating a support ticket with VMware and requesting that they be activated in your UEM SaaS tenant. Once enabled, you must set the “Default Action For Inactive Users” to “Restrict Additional Device Enrollment” in UEM. Additionally, ensure that “Publish Workspace ONE Intelligent Hub” is enabled.

Registering devices as Corporate-Shared is required for managing multiple users on a single device. To register a device, you need the Serial Number of the machine. You can find the Serial Number using the following command in the Command Prompt:

wmic bios get serialnumber

Once you have the Serial Number, log in to the UEM console and go to the “Devices” tab. Click on “Lifecycle” and then select “Enrollment Status.” Click on “ADD – Register Device” and select “Ownership” as Corporate-Shared. Enter the Serial Number, and click on “SAVE.”

Managing Different User Accounts

To manage different user accounts on a shared device, you need to join the device to Azure Active Directory (AAD). You can do this by following these steps:

1. Log in to Windows using a local admin account.

2. Open the Microsoft account window and click on “Join this device to Azure Active Directory.”

3. Type in the first AAD user account and click on “NEXT.”

4. The first account will always get the local admin permission, and all other accounts will get the user account permission.

5. Click on “Join.”

6. Sign out from the windows local admin account and click on “Other user.”

7. Log in with your AAD first user account, and wait until the device is set up.

At this point, you will notice that Workspace ONE Intelligent Hub is installed automatically, which is required to install IH for all users. Never install Intelligent Hub manually for Shared devices.

Start the Hub and log in as the first user. In UEM, check the current user name. Restart the Windows machine and log in with the second AAD account. Start the Intelligent Hub and log in with the second AAD account. Notice the same machine with different user accounts. Also, check the UEM console to see the different user name on the same Windows machine.

Current Limitations of Shared Devices

While managing multiple users on a single Windows device with UEM is possible, there are some current limitations with shared devices. VMware is working to resolve these limitations with upcoming releases. Some of the limitations include:

1. Only Azure AD users can be managed as Corporate-Shared devices.

2. Only one user can use the device at a time. If multiple users try to log in simultaneously, only the first user will be able to access the device.

3. The device will always enroll using the first user’s credentials, even if other users attempt to enroll the device.

4. Users will not be able to use their own credentials to enroll the device.

5. Shared devices do not support Fully OOBE with Windows Autopilot. You must use the Azure AD join method to connect the device to Azure AD.

Conclusion

Managing multiple users on a single Windows device with VMware Workspace ONE UEM is possible by enabling specific features, registering devices as Corporate-Shared, and joining the device to Azure Active Directory. While there are some current limitations with shared devices, VMware is working to resolve these limitations with upcoming releases. With this information, you can effectively manage multiple users on a single Windows device using UEM.

As an IT professional, I am always on the lookout for new and innovative technologies that can help me streamline my workflows and improve my productivity. Recently, I stumbled upon an old IGEL UD Pocket USB while rummaging through my storage room. To my surprise, it still worked perfectly fine even after all these years!

Excited by this discovery, I decided to test it out in one of my NUC LAB devices running ESXi. After inserting the USB into the device, I was able to boot up the IGEL UD Pocket as a virtual machine (VM) within ESXi. The setup process was incredibly easy and quick, taking only a few minutes to get everything up and running.

Once the VM was up and running, I decided to test out its capabilities by connecting it to VMware Horizon Windows 10 VD. To my amazement, the IGEL UD Pocket USB seamlessly integrated with the Horizon environment and allowed me to access all of my applications and desktops without any hassle.

But that’s not all – the real magic happened when I started using Liquidware Stratusphere UX, an incredibly powerful and easy-to-use monitoring and reporting tool. With just a few clicks, I was able to gather a wealth of information about my Horizon environment, including detailed statistics on application usage, user activity, and more.

One of the things that really impressed me about Liquidware Stratusphere UX is its ability to provide real-time monitoring and reporting. With just a few clicks, I can generate detailed reports on everything from user logons and logoffs to application launches and terminations. This information is invaluable for troubleshooting issues and optimizing my Horizon environment for maximum performance and security.

Another feature that really stood out to me was the ability to create custom dashboards within Liquidware Stratusphere UX. With this feature, I can quickly and easily create a personalized view of my Horizon environment that is tailored to my specific needs and requirements. This allows me to quickly identify any issues or anomalies in my environment and take action to address them before they become major problems.

Overall, I am absolutely thrilled with the performance and capabilities of the IGEL UD Pocket USB and Liquidware Stratusphere UX. These tools have not only saved me time and effort, but have also provided me with valuable insights into my Horizon environment that I never thought possible.

If you’re looking for a reliable, easy-to-use solution for monitoring and reporting on your Horizon environment, then I highly recommend checking out Liquidware Stratusphere UX. And if you have any old IGEL UD Pocket USBs lying around, then definitely give them a try – you might be surprised at how well they still work!

Instant Auto-Removal of Failed Aria Automation Deployments

In a recent project, I was tasked with creating an instant auto-removal feature for failed Aria Automation deployments using a custom day 2 operation in the Aria Automation Deployment API. Specifically, we wanted to execute the deployment resource “delete” action every time a deployment fails, and use an Extensibility subscription to be automatically triggered if the status of the deployment is “FAILED” and the event type equals “CREATE_DEPLOYMENT”.

To achieve this, we used Aria Orchestrator to create a custom action. The actual implementation consisted of the following steps:

1. Create a new workflow for the Extensibility subscription, e.g. name it “Delete Deployment”.

2. Create a new input parameter named “inputProperties” with a type of “Properties”. This input parameter will be used to pass the deployment ID and other properties as needed.

3. Inside the workflow, create a scriptable task with the following JavaScript code:

“`javascript

var vraHostVcoEndpoint = getVraHostVcoEndpoint();

var requestBody = {

“actionId”: “Deployment.Delete”,

“inputProperties”: {

“deploymentId”: ““

}

};

var request = new Request(vraHostVcoEndpoint + “/deployment/api/requests”, null, “POST”, requestBody);

request.setAsync(true);

request.send();

“`

In this code, we first determine the Aria Automation endpoint in the Orchestrator environment using the `getVraHostVcoEndpoint` action. Since we are in a lab environment, we use the default on-premises endpoint. Then, we create a `Request` object with the endpoint, HTTP method (`POST`), and request body. Finally, we set the asynchronous flag to `true` and send the request.

4. To trigger the workflow every time a Aria Automation deployment fails, we create an Extensibility subscription as follows:

“`json

{

“extensibilitySubscription”: {

“displayName”: “Delete Deployment”,

“description”: “Deletes a failed deployment”,

“eventTypes”: [“CREATE_DEPLOYMENT”],

“action”: {

“actionId”: “Delete Deployment”,

“inputProperties”: [“deploymentId”]

},

“filters”: [

{

“filterType”: “AND”,

“filters”: [

{

“filterType”: “EQUALS”,

“property”: “status”,

“value”: “FAILED”

},

{

“filterType”: “EQUALS”,

“property”: “eventType”,

“value”: “CREATE_DEPLOYMENT”

}

]

}

]

}

}

“`

In this subscription, we specify the display name, description, event types, and action. We also define filters to apply to the event, such as status equal to “FAILED” and event type equal to “CREATE_DEPLOYMENT”.

With these steps completed, every time a Aria Automation deployment fails, the custom workflow will be triggered automatically to execute the deployment resource “delete” action. To limit it to a given cloud template, we could use an additional “event.data.blueprintId” condition which specifies the corresponding Cloud template Id.

In conclusion, this feature allows for instant auto-removal of failed Aria Automation deployments using a custom day 2 operation in the Aria Automation Deployment API. By leveraging an Extensibility subscription and the `getVraHostVcoEndpoint` action, we can automatically trigger the workflow every time a deployment fails, and limit it to a given cloud template if necessary.