VMware Digital Workspace Newsletter - Week 19

                 

Weekly highlight:   Best practices for re-enrolling Windows Desktop devices in Workspace ONE UEM (84350) The following are the best practices for re-enrolling a Windows Desktop device into Workspace ONE UEM.  There are three different clients on Windows Desktop devices. Native Device Management Client. (OMA-DM Client) VMware Software Distribution Agent (VMware SfdAgent) Workspace ONE Intelligent Hub Each of the aforementioned client handles different mobile device management (MDM) tasks. You need to make sure associated records are removed for a clean re-enrollment. Please review https://kb.vmware.com/s/article/84350?lang=en_US&source=email for more information         HUBM-5175: On macOS Monterey for Intel devices, the "Force Reboot" functionality in the Software Update profile does not function correctly (88416) For Intel-based macOS devices on macOS 12.0 or higher, the "Force Reboot" functionality in the Software Update payload does not function correctly. If the Workspace ONE Intelligent Hub identifies that an update is available, the user will receive a notification that the update is available and, depending on the configured settings, an option to defer or begin the install. Ultimately, if the user chooses to begin the install, the softwareupdated process will be initiated, but the device will not actually install the OS update. The Workspace ONE team is currently investigating the issue with Apple. Workaround and more info in https://kb.vmware.com/s/article/88416?lang=en_US&source=email   Workspace ONE UEM Windows SCEP Profile certificate request fails when using Certificate Authority with Static Challenge (85956) The Windows SCEP Profile payload fails to successfully install a certificate when using a Certificate Authority that is either: Configured to use Static Challenge Configured to use Dynamic Challenge with a Request Template that is missing EKU Attributes Workspace ONE UEM 21.09 and older When using a Certificate Authority with Static Challenge, the certificate payload must contain the CA Thumbprint. Unfortunately, the Certificate Authority configuration does not include a field to add a Root Certificate. This will be addressed with AMST-27570. Windows SCEP profiles also require the configuration of EKU attributes in the Certificate Request Template. The Windows SCEP profile does not validate the Request Template configuration in the profile UI. This will be addressed with AMST-27570. To deploy a Windows SCEP profile, you must create a Certificate Authority configured to use Dynamic Challenge and a Request Template that contains EKU Attributes. The Workspace ONE team is currently working to implement the required changes to support the use of SCEP profiles for Windows As a workaround, you can use the Dynamic Challenge configuration for Certificate Authorities, making certain to add the relevant EKU attributes in the Request Template as required by Windows. KB-Reference: https://kb.vmware.com/s/article/85956?lang=en_US&source=email   Generate Installation Token in Certificate Signing Portal (88462) New Workspace ONE (WS1) customers with an on premise deployment (perpetual licenses) must generate an installation token within the certificate signing portal (found within the My Workspace ONE portal) as part of their initial Workspace ONE UEM install. This token allows them to manually install WS1 UEM on their server. To go into further detail, the certificate signing portal allows customers to sign a public SSL certificate from their vendor with VMware's unique security key to ensure secure communication between their organization's devices and Workspace ONE UEM during device enrollment. Please follow the provided instructions in https://kb.vmware.com/s/article/88462?lang=en_US&source=email   Configuring VMware Tunnel Client for Standalone enrollment (88457) This KB article outlines the the steps required for configuring the macOS and Windows Tunnel clients for Standalone enrollment. Please review https://kb.vmware.com/s/article/88457?lang=en_US&source=email for instructions on Windows and macOS clients.   HW-145794: How to deploy the VMware Identity Manager Connector in Legacy Mode (88033) This article explains how to deploy the connector virtual appliance in legacy mode. Legacy mode requires allowing inbound connections to the connector appliance installed on-premises. VMware Identity Manager Connector for Windows 19.03.0.1 The VMware Identity Manager connector is an on-premises component of VMware Identity Manager that provides directory integration, user authentication, and integration with resources such as Horizon 7. The connector is delivered as a virtual appliance that is deployed on site and integrates with your enterprise directory to sync users and groups to the VMware Identity Manager service and to provide authentication. More info in KB https://kb.vmware.com/s/article/88033?lang=en_US&source=email.   Connection Server fails to send machine identifiers information to Horizon Agent and it becomes unreachable. (88439) Connection server debug logs have log lines similar to: DEBUG (18D4-1CB4) <HARequestMsgThread> [PendingOperationSet] com.vmware.vdi.desktopcontroller.VirtualCenterDriver@2a4cbc2 Rejecting Prepare from ConnectionServer03 for DeletingNGVC on /DEVDI/vm/InstantCloneTest/SSDS-Pool2/ssds2-8(/DEVDI/vm/InstantCloneTest/SSDS-Pool2/ssds2-8) as operation underway (collision) DEBUG (18D4-1CB4) <HARequestMsgThread> [PendingOperationSet] com.vmware.vdi.desktopcontroller.VirtualCenterDriver@2a4cbc2 Rejecting Prepare from ConnectionServer03 for Configuring on /DEVDI/vm/ManualDesktops/GPU/display-gpu-02(vm-11881) as operation underway (collision) DEBUG (18D4-1CB4) <HARequestMsgThread> [PendingOperationSet] com.vmware.vdi.desktopcontroller.VirtualCenterDriver@2a4cbc2 Rejecting Prepare from ConnectionServer03 for RecomputeDigests on /DEVDI/vm/ManualDesktops/NavySW/NavySW-Rhap01(vm-17591) as operation underway (collision Pending Operations on connection server has become unstable and paticipating connection server nodes started rejecting the operations. One of the cause is network related issues which were present intermittently leading to this type of issue. Failing to send the Configure Pending Operation to persist the machine information in VMX settings marks the agent as unreachable. A cleaner way to restore the environment is to shutdown all the connection servers and perform a rolling reboot operation. KB-Reference: https://kb.vmware.com/s/article/88439?lang=en_US&source=email   End of Availability for VMware Horizon Standard Subscription (88256) VMware is announcing the End of Availability (EOA) of the VMware Horizon Standard Subscription edition, effective April 30th, 2022. After this date, Horizon Standard Subscription will no longer be available for purchase. The EOA will not impact existing entitlements to functionality delivered for existing Horizon Standard Subscription customers through the term of their existing subscription. We are excited to announce that existing Horizon Standard Subscription customers can renew on Horizon Standard Plus Subscription upon their existing term renewal. Horizon Standard Plus Subscription entitles customers to deploy VDI and apps on a single private or public vSphere-based cloud while consuming new SaaS services built for TCO reduction of Horizon environments. Customers may also choose to upgrade to Horizon Enterprise Plus Subscription, which provides enhanced functionality over Horizon Standard Plus Subscription. Additionally, customers may also upgrade to Horizon Universal Subscription if they are consuming multi-cloud SaaS services and/or deploying desktop and apps through Horizon Cloud on Microsoft Azure. For more information on Horizon Standard Plus Subscription, Horizon Enterprise Plus Subscription, and Horizon Universal Subscription, visit http://vmware.com/go/horizon. KB-Reference: https://kb.vmware.com/s/article/88256?lang=en_US   VMware Workspace ONE Mobile Flows End of Life Announcement (85939) We are announcing end of availability for new sales of the VMware Workspace ONE mobile flows service. Mobile flows will reach end of general support on August 30, 2022. This means that any out-of-the-box or custom integrations that have been set up for Workspace ONE Intelligent Hub or Workspace ONE Boxer with mobile flows will no longer be supported after August 30, 2022. The Experience Workflows product will be the replacement for 3rd party system integration for micro-apps in Intelligent Hub. You will need to purchase the add-on for the upcoming product release, Experience Workflows for Workspace ONE. You can also request a beta of Experience Workflows through the EUC Beta Portal or through your VMware account representative. KB-Reference: https://kb.vmware.com/s/article/85939?lang=en_US&source=email   Highlighting High Priority KBs Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971) To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console).  VMware Tunnel Proxy End of Support Life Announcement (87345) VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243) Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022). [Resolved] CRSVC-25521 - Workspace ONE UEM - Guidance for addressing CVE-2021-22054 (87167) The Workspace ONE team has investigated CVE-2021-22054 and has determined that the possibility of exploitation can be removed by performing the steps detailed in the Workaround section of this article. This workaround is meant to be a temporary solution until updates documented in VMSA-2021-0029 can be deployed.   Recently updated or added KBs SNMP Configuration with Unified Access Gateway (83677) Unable to deploy pool: Error: No network communication between the View Agent and Connection Server. (84295) Information on Horizon 8 Extended Service Branch (ESB) (86477) Best practice to make Powermic speech mic device work with Nuance Dragon Medical One efficiently. (87288) VMware Horizon and Horizon Cloud readiness for Microsoft Windows 11 (85960) USB redirected input devices have delay in response time (input lag) with Blast (67759) URL Content Redirection can't work any more once user upgrades Chrome browser to 101 version on Windows Client/Windows Agent/Linux Client. (88398) Behavior changes in Workspace ONE Intelligent Hub 20.05 for iOS (80309) Best practice to make Powermic speech mic device work with Nuance Dragon Medical One efficiently. (87288) When using Microsoft Teams Optimization with Linux client, bluetooth headset microphones may not be displayed in device (88435) HW-156875 Workaround instructions to address CVE-2022-22972 in Workspace ONE Access Appliance (VMware Identity Manager) (88433) User engagement dashboard and directory sync status not showing up last sync activity for vIDM (84304) Ubuntu20.04 Linux VDI full clone or instant clone child vm fails to boot up. (87261) Accessing connection server using HTML access results in the error message: Your session has expired (87762) Connector Failed to load Auth Adapters | Auth Adapters are missing from vIDM Node (84153) AirWatch Management Suites End of Availability (2960383) 'Grant all Permissions' permission payload does not work on Android 8.0 and 9.0 devices (2961039) Microsoft Teams Live Events and Horizon Support. (88274) Monitoring health of Horizon Connection Server using Load Balancer, timeout, Load Balancer persistence settings in Horizon 7.x and 8 (56636) Best practice to make Powermic speech mic device work with Nuance Dragon Medical One efficiently. (87288)   Digital Workspace Techzone, Blog and YouTube Updates A guide to VMware Digital Employee Experience (DEX) resources Come see VMware at an IGEL DISRUPT On Tour event near you! Real-world examples of how ControlUp Scoutbees monitors remote resources   3rd Party Blogs and Industry News Mobile-Jon: Are Workspace ONE DEEM Surveys a Hit? SURVEY SAYS! Techeconomy: VMware Backed Research Suggests Delivering Complete Digital Employee Experience is Essential in the Hybrid Workplace Gagan Singh: Enterprise Federation using VMware Workspace One Access Connector       Patch & Seed Script Updates Week19-2022 OS Updates Seed Script  Most recent update: iOS 15.5.0 (19F5047e),tvOS 15.5.0 (19L5547e),macOS Monterey 12.4.0 (21F5048e) https://resources.workspaceone.com/view/rywydmj6ghb9nmch4ywq/en Last Update: CW14 Seed Script for latest Device Model Information Update Device Model details seed for iiPad Air (Gen 5), iPhone SE (Gen 3) models https://resources.workspaceone.com/view/x8kn6bslt67vwvlgx4ld/en Last update: CW14   Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console Agnostic script to update seed data to allow Android 12 enrollments into the Console. https://resources.workspaceone.com/view/rvfdv9s6mhsh4xgdxf7f/en Last Update: CW44   Workspace ONE UEM 20.11 Patch Level: 20.11.0.44 CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0 CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration CMSVC-16084: UEM discloses smart group details from other tenants https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2011/rn/VMware-Workspace-ONE-UEM-Release-Notes-2011.html#20-11-0-42-patch-resolved-issues-resolved https://resources.workspaceone.com/view/pdwkjgfsb8b57cxvfnpd/en Last Update: CW17 Workspace ONE UEM 21.02 Patch Level: 21.2.0.35 CRSVC-28747: Migrate UEM database table BlobMaster that were encrypted using kv0 CRSVC-28486: Update PasswordMigrationMetadata.json file to include Patch-2 tables and column details for migration CMSVC-16084: UEM discloses smart group details from other tenants https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2102/rn/Workspace-ONE-UEM-2102-Release-Notes.html#21-2-0-31-patch-resolved-issues-resolved https://resources.workspaceone.com/view/48ktw9p6spmq8dflll49/en Last Update: CW17   Workspace ONE UEM 21.05 Patch Level: 21.5.0.55 UM-7437         Automatic LDAP group sync skipped for customer intermittently CMSVC-16057 Evaluate and Improve Scheduler Job resiliency in the event of DB connectivity issue ARES-21981    Device preview page should show exclusions from the current edit only AGGL-11714    Android 11: Work Profile devices are getting Android Legacy Profiles AGGL-11710    CN1919 - DB Systel - Post OP2S migration, Android Devices are consuming commands slowly AGGL-11668    Chrome URLWhitelist/URLBlacklist does not work on the latest Chrome Versions. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2105/rn/Workspace-ONE-UEM-2105-Release-Notes.html#21-5-0-55-patch-resolved-issues-resolved Last Update: CW18   Workspace ONE UEM 21.09 Patch Level: 21.9.0.32 CMEM-186609: Email profile is republished after upgrading iOS devices to iOS 14.8 and iOS 15 (with compliance policy). CMCM-189751: Removing the Content Locker SDK Library Key system code causes an override. AMST-35881: Unable to modify Version field when using File Exists criteria for Windows Desktop applications. AMST-35815: Blobs being served by Directory Services even when they are present in the CDN and Storage Type set to 1. https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2109/rn/Workspace-ONE-UEM-2109-Release-Note.html#21-9-0-30-patch-resolved-issues-resolved Last Update: CW18   Workspace ONE UEM 21.11 Patch Level: 21.11.0.28 CMEM-186612: Delay in adding the device to the allowlist from email list view. UM-7450: Admin Groups not updating after Automatic or Manual sync. CRSVC-28589: GSX certification save failed with password invalid. Docs-Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2111/rn/vmware-workspace-one-uem-2111-release-notes/index.html#resolved-issues-2111026-patch-resolved-issues Last Update: CW19   Workspace ONE UEM 22.03 Patch Level 22.3.05 UM-7449 Admin Groups not updating after Automatic or Manual Sync FCA-202719    Unable to delete devices from console CRSVC-29031  UEM Unenrollment Does Not Send Re-Authentication to User's Other Devices CRSVC-28588  GSX Cert Save Failed Password Invalid CMSVC-16129 Tags Update API fails when organization group id is not passed. AMST-35971   Unable to update internal app assignments for some Windows applications AMST-35916   Blobs being served by DS even when they are present in the CDN and StorageType set to 1 AMST-35879   Windows Application Deployment Commands are only cleared after a manual Query or App Sample Query from UEM Console AMST-35867   Seed v2203.3 patch Hub to UEM https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/2203/rn/vmware-workspace-one-uem-powered-by-airwatch-2203-release-notes/index.html#resolved-issues-22303-patch-resolved-issues Last Update: CW19