Service – Week 32-2022 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

• With Workspace ONE Control Plane 2022.7.1.525, sensor Last Executed Date reflects timestamp for last sensor value change (89235)
• The VMware team has identified that that with an update to Workspace ONE Control Plane (2022.7.1.525) the Last Executed Date for sensor samples will reflect only the timestamp for the latest change to the sensor value versus the last successful sample communication time. This change was intended to prevent duplicate samples from causing additional downstream impacts while not adding any additional insights to the displayed sensor value within the Workspace ONE UEM Console.
• The applicable use-cases of this feature are being reviewed and will be modified to account for additional scenarios in an upcoming version of Workspace ONE UEM. Please subscribe to this KB for updates as we progress on resolution of this KB.
• As an alternative to the sensors page, the troubleshooting page within the device details pane contains a filter that can be set to display a comprehensive set of sensor sample information which can be used to achieve similar use-cases around active communication and healthy device states.
• KB-Reference: https://kb.vmware.com/s/article/89235?lang=en_US&source=email

• Windows 10 screen freeze when inactivity GPO is implemented on Horizon 7 agent machines (89256)
• The following is observed:
  • Horizon 7 is deployed
  • GPO that locks the screen after inactivity has been applied to Horizon agent machines
  • When the inactivity timeout is reached the screen freezes instead of displaying the lock screen
  • The screen resets when the mouse is moved
• This is due to a partial reset of the screen when the GPO inactivity timeout is reached
• This is resolved in Horizon 8.
• As a workaround on Horizon 7, set the following registry keys:
  HKLM\SOFTWARE\VMware, Inc.\VMware Blast\Config\PixelProviderGpuCompareCopy(REG_SSZ) = 0
  HKLM\SOFTWARE\VMware, Inc.\VMware Blast\Config\PixelProviderGpuSingleBufferCapture (REG_SSZ) = 0
• KB-Reference: https://kb.vmware.com/s/article/89256?lang=en_US&source=email

• UM-7538 Workspace ONE UEM Open Directory user attribute sync issue (89186)
• For customers utilizing an Open LDAP configuration, such as Oracle Directory, without Auto-Merge enabled it is possible for user attributes to not be updated on sync and reflect correctly within the Workspace ONE UEM Console.
• The Workspace ONE team has identified has a product issue in the user attributes sync flow when UEM is integrated with an open Directory such as Oracle. This article is intended to share knowledge of this known issue along with the workaround available to mitigate the issue until a resolution is made available.
• ObjectIdentifiers are used to map external users into the Workspace ONE UEM system, this ObjectIdentifier was not associating correctly from the filter used to sync users from Open Directory when Auto Merge was disabled.
• This issue will be resolved in an upcoming version of Workspace ONE UEM. Please subscribe to this KB for updates as we progress on resolution of this KB.
• To resolve this issue enable Auto-Merge configuration under Groups & Settings > All Settings > Enterprise Integration > Directory Services > Users Tab > Advanced. User attributes are expected to be updated during the next Directory auto sync; alternatively, a manual sync can also be triggered.
• KB-Reference: https://kb.vmware.com/s/article/89186?lang=en_US&source=email

• AAGNT-194623 – Work Managed enrollment fails if KNOX Container enabled (89008)
• In Organization Groups where KNOX Container enrollment is enabled for Android devices, Work Managed & COPE mode enrollment fails for Android 11+ devices. Affected users see an error dialog from Hub stating:
  “Because your device is running Android 10 (or a newer version), Android Enterprise is required for enrollment.”
  KNOX Container enrollment is managed via the Enable Container setting in the Workspace ONE UEM Console under Groups & Settings > All Settings > Devices & Users > Android > Intelligent Hub Settings.
• VMware is tracking this issue using identifier AAGNT-194623 and is actively working to resolve this issue.
• Disable Groups & Settings > All Settings > Devices & Users > Android > Intelligent Hub Settings > Enable Container. 
  Warning: Disabling this setting may cause Android (Legacy) devices enrolled using KNOX Container mode to become unusable.
• KB-Reference: https://kb.vmware.com/s/article/89008?lang=en_US&source=email

• [Resolved] AGGL-12272 Delay in Products Delivery for devices using Firebase Cloud Messaging (FCM) (89187)
• Products under Product Provisioning for Android devices using FCM are kept in a queued state unless the device is queried/synce
• Workspace ONE UEM 21.07 through WS1 UEM 22.03.17
• During a refactoring effort in Workspace ONE UEM 21.07, a bug was introduced that impeded the use of Firebase Cloud Messaging (FCM) as a way of communication with the device. (This is the default communication mechanism for Android devices.)
• The issue is already resolved in Workspace ONE UEM 22.03.18 and above.
• For Workspace ONE UEM version between 21.07 and 22.03.17, you could use AWCM Instead of FCM as the Push Notification Service.
  Please follow the steps below : 
  1) Make sure devices network is allowed to communicate with AWCM endpoint. (For more detail, please refer to VMware Ports and Protocols )
  2) Validate AWCM settings under Setting > System > Advanced > API > Site URLs
  3) Enable “Use AWCM Instead Of FCM As Push Notification Service”  under Settings > Devices &Users > Android > Intelligent Hub Settings 
  Note: Devices will still need to check in one time to pick up the new Notification Service change. The time taken varies based on the Heartbeat interval settings.
• KB-Reference: https://kb.vmware.com/s/article/89187?lang=en_US&source=email

• Horizon Client prompts for password even with Log in As Current User enabled (89209)
• Log in as current user (LACU) can be set on Horizon Client for Windows in multiple locations:
  In the UI under Options -> Log in as current user
  From the Command Prompt with the ‘logInAsCurrentUser’ option
  With the GPO, “Default value of the ‘Log in as current user’ checkbox”
  The corresponding setting must be enabled in Horizon Console with the “Accept logon as current user” setting which is set on each Connection Server.
  Continue reading in the KB for remediation steps when LACU is not working properly.
• KB-Reference: https://kb.vmware.com/s/article/89209?lang=en_US&source=email

• Highlighting High Priority KBs
• HW-160130 – Patch instructions to address CVE-2022-31656 – CVE-2022-31665 in Workspace ONE Access Appliance
  CVE-2022-31656, CVE-2022-31657, CVE-2022-31658, CVE-2022-31659, CVE-2022-31660, CVE-2022-31661, CVE-2022-31662, CVE-2022-31663, CVE-2022-31664, CVE-2022-31665 have been determined to impact Workspace ONE Access (VMware Identity Manager).
• VMware Tunnel Proxy End of Support Life Announcement (87345)
  VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023.
• VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
  Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).

• Recently updated or newly added KBs
  • Recommendations on upgrade path from Horizon 7.13.x to Horizon 8.x version (85517)
  • Location of Horizon (VDM) log files (1027744)
  • Log in as current user configured in a one-way domain trust fails to connect to Horizon Connection Server (2149519)
  • Workspace ONE UEM SaaS environments – Administrator Roles and Password Expiration Period Best Practice (2960356)
  • App Install Status not reporting correctly within WS1 (50122085)
  • Restore ADE (DEP) Device from iCloud Backup on WS1 (50103814)
  • Outlook for Android and iOS with SEG – Unmanaged device handling (79855)
  • Workspace ONE UEM – Device Friendly Name and Enrollment User hyperlinks are disabled on the Device Events page (88380)
  • Locating Workspace ONE license information in Customer Connect (2961361)
  • Self Upgrade an On-Premise Environment for WS1 (50102201)
  • How to use the WS1 Managed Hosting SaaS Upgrade Scheduler (2960929)
  • FCA-200997 – Workspace ONE UEM – Some pages do not load in UEM console when using a custom administrator role (87259)
  • Black screen when opening confidential emails in outlook using the blast protocol with Nvidia (85492)
  • Horizon desktop displays black screen until space bar pressed (83500)
  • MS Teams Optimization Feature Compatibility Matrix for Horizon 7 and Horizon 8 Recent Releases. (86475)

• Digital Workspace Techzone, Blog and YouTube Updates
  • A preview of Horizon sessions at VMware Explore 2022
  • Enjoy a full menu of digital employee experience content at VMware Explore 2022
  • New Whitepaper on Mobile Threat Defense Now Published
  • How VMware can Secure Mobile Endpoints with Threat Defense (MTD)
  • Why IT service desks should be investing in digital employee experience
  • How to improve employee engagement for your Horizon users with Workspace ONE Intelligent Hub
  • Load Balancing Unified Access Gateway for Horizon
  • Workspace ONE UEM sessions at VMware Explore 2022 you don’t want to miss

• Third Party Blog and Technology Updates
  • Mobile-Jon: Evaluating Microsoft Endpoint Manager vs. Workspace ONE UEM: 2022 Edition
  • Even Gooder: If You Can’t Bring Your Virtual Desktop To The Cloud, Bring Cloud To Your Virtual Desktop
  • Cloudflare: The mechanics of a sophisticated phishing scam and how we stopped it
  • Patrick Zoeller: Android Enterprise: Enrollment QR-Code Generation & Customisation – Digital Workspace

• Week 32 Software Updates

• Component: Workspace ONE Intelligent Hub for Android
• New Release: 22.07
• Changes:
  • Management of Android 13 is now supported
    • You can now enroll and manage Android 13 devices through Workspace ONE UEM. For more information on changes in Android 13, see Getting Ready for Android 13 (88379)
  • Hub can now Delegate Management Scopes to other Apps
    • Organizations can now delegate certain management capabilities previously held exclusively by Intelligent Hub to other Android applications. For more information, please see Using Android Delegated Scope Management through Custom Settings (89115).
  • Support for Google Conditional Access
  • New Source of Authentication switching
• Release Date: 08.08.22
• Release Notes

• Component: Workspace ONE Intelligent Hub for iOS
• New Release: 22.07
• Changes:
  • Improvements to the People Section of Hub
    • We are adding support for removing the 3-character limit for people search: People Search allows searching with just one or two characters instead of the usual 3-character search. This enables support for searching names in logographic languages like Chinese, Japanese, etc.
    • We are introducing support for Custom Attributes that shows in a user’s profile. These can be configured in the Workspace ONE Access in People details.
  • Improvements for Accessibility for VoiceOver and Larger Text
• Release Date: 08.08.22
• Release Notes

• Component: Workspace ONE UEM
• New Release: 21.2.0.40
• Changes:
  • CRSVC-31188: Entitlement service migration tool fails to connect to database on DB credential change.
• Release Date: 09.08.22
• Release Notes

• Component: Workspace ONE UEM
• New Release: 21.5.0.66
• Changes:
  • RUGG-11244: Table cleanup to free up identity column.
  • CRSVC-31187: Entitlement service migration tool fails to connect to database on DB credential change.
• Release Date: 09.08.22
• Release Notes

• Component: Workspace ONE UEM
• New Release: 21.9.0.41
• Changes:
  • MACOS-3268: Avoid sending the command to erase a macOS device to the user channel.
  • INTEL-41602: ZDT DB upgrade failed while deleting SP and type.
  • CRSVC-31186: Entitlement service migration tool fails to connect to database on DB credential change.
• Release Date: 09.08.22
• Release Notes

• Component: Workspace ONE UEM
• New Release: 21.11.0.43
• Changes:
  • CRSVC-31185: Entitlement service migration tool fails to connect to database on DB credential change.
  • RUGG-11267: Smart groups with OS version criteria not updating when a device updates OS version.
  • INTEL-41601: ZDT DB upgrade failed while deleting SP and type.
• Release Date: 09.08.22
• Release Notes

• Component: Workspace ONE UEM
• New Release: 22.3.0.19
• Changes:
  • CRSVC-31184: Entitlement service migration tool fails to connect to database on DB credential change.
  • INTEL-41600: ZDT DB upgrade failed while deleting SP and type.
  • MACOS-3278: Seed the Model information for new “M2” Macs.
  • FS-1423: Workflows are getting stuck at blocked and do not proceed.
  • CRSVC-30895: Unable to delete Certificate Authority.
• Release Date: 09.08.22
• Release Notes

Advertisement