Week 03-2023 VMware Enduser Computing Updates

Important KB Articles and Release Updates

Please note: KBs may get updated after being referenced here. Please always follow the link to the original post in kb.vmware.com

VMware Cloud Services Status for Workspace ONE Subscriptions (90633)

• As of December 2020, new Workspace ONE SaaS subscriptions come with access to a new platform called VMware Cloud Services (console.cloud.vmware.com). An onboarding invite will be sent out for these subscriptions, with instructions on how to onboard and access your Workspace ONE services through this platform. Once you redeem the invite, your services will then be active. 

Workspace ONE Web – Issue loading websites with improper cookie handling (90619)

• Workspace ONE Web is based on Android’s System WebView component which in turn is based on Chromium, the open source project that powers Google’s Chrome browser. Chromium introduced changes to the handling of third-party cookies to provide more security and privacy and offer users more transparency and control. These changes were included in Android System WebView version 89.0.4385.0+.

Discrepancy in Encryption Status for certain Workspace ONE UEM managed Windows Devices (90631)

• Certain Windows Devices are reported as Not Encrypted on Device Details page even though they are fully encrypted.
• Upon checking Hub and DeviceServices (DS) logs, noticing Workspace ONE Intelligent hub is only sending older version of DiskEncryptionSamples (DiskEncryptionV2).
• Workspace ONE UEM 2101+ and Workspace ONE Intelligent Hub 2101+
• From Workspace ONE UEM 2101 (Workspace ONE Intelligent Hub 2101), we have introduced a new sample (DiskEncryptionV3) for enhanced support on Bitlocker Encryption and Sampling.
  There was a known issue when using newer Workspace ONE Intelligent Hub (2101 and above) with older Workspace ONE UEM console (2011 and earlier versions), console could not handle the new samples properly resulting in Encryption Profile installation failure. You were advised at that time to manually disable the BitlockerEnhancementMode feature on the device to improve compatibility for UEM console that is below 2011.
  However, turning the feature off after device already sends the new sample to console could lead to device stuck at “Not Encrypted” state.
• For currently supported Hub and UEM versions, BitlockerEnhancementMode (HKEY_LOCAL_MACHINE\SOFTWARE\AIRWATCH\Feature, BitlockerEnhancementMode) is by default enabled. We recommend not modifying the feature toggle and keep it on (true) on your devices.

AMST-37302 – Compromised status change for Mac Devices are flooding Event Logs table (90065)

• Upon upgrading to Workspace ONE UEM 2203/2206, your environment may exhibit one or all of the following symptoms:
  • MacOS Compromised Status events are flooding the event logs in the UEM console (Monitor > Reports and Analytics > Events > Device Events).
• This causes event log table/data to balloon up in size.
• This can cause a number of performance issues with components that use the event log / data tables.
• This issue is addressed through cumulative patch:
  • Workspace ONE UEM 2206 (22.6.0.11 or higher)
  • Workspace ONE UEM 2203 (22.3.0.31 or higher)
• These patches are now available for all customers through the myWorkspace ONE Resources Portal. In addition, the Workspace ONE UEM 2206 installer is now available for consumption for On-premise environments.

---

• Highlighting High Priority KBs
  • [Action Needed] – Refresh Old Android Enrollment QR Codes
    VMware is making changes to enhance the security posture of cloud-based endpoints related to this enrollment method on March 1st, 2023. As a result of this change enrollment using some older QR codes may fail. As a resolution, new QR codes will need to be generated as replacements for affected QR codes.
  • VMware Tunnel Proxy End of Support Life Announcement (87345)
    VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023.
  • VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
    Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
  • Support Access Policies for Customers with Expired SaaS EUC Licenses (89494)
    In alignment with VMware’s Corporate Standards and those of the industry as a whole, VMware customers who have purchased SaaS (Software-as-a-Service) licenses for EUC (End-User Computing) products can expect the behavior outlined in the KB regarding Support access when their subscription has a status of Active Pending Cancellation or Expired/Cancelled.

• Security Related KBs
  • HW-137959: VMSA-2021-0016 for Workspace ONE Access, VMware Identity Manager (CVE-2021-22002, CVE-2021-22003) (85254)
  • HW-150533: VMSA-2021-0028, VMSA-2021-0030 for Workspace ONE Access Appliance (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056, CVE-2021-22057) (87183)
  • HW-150543: VMSA-2021-0028 for Workspace ONE and VMware Identity Manager Connector (CVE-2021-44228, CVE-2021-45046) (87184)
  • HW-150541: VMSA-2021-0028, VMSA-2021-0030 for VMware Identity Manager (CVE-2021-44228, CVE-2021-45046, CVE-2021-22056) (87185)
  • HW-146724: Users maybe be unable to authenticate on Workspace ONE Access with Active Directory over IWA and STARTTLS option (85921)

---

• Recently updated or newly added KBs
  • Update or upgrade VMware Horizon for Windows 10 and Windows 11 operating systems (2148176)
  • Access Denied error seen when logging in to Horizon while using UAG and RADIUS authentication (87337)
  • VMware Horizon 7 version 7.13 Support Plan (81189)
  • Supported Guest Operating Systems for Horizon Agent, Remote Experience, and Persona Management (2150295)
  • Antivirus executable exclusion list for VMware Horizon (2082045)
  • Information on Horizon 8 Extended Service Branch (ESB) (86477)
  • Windows 10 “Night light” has no effect on sessions connected through Horizon View (76950)
  • Connecting to VMware Horizon View desktops with a Horizon Client fails with the error: “An SSL error Occurred” (78372)
  • Email Sync in Workspace ONE Boxer stops working intermittently on Samsung and Pixel devices with Android 13 (90201)
  • End user connection fails when WorkspaceONE only mode used for Horizon (89006)
  • HTTP error 500 when attempting to launch Horizon Desktops or Applications (88281)
  • Root password reset issue on VMware Identity Manager (83109)
  • End-User Computing (EUC) Pricing and Packaging Update (88855)
  • Supported Windows 10 and Windows 11 Guest Operating Systems for Horizon Agent and Remote Experience, for VMware Horizon 8.x (2006 and Later) (78714)
  • Olympus Foot Pedal keyboard media keys do not work in a RDSH application session with the Linux client (79053)
  • Reinstalling Horizon View Connection Server with a Backup Configuration (2036145)
  • Using the vdmadmin command to exclude or include a domain on a search list for View Administrator or Security Server (2006292)
  • Horizon 7 : “View Composer Active Directory Authentication Error” (1000637)
  • VMware Horizon View Connection server replication fails with the error: Insufficient attributes were given to create an object (2091974)
  • Recovering the parent virtual machine and snapshot from a replica using an existing linked clone (2081782)
  • VMware Horizon Administrator Console or Dashboard Fails to load with java.net.BindException: Address already in use: JVM_Bind (2078101)
  • After disconnecting from a VMware Horizon View Desktop session, a new desktop is assigned on reconnection (2064627)
  • Troubleshooting Smartcard Reader redirection issues in Horizon View (2015494)
  • The View virtual machine is not accessible and the View Administration console shows the virtual machine status as Already Used (1000590)
  • Troubleshooting recomposing and refreshing VMware Horizon Linked Clone pools (1030698)
  • Troubleshooting issues with Single Sign On in a VMware Horizon environment (1029391)
  • VMware Horizon Composer installation success or error status 1603 | VMware error 1603 (1026513)
  • Forcing replication between ADAM databases (1021805)
  • VMware Horizon View Best Practices (1020305)
  • Connecting to a VDI desktop with PCoIP displays a black screen and disconnects after 10 seconds (1016633)
  • VMware Horizon View 7 Composer help center (2087379)
  • Recomposing a desktop in Horizon 7 View fails with the error: “Could not find VC object of type VirtualMachine, and id ( please check the Parent VM/snapshot or its replica)! (2040604)
  • VMware Horizon View 7 Administrator dashboard is slow to respond (2131155)
  • Unable to connect to VMware Horizon desktops using PCoIP (1028719)
  • Configuring the PCoIP Secure Gateway in VMware Horizon View (1036208)
  • Linux VDI desktop does not support certain keyboard layout settings from Horizon View clients Input Synchronization (90258)
  • Workspace ONE Boxer Standalone Enrollment Configuration and Limitations (2960462)
  • VMware Cloud Services Status for Workspace ONE Subscriptions (90633)
  • Build numbers and versions of VMware Horizon Connection Server (2143853)
  • VC_FAULT_FATAL:A general system error occurred: VM exceeds maximum supported disk size per VM Instant Clone Creation Error (70950)
  • Fail to recompose or provision due to stale VDI entries in the View ADAM database (57845)
  • Publish image fails on vSAN datastore for Instant Clone when parent VM is enabled for VM encryption (78202)
  • Unable to access an individual VMware Horizon Virtual desktop (1030690)
  • Enabling sound for the Remote Desktop Protocol (RDP) in a Windows virtual machine (1004839)
  • Provision of linked clone virtual machines fails with error: ‘Fail to connect to the UFA service’ (52772)
  • Upgrading connection server fails with error code 28018 and error message: AD LDS Setup was cancelled (80464)
  • USB Attached SCSI (UAS) USB 3.0 devices do not work in session on MacOS 10.15.x and later (81882)
  • URL Content Redirection does not work for non-browser apps on VMware Horizon Mac clients systems running earlier editions of macOS 11 & macOS 12 (85733)
  • Scroll Wheel does not work on a VDI desktop connecting with Horizon Client 5.5 and higher (85363)
  • Horizon Client: URL Contents Redirection filtering rule with “.hostname” does not work (83077)
  • PCoIP connections to VMware Horizon 7 & 8 desktops with multiple network adapters fail (2062604)
  • Windows 10 Guest OS support FAQ for Horizon 7.13 (51663)
  • The gnome keyring stops functioning on RHEL 8 Linux Desktops with Horizon 2106. (85722)
  • Recovery scenarios for Horizon 8 environment (70906)
  • Site Recovery without Machine Backups for Horizon 8 environment (76770)
  • Site Recovery with Machine Backups for Horizon 8 environment (76765)
  • Keyboard input is repeated unexpectedly on Horizon virtual desktop or hosted application (59631)
  • Geolocation Redirection doesn’t work in Horizon VDIs with Sophos in cloud in the infrastructure (76135)
  • Disk encryption fails on vSAN datastore for Full Clone when parent VM is enabled for VM encryption (76445)
  • Certain Smartcards do not function due to an incompatibility with newer windows crypto modules in Horizon 8.4 and later (90634)
  • Renew Kubernetes cluster certificates on Horizon cloud connector (90505)
  • Discrepancy in Encryption Status for certain Workspace ONE UEM managed Windows Devices (90631)
  • Known Issues with Smartcard Authentication and Horizon View (90349)
  • AMST-37302 – Compromised status change for Mac Devices are flooding Event Logs table (90065)
  • Snapshot vmdk files of the parent image used to publish Instant clone pools, are still present in the datastore even after the snapshots are deleted from the vCenter UI. (79869)
  • VMware Session Monitor fails to Start due to Windows not successfully loading the Driver (90648)
  • Slow Responses for some Graphical User Interface (GUI) visual effects with 3D Software Renderer (90647)
  • VMware Logon Monitor service is stopped by default after View Agent installation (57051)
  • Horizon environment trigger “Update option values” tasks every 5 minutes in vCenter Web Client Recent Tasks (56982)
  • Provisioning VMware Horizon View desktops fails with error: View Composer Agent initialization error (16): Failed to activate software license (1026556)
  • Continuous reconfigure virtual machine tasks going on repeatedly in vCenter after every 1 minute (52981)
  • Disabling ThinPrint default printer redirection for Horizon View Clients. (2012770)
  • AMD Graphics Driver (AMD HD 8400) crashes when set beyond its supported maximum (2560×1600) (78244)
  • Internet Explorer for Windows Server 2019 automatically closes on first launch (78288)
  • Horizon DAAS Appliance deployment failure due to invalid IPV6 address conversion from the prefix-based MAC address (67120)

---

• Digital Workspace Techzone, Blog and YouTube Updates
  • Drop Ship Provisioning (Online): Workspace ONE Operational Tutorial
  • Create a ready-to-work experience on first boot with Workspace ONE Drop Ship Provisioning Online
  • With VMware Retail Solutions™ retailers can extend point of sale lifecycle and enable digital transformation
  • Apps on Demand: The published apps game changer is finally here!
  • VMware Horizon 8 2212 release brings new efficiencies to Horizon
  • 2023 resolution: Strengthen your workspace security posture

---

• Third Party Blog and Technology Updates
  • Simon Elberts: Windows 11 ARM on VMware Fusion 13 – Enrolling & Troubleshooting
  • Mobile-Jon: Workspace ONE Login Risk Score: The REAL Starting Point of Zero Trust

---

• Week 32 Software Updates

• Component: Workspace ONE Intelligent Hub for Android
• New Release: 23.01
• Changes:
  • Enhanced Prompt to Meet Device/Work Profile Passcode Requirements
    • When the Device and/or Work Profile passcodes are not compliant with the organization’s requirements, Intelligent Hub shows a screen prompting end users to update these. This screen has been enhanced to better explain the order in which passcodes should be set in cases where separate Device and Work Profile passcodes are required.
  • Prompt for Users to Enable Google Location Accuracy
    • When administrators enable location data collection from Workspace ONE UEM, Intelligent Hub requests that end users enable any required, missing location permissions. With Intelligent Hub 23.01, Workspace ONE UEM will also request that end users enable Google Location Accuracy. Enabling Google Location Accuracy allows Workspace ONE UEM to more reliably sample location data from Android by expanding the location data sources to include cellular and WiFi networks.
  • Enhanced failure scenarios for Hub Check Out flow
    • Hub’s checkout flow now handles failure scenarios more gracefully by providing more information to the end user about what is happening and ability for the end user to take corrective actions in case of a failure.
• Release Date: 19.01.2023 (staged)
• Release Notes

• Component: Workspace ONE UEM
• New Release: OS Updates Seed Script
• Changes:
  • Most recent update: macOS Big Sur 11.7.2 (20G1020)
• Release Date: CW01
• Release Notes

• Component: Workspace ONE UEM
• New Release: Seed Script for latest Device Model Information
• Changes:
  • Seed new ipad pro models for 2022 … iPad Pro 11″ 4th gen iPad Pro 12.9″ 6th gen
• Release Date: CW01
• Release Notes

• Component: Workspace ONE UEM
• New Release: 21.9.0.47
• Changes:
  • AMST-37313: Device Identifier and UDID mismatch for any reason should not unenroll device.
  • AAPP-14928: Cannot enable Device Assignment for certain VPP applications.
• Release Date: 22.11.22
• Release Notes

• Component: Workspace ONE UEM
• New Release: 21.11.0.56
• Changes:
  • FCA-204432: Report name is randomized while downloading legacy reports.
• Release Date: Week03-23
• Release Notes

• Component: Workspace ONE UEM
• New Release: 22.3.0.38
• Changes:
  • FS-2453: FS-1887 changes did not make it to Astro Air
• Release Date: Week03-23
• Release Notes

• Component: Workspace ONE UEM
• New Release: 22.6.0.22
• Changes:
  • CRSVC-34055: Certificate revocation not working for OpenTrust.
  • FCA-204551: Unable to edit Device Asset Number.
  • FCA-204433: Report name is randomized while downloading legacy reports.
• Release Date: Week03-23
• Release Notes

• Component: Workspace ONE UEM
• New Release: 22.9.0.12
• Changes:
  • AAPP-15129: App details are not getting pre-filled when uploading internal app in UEM 22.09 or above.
  • CRSVC-34056: DB Installer script for 2209.9 fails on SQL Server Standard Edition.
• Release Date: 10.01.23
• Release Notes

Advertisement