Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
This article provides steps to recover VMware Horizon 8 without machine backups.Note: To recover VMware Horizon 8 with machine backups see Site Recovery with Machine Backups for Horizon 8 environment (76765).For more scenarios to recover see Recovery scenarios for Horizon 8 environment.
This procedure is to recreate an installation from database backups only. Note that several aspects of the configuration will be unavailable, including the Horizon 8 software license, credentials to access vCenter, Cloud Pod Architecture federation credentials, agent pairing credentials, security server pairing credentials, TrueSSO client credentials, and secondary administrative credentials for use in a one-way trust environment. All of these will need to be re-entered or recreated to regain functionality. Important: This is also applicable to Horizon 7 We recommend you migrate from Horizon 7 to Horizon 8 as soon as possible. Horizon 8 offers numerous improvements in performance, scale, and experience for both Administrators and end users. Please see Ensuring a successful migration from Horizon 7 to Horizon 8 (89840) for additional advice.
Prerequisites: If the lost site was part of a Cloud Pod Architecture federation, it is assumed that there are additional pods in the same federation at another site, so that the Global database can be replicated from them, or that an up-to-date Global AD LDS database backup is available.It is assumed that Active Directory servers are available & functioning with the same user accounts and groups that are encoded in the Horizon configuration databases. Without these, user entitlements and administrative roles will not work and will need to be recreated.It is assumed that ESXi servers are available with space to recreate the vCenter instance used by each Horizon cluster or pod. This is a summary of steps. For more information see Restoring Horizon Connection Server and View Composer Configuration Data. Recreate vCenter Install vCenter server following Overview of Backup and Restore options in vCenter Server 6.x (2149237). For restoration of the vCenter database, follow your database vendor's recommendations. Note: The ‘VMware Virtual Center Server’ service must be stopped before attempting database restoration. Steps Applicable to Horizon 7 only: Omit if on Horizon 8. Recreate Composer server Either integrate with vCenter or else create a suitable VM or provision a physical machine and install operating system and updates.Install Horizon 7 Composer following Install the View Composer Service. If you have a database backup, follow the recommended practice for restoring your database with third-party utilities, otherwise prepare a new database as described in the product guide referenced above. Stop the ‘VMware Horizon 7 Composer’ service.Update the Composer database: Copy composer_name.svi from backup to the local file system.Open a command prompt and navigate to the Composer installation directory.Import Composer data: sviconfig -operation=importdata -DsnName=DSN -Username=db_admin_username -Password=db_admin_password -InputFilePath=path\composer_name.svi Restore the RSA key container: Copy the keys.xml file from backup to the local file system.Open a command prompt and navigate to %windir%\Microsoft.NET\Framework\v2.0xxxxxImport the RSA key pair: aspnet_regiis -pi "SviKeyContainer" "path\keys.xml" -exp where path is the path to the exported file. Install an Event Database following Configuring Event Reporting. [Applicable if previously in place] Add the first Connection Server Create a suitable VM or provision a physical machine. Install operating system and updates.Install Connection Server.Logon with an AD account with Horizon Administrator privileges.Stop the Windows service ‘VMware Horizon Connection Server’.Copy the Local AD LDS LDIF file from backup to the local file system and proceed as follows: If the backup file is encrypted (this is normal), then open a command prompt and decrypt it using, vdmimport -d -p password -f VDMConfig.LDF > decrypted.LDF Note: If you do not remember the data recovery password, run this command without the -p option. The utility displays the password reminder and prompts you to enter the password. If the file cannot be decrypted, please note this password is not retrievable. Import the decrypted file to restore the Local configuration using, vdmimport -f decrypted.LDF If you have backups of a trust store file or locked.properties file for this machine, copy it or them to, install_path\VMware\VMware View\Server\sslgateway\conf Open a command prompt and remove all other Connection Server and security server instances from the Local AD LDS database: vdmadmin -S -r -s server TrueSSO only: Remove enrolment server and connector definitions using, vdmUtil --authAs admin_user --authDomain admin_domain--authPassword admin_password --truesso --connector--delete --domain connector_domainvdmUtil --authAs admin_user --authDomain admin_domain--authPassword admin_password --truesso --environment--remove --enrollmentServer server_fqdn Delete all connector definitions before trying to remove enrollment server entries. CPA only: Reset the Cloud Pod Architecture state If other pods in the federation are accessible, follow this procedure to prepare for rejoining the federation: Use ADSI Edit to connect to localhost:389 with DN dc=vdi,dc=vmware,dc=int and check the pae-LinkedModeEnabled attribute on these RDNs: cn=common,ou=global,ou=lmv,ou=propertiescn=this_connection_server,ou=server,ou=lmv,ou=properties For each RDN, set the attribute value to 0. Uninstall Horizon 8 Connection Server, leaving AD LDS in place.Install Connection Server once more, agreeing to use the existing AD LDS instance.Log in to Horizon Console and re-enter the software license and vCenter credentials.CPA only: Recreate the Cloud Pod Architecture federation Follow only one of the next two steps. If other operational pods are accessible, skip to the next step. If no operational pods are available, continue this step to recreate the federation using Horizon Console: Select Horizon 8 Configuration > Cloud Pod Federation and Click the "Initialize" option to recreate the CPA federation.Logon with an AD account with Horizon Administrator privileges.Stop the Windows service ‘VMware Horizon Connection Server’.Copy the Global AD LDS database backup file from backup to the local file system.If the backup file is encrypted (this is normal), then open a command prompt and decrypt it using, vdmimport -d -p password -f VDMGlobalConfig.LDF > decrypted.LDFNote: If you do not remember the data recovery password, run this command without the -p option. The utility displays the password reminder and prompts you to enter the password. Import the decrypted file to restore the Global configuration using, vdmimport -g -f decrypted.LDF Start the Windows service ‘VMware Horizon Connection Server’. After this, additional pods can join the federation. CPA only: Rejoin the Cloud Pod Architecture federation If you have followed the previous step, skip this step. If other operational pods are accessible, rejoin this pod to the federation using Horizon Console: Select Horizon 7 Configuration > Cloud Pod Federation and Click the "Join" option to rejoin the CPA federation. Steps Applicable to Horizon 7 only: Omit if on Horizon 8. Restart Composer instances If the environment includes Composer, instances will have been installed and services stopped in previous steps. On each Composer instance, start the ‘VMware Horizon 7 Composer’ service now. Add further Connection Server instances and security servers Create a suitable VM or provision a physical machine as required.Install operating system and updates.Install Connection Server replica or security server.If there are backups of locked.properties files or trust store files, restore these as needed: Stop the Windows service ‘VMware Horizon Security Gateway Component’.Copy backed-up files to install_path\VMware\VMware View\Server\sslgateway\conf.Start the Windows service ‘VMware Horizon Security Gateway Component’. Add Enrollment Servers If you have TrueSSO, restore Microsoft Certificate Services servers, and then for each Enrollment Server: Create a suitable VM or provision a physical machine as required.Install operating system and updates.Install and configure Enrollment Server following Install and Set Up an Enrollment Server and the four topics that follow. Reconciliation After a restore of the Local AD LDS database, missing desktops may appear in Horizon Console if the following actions are taken after the backup but before a restore: An administrator deleted pools/desktops.A desktop pool was recomposed resulting in the removal of un-assigned desktops (spare virtual machines).Missing desktops/pools can be manually removed from the Horizon Console.Some automated desktops may become disassociated from their pools as a result of creating a pool between the time the backup took place and restore time. Horizon Administrators may be able to return them to use by cloning the linked clone desktop as a full clone desktop through vCenter Server, creating it as an Individual Desktop in Horizon Console and assigning such desktops to a specific user. After restoring vCenter Server, remove orphaned virtual machines pertaining to View Server Pools using the VMware Infrastructure Client. If orphaned virtual machines and templates appear as disconnected in VMware Infrastructure Client, restart the VirtualCenter Server service. Disconnected virtual machines may appear with the erroneous status of READY in Horizon Console.Contact VMware Support for instructions for removing orphaned sources and replicas under VMwareViewComposerReplicaFolder after a database restore. Some orphaned replicas and sources may be cleaned up automatically by Horizon Composer. Finding and removing unused replica virtual machines in the VMware Horizon View can assist with cleanup. Verification Verify that the new environment is functional and review the steps of this procedure once more if you encounter problems. For further help, contact support by following this link: https://www.vmware.com/support/file-sr.html.