Generally speaking the App Volumes Manager and Agent install process is ridiculously simple. A series of Next, Next, Next, Next, Finish for the most part. The big difference that’s in the documentation but hasn’t been covered much for App Volumes 2.12 is the Certificate Validation feature. If you upgrade the App Volumes Manager and go with the defaults, all communication between the App Volumes Manager and Agents is over HTTPS (SSL). This probably sounds like no big deal, unfortunately it is.
Let’s go with App Volumes Agent Install Trouble for $100 Alex!
If you go with the defaults on the App Volumes agent install and haven’t fully read through the documentation you’re in for a headache. Just installing the App Volumes Agent with Certificate Validation enabled will cause errors and massive delays on login on your base image if you haven’t done all the prerequisite steps on the App Volumes Manager. This being a new feature you would think a bit more forewarning would have come from VMware. To be fair though it is in the release notes and in the documentation.
What is App Volumes Certificate Validation?
So what is this Certificate Validation you speak of? Well it’s actually a pretty cool new feature that allows you to add your own certificates to App Volumes communication between the Manager and Agents. You can use self-signed or CA-signed certificates to encrypt that traffic now. You can now also use SSL to secure the SQL and vCenter server connections as well which is good news. The process to add a certificate to the App Volumes Manager isn’t all that difficult to be honest. Generate your certificate for the App Volumes Manager server, edit a conf file and make sure the certificate can be trusted on your base image.
It’s really pretty easy unless you’re just not ready for it. Certificates can be complicated and even more so if you don’t have an internal CA (Certificate Authority) already. Certainly, if you have the option, I recommend going through the steps to add CA-signed certificates to the components in your environment. In the event that you can’t though please follow along and I’ll hopefully save you a few headaches while updating to App Volumes 2.12.
App Volumes 2.12 Agent Install Process
I mentioned earlier the process is really simple typically. I usually break the MSI installer out of the zip file separately and stage it on my base image since it’s pretty small by itself. It’s located in the “\Installation\Agent” folder on the ISO with the name “App Volumes Agent.msi”. It’s about 10MB versus having to stage the entire ISO which is around 420MB. The only drawback is you have to run it from an elevated Command Prompt to install, but that’s no big deal.
So let’s run the installer!
Click Next.
Tick I Accept… and hit Next again.
Type in your App Volumes Manager server FQDN and leave the port the default 443. Now here’s the important bit. Put a check into “Disable Certificate Validation with App Volumes Manager” If you don’t do this, let the headaches begin. I’ll explain more below.
Click Install and wait.
From here you can view the log or just click Finish.
You’ll of course have to restart so click Yes.
When you log back into your base image don’t be alarmed. You will be greeted with a fun new error message from the App Volumes agent telling you it can’t connect to the App Volumes Manager. This is expected behavior as far as I can tell. My base image isn’t domain joined and I’m logged in under the local administrator so that may have something to do with it. I tested a pool immediately after install of the agent and it worked fine with no errors. I found the Agent is actually connecting to the App Volumes Manager just fine but it appears if you’re not in a Horizon View session it seems to throw the above error message.
All in all it’s a single checkbox difference if you have not done the self-signed or CA-signed certificate deployment for App Volumes Manager and the Agent.
What happens if I don’t check the box?
So what does happen if I don’t check that box and I don’t have certificates setup on my App Volumes Manager?
After you click Finish and Reboot your base image be prepared to wait. It will sit at “Please wait for svservice” for several minutes until it times out. After it passed this screen it went to a completely black screen for another few minutes before I got the desktop.
You will also get this error message after it finally gets to the desktop. Now I read through the documentation and hit the checkbox the first time but I was curious what would happen if I didn’t. I went ahead and tested this on a pool to see what it does. So I took my snap and recomposed the pool. I tested this on Cisco UCS blades and Nimble All Flash array, so it’s a pretty fast environment. I connected to the pool using the Horizon View Client and just getting to the desktop went from ~20 seconds to almost 6 minutes.
When I finally got to the desktop I got this error message multiple times on screen. I tested with and without AppStacks attached and got the same result both times. The AppStacks of course did not attach at all. The event log had a bunch of svservice errors saying it was unable to connect as well.
To sum this up, I definitely recommend using the CA-signed certificates on App Volumes Manager and making sure your base image will trust them. However, if you can’t do that, then just check the box as described above and save yourself some trouble.
More information in regards to this issue and work around can be found below
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2148178