
Time to upgrade Omnissa Horizon? I’ll walk you through it and hopefully you will feel more secure how to do it afterwards.
It’s important that you don’t upgrade your Horizon Agents or GPO’s before you have upgraded your connection servers. Many times, it’s not an issue if you upgrade the agents and GPO’s first, but it can be. And it’s better to be safe than sorry, right?
The first connection server we will start to upgrade is the one that’s the schema master for the current POD that we are going to upgrade.
If you have cloud pod architecture, upgrade one POD at the time is according to my experience the best approach.
But first we need to prepare our environment to be upgraded.
Introduction
Validated on
- This upgrade is performed on Horizon 2312.1 to version 2406
- Microsoft Windows Server 2022
Prerequisite
- Administration permissions to Horizon View (administration web GUI)
- Local administration rights to all Connection Servers
- Installation file for Omnissa Horizon Connection Server (You can find link below)
- Your license key for validation
- Permissions to replace admx files at your domain controller (recommended to replace the old admx files as soon as possible after upgrade are completed)
Good to know
- With this Horizon upgrade you need to validate your license key after you have upgraded, make sure that you have it before starting the upgrade procedure. You can find your license key at Omnissa Customer Connect
- If you have Cloud POD architecture, upgrade one POD at the time
- Don’t add the new GPOs until you have upgraded all connection servers
- Don’t upgrade the Horizon agent on your VDIs before you have upgraded your connection servers
- Don’t upgrade your enrollment servers before you have upgrade all of the connection servers in that POD
- You don’t need to reboot your connection server after the upgrade
Links
Preparations
It’s good to know if our ADAM database is working and don’t have any mismatches or other issues before we start our upgrade journey.
Backup
You don’t need a snapshot or backup of your server that are hosting the connection server service as you can’t role back to it anyway. Well, you can but it’s not recommended to do so. Not from Horizon and not from Microsoft either if you read through the documentation for LDAP.
What we need to make sure of is that we have a backup from Horizon.
Go to Horizon administration web GUI
In the left column under Settings click on Servers
In the middle top menu click on Connection Servers
Now you will see a table with your connection servers, look at the right in the column Backups. Here you can see when your last backup was made
If you don’t have a backup, it’s a good idea to make one now, you can make one on each connection server, the backup will be stored usually on the connection servers if you haven’t changed the location
Mark the connection server you want to create a backup for
Click on the button Backup Now
Detect replication issues
Local POD
What we want to do now is to see if the replication is working within our Local POD
Login to one of your connection servers trough RDP as administrator or use the account that have the needed permissions to administrate your connection servers
Search for CMD, right click on it and click on Run as administrator
-
Now, write the following command
repadmin.exe /showrepl localhost:389
What we want to look for here is “Last attempt”, and as you can see in my picture it was successful on all my connection servers
If you have replication issues first thing, we should do is to verify so replication is not disabled by writing the following command, output should be “Current DSA options: (none)” if replication is enabled
repadmin /options localhost:389
We can also try to force start the replication. You can see what connection server that are replicated with each other with the command above. Replace hvcs.example.com with your connection servers FQDN
repadmin.exe /replicate hvcs01.example.com:389 hvcs02.example.com:389 dc=vdi,dc=vmware,dc=int
Cloud POD
If you have a cloud POD architecture, you should also verify the replication on the Cloud POD
Login to one of your connection servers trough RDP as administrator or use the account that have the needed permissions to administrate your connection servers
Search for CMD, right click on it and click on Run as administrator
-
Now, write the following command
repadmin.exe /showrepl localhost:22389
What we want to look for here is “Last attempt”, and as you can see in my picture it was successful on all my connection servers
If you have replication issues first thing, we should do is to verify so replication is not disabled by writing the following command, output should be “Current DSA options: (none)” if replication is enabled
repadmin /options localhost:22389
We can also try to force start the replication. You can see what connection server that are replicated with each other with the command above. Replace hvcs.example.com with your connection servers FQDN
repadmin.exe /replicate hvcs01.example.com:22389 hvcs02.example.com:22389 dc=vdiglobal,dc=vmware,dc=int
Detect and resolving LDAP Entry Collisions, Schema Collisions, Schema Master Issue
It’s always good to check if you have any LDAP collisions before you upgrade Horizon. As I don’t have any LDAP entry collisions or LDAP schema collisions I didn’t need to resolve them.
-
We can start to see if it’s any LDAP entry collisions with this command
vdmadmin -X -collisions
If it did detect LDAP entry collisions, then you can resolve them with the following command
vdmadmin -X -collisions -resolve
Now let’s check if it’s any LDAP schema collisions
vdmadmin -X -schemacollisions
If you have any then resolve them with the following command
vdmadmin -X -schemacollisions -resolve
Disable
Set UAG in Quiesce Mode (optional)
If you are using UAGs you should put the UAG that are in 1:1 relationship with the connection server you’re going to upgrade in Quiesce Mode.
We don’t want users to get a bad experience as they will not be able to connect trough this UAG because the connection server is going to updating.
When the UAG is in Quiesce Mode, new users can’t connect trough this UAG but already established connection are not dropped. Established connection will be dropped when the user logs out.
Login to your UAGs administration web portal and select Configure Manually
Click on “wheel” in System Configuration under Advanced Settings
Scroll down and find “Quiesce Mode” and activate it
Scroll down some more and then click “Save”
Disable Connection Server
We also need to disable the connection server that we want to upgrade, you can still access it through the Horizon administration web portal.
Login to Horizon View administration web portal
In the left menu under Settings click on Servers
Then click on Connection Servers in the top menu
Mark the connection server you want to disable and then click on the button Disable
A popup will appear and ask if you’re sure that you want to disable the connection server, click OK
You can verify that the connection server has been disabled by looking under the column State
You can also do this by RDP in to one connection server in the POD and then open CMD and use the following command, remember to replace CONNECTION-SERVER-NAME with the name of the connection server you want to disable.
vdmadmin -Q -disable -server CONNECTION-SERVER-NAME
Upgrade
The last steps in the process can take a long time to finish, but just wait it’s not broken. The upgrade is waiting for all services to start again.
There is no need to reboot your connection server after you have upgraded it.
Click on the Horizon Connection Server installation file
-
An information window will appear, after you have read it click Next
You will get a pop-up that will ask if you want to install HTML access, if you want to install HTML access check the checkbox and then click OK. If you don’t want to install HTML access and if the checkbox is pre-checked. Uncheck it and click OK
Now you will see a window where you can see the installation path, click on Install to start the upgrade process
When everything is finished you will see the following window
Enable again
- I always wait until I can see in Horizon administration web GUI that the connection server is working fine before I do enable it again, you can enable the connection server again by following the same procedure that you did when you did disable it. But now click on Enable instead of Disable.
- After you have enabled the connection server again, disable Quiesce Mode on the UAG that are in a 1:1 relationship with the connection server.
Verify
Version
You can verify that your connection server has been upgraded. Go to Horizon administration web GUI and click on Servers in the left menu, then click on Connection Servers. In the column Version you can see what version your connection server has.

Health
In Horizon administration web GUI, you can check the health status on your connection servers. Remember that you need to refresh the page to be sure that you have the latest health status.
In the left side menu almost at the top you can see System Health. At the right of System Health, you can see if you have any health notifications, and if you have how many.
To get more information click on Dashboard that are located under Monitor
Here you can see an overview about your System Health, if you have any health notifications you will see them in the middle column. If you click on them, they will expand and show some more information.
If you click on VIEW, you will get an even better overview of your health status
At the top menu in the pop-up window click on Connection Server to see health status regarding your connection servers
Sometimes after you have upgraded a connection server it won’t flag as working in Horizon administration web GUI. If you have waited for more than 60 minutes, I recommend you restart that connection server, and it will flag as working again after that.
But you
Activate license
This is something new, I did get a banner that asked me to activate my Horizon license after the upgrade of the first connection server was finished. I have never needed to activate my license before when I have upgraded Horizon.

To activate your license, perform the following steps:
If you don’t have your license key, you can find it at Omnissa Customer Connect
In the left menu under Settings click on Product Licensing and Usage
In the middle of the window click on ACTIVATE, a dropdown menu will appear where you can select your license type
I do have Perpetual license, so the following picture are from that selection
Enter your license key and then the Validate button will be enabled, click on it
If everything is OK then a green check will show, check the checkbox and then click on Save. Now your license is activated. You only need to do this on one connection server on each POD
Perform on all connection servers
Re do all the step above for all your connection servers, if you have a cloud pod architecture continue with the next POD after you have finished this one.
Replace ADMX
Now when all the connection servers are upgrade you can replace the old ADMX files with the new ones in your central store.
You can download the ADMX bundle at the same place where you downloaded the installations file for Horizon Connection Server.
In file explorer, navigate to your central store. Usually, the path to the central store is the following
\\DOMANFQDN\SYSVOL\DOMAINFQDN\Policies\PolicyDefinitions\
Copy the new Horizon ADMX files to the central store and if a window pop-up and ask you if you want to replace the existing ones, Click Yes.
Next step
After you have upgraded all your connection servers it’s time to upgrade your enrollment servers as well. I have also made a guide for how to upgrade Horizon enrollment server.
Conclusion
In this guide I have walked your trough how to update your Horizon connection servers in a safe way and you have done it with zero downtime for the users. We have also made sure that everything was working before we started our upgrade journey.