I wanted to create a quick 2-min demo showing the Dell ThinOS bootup and login process to a Windows 365 Cloud PC .
The process is pretty quick and the experience is the same whether it’s Azure Virtual Desktop (AVD), VMware Horizon, Citrix Virtual Apps/Desktops, etc…
In this demo I pre-populate the users Azure AD credentials via Wyse Management Suite to speed up login and is an example of what you may use in a kiosk environment.
Wow! The past few weeks the Dell Cloud Client Workspace team and VDI teams have been busy launching a flurry of new updates! I wanted to share a quick run down of some of the key announcements just happening!
One of the options with Wyse Management Suite (WMS) cloud or on-prem is the ability to install a remote repository to host OS images or packages. This isn’t often required, especially with ThinOS, as the images and packages can be hosted centrally in WMS cloud or the main repository as part of your on-prem install. We also can host packages in WMS cloud for Windows 10 IoT & Dell Hybrid client.
In this case, the customer wanted to convert their existing home users who are using Windows 10 IoT based thin clients to Dell ThinOS thin clients using WMS cloud. In order to do this we needed a cloud hosted repository to host this ThinOS conversation image for all the Windows 10 IoT thin clients to download the ThinOS image from. We installed the WMS repository on a Windows Server 2019 VM in Azure and synced it with our WMS cloud portal.
I wanted to outlined the WMS repository installation and Azure virtual machine configuration below.
Review the WMS repository installation prerequisites here in the WMS admin guide in order to configure your Azure, or on-prem VM installation.
2. Download the latest WMS repository installation from the WMS downloads site here
3. Install the WMS repository following the below prompts;
4. NOTE: Once the installation finishes and you click ‘Launch’ it make take 1-2 minutes for the installation to finish, close and then launch the browser, so be patient while it finishes. The WMS repository service is starting and the web page will be unavailable until it starts. You can confirm the services started by looking here:
5. Once the web pages launches, you will be brought to the registration page. Once you are here you have a few options to configure:
The URL of your WMS server
Here we have the option to “Register to Public WMS Management Portal” or specify the FQDN of your on-prem WMS server. In my case, we are going to register to WMS cloud so we will select “Register to Public WMS Management Portal” & select “us1.wysemanagementsuite.com” (or eu1. if you’re using that tenant).
The second important item is the ‘WMS Repository URL“. This will be the URL the client that is downloading the image from will connect to. In my case, since we are using WMS cloud and doing this for remote home based users, we need to make sure that WMS Repository URL resolves externally to my server and is accessible over the Internet. By default, it lists the hostname of the server.
Here I selected “us1.wysemanagementsuite.com” & changed my WMS repository URL to an FQDN that maps to my Azure WMS repository VM: hostname.vditoolbox.com
6. Once you click ‘Register’, it will connect to your WMS management server and register successfully.
7. You can confirm it registered succussfully by looking on your WMS console under Portal Administration\File Repository:
8. At this point, your WMS repository is installed and successfully connected to your WMS portal!
9. From here, in my example I downloaded the Windows 10 IoT to ThinOS conversation image to my Azure repository and synced with my WMS portal. By default, ‘Automatic Replication’ is selected but you can also click ‘Sync Files’ or ‘Check-In’ to ensure the repository is synching & checking in successfully. If you’re doing a conversion as well, you can read more here.
10. The final step is to make sure your Azure VM is accessible externally. In my example, I used hostname.vditoolbox.com that has DNS record that resolves to the public IP address of my Azure VM. I’ve included an example of the lab setup I had during testing and yours will likely be different based on network, security groups, etc.. but wanted to give you an idea.
Troubleshooting:
We initially were receiving an error when pushing the conversion image but not a smaller package. The issue turned out to be an issue with the header and we think the the very long file name compared to that of other package files and it was getting blocked. When the thin client connected to download the image, the Azure Web Application firewall was blocking the connecting and the thin client displaying the following error:
WMS Repository Server is not available or required imaging files are missing. Trying again….Number of Retry = 1
We also saw the following error right before imaging started, followed by the one above:
When we looked at the WMS WDA logs we saw the following:
18/01/2023 13:26:37.376 E 5764 6 Unable to perform http request… 18/01/2023 13:26:37.392 E 5764 6 CCMConnectionData: BaseConnectionString: https://us1.wysemanagementsuite.com:443/Mac: “b0:4f:13:bf:08:f4″OwnerId: “50359860”WyseId: “wyse3826922988332208998″AuthCode: “****”UserAgentHeader: “Stratus /4.7.5.0 (WES 10.0.17763; en-US; Wyse 5470; Revision:14.6.2.13; cls:A)” 18/01/2023 13:26:37.392 I 5764 6 WebException returned ProtocolError – The remote server returned an error: (400) Bad Request.
The Azure administrator then looked at the Azure Web Application firewall logs and saw the following:
REQUEST-920-PROTOCOL-ENFORCEMENT.conf 920450 Restricted HTTP headers: The use of certain headers is restricted. HTTP header is restricted by policy (%{MATCHED_VAR}) Pattern match ^.*$; Within Tx:restricted_headers at REQUEST_HEADERS_NAMES. /wms-repo/image/os?filePath=ThinOS_2211_9.3.3099_WES_Conversion%5CThinOS_2211_9.3.3099_WES_Conversion%5CThinOS_2211_9.3.3099_WES_Conversion\u0026fileName=commandsXml.xml
Once the Azure admin relaxed this rule, the device was able to download the image immediately.
Deploying Azure Virtual Desktop (AVD) in a Kiosk configuration is a common question we get asked when using Dell Windows 10 IoT thin clients.
The idea is when the device boots, it will present only with an AVD login with no other options present on the desktop, start menu, etc… thus creating a locked down kiosk solution.
By default, this is the behavior with ThinOS & AVD since the device is natively locked down. An example of this is outlined in a previous post here.
We can also do the same thing with Dell Windows 10 IoT by using a great Dell utility included in IoT called EasySetup. You can configure this tool in the Wyse Management Suite console and just specify an AVD connections and remove any other options, icons, configuration, etc.. from the desktop of the thin client. These same steps can be used to configure any other VDI connections, i.e. Citrix, VMware, browser icons, etc..
You can configure by following the steps below;
Configure your Wyse Management Suite (WMS) group configuration to launch the AVD client as shown below.
In WMS, select the Group Configuration you want to edit, and select ‘WES’.
2. In the WES WMS configuration group, go to ‘Wyse EasySetup‘ and enable ‘Kiosk Mode‘. Under ‘Applications‘, section give the connection icon a name, i.e. AVD Desktop and under ‘Application Location‘, enter the path to the AVD client, i.e. C:\Program Files\Remote Desktop\msrdcw.exe
Configure any of the optional settings as desired.
3. Once complete with the settings, click ‘Save & Publish‘ at the top of the page to save settings.
4. Once the device boots up and downloads your updated WMS configuration, it will enable the Wyse EasySetup shell and the end result should be the following below.
Note: The File Base Write filter needs to be enabled in order for the Wyse EasySetup shell to be enabled and applied. If not, you will boot to the normal Windows desktop and not see the single icon as shown below.
5. By default, the ‘Wyse Easy Setup’ policy removes many configurations from the start menu so the user can’t access any settings. If you want to enable some specific Start Menu options, Control Panel settings, task bar settings, etc.. you can toggle many of these features on in the ‘Wyse Easy Setup’ policy.
For example, some of the settings you can enable are shown below. These settings are located the same ‘Kiosk Mode’ section shown above. To see more details of the available Wyse EasySetup configuration options search for the latest the WMS administration guide here.
I hope this helps provide some additional information about using the Wyse EasySetup utility to setup an Azure Virtual Desktop connection in Kiosk mode on Windows 10 IoT thin client.
Hope you found this helpful!
Additional Resources:
Prior article on installing the AVD client onto Windows 10 IoT here.
Wow!! The Dell VDI product team has been busy at work and released a bunch of new updates that I wanted to share!!
They released some great content around Microsoft Azure Virtual Desktop on Azure Stack HCI & some new design and implementation guides for Citrix & VMware.
You can access all this great content here or some direct links below – enjoy!!
The Dell Wyse team has recently launched support for Windows Virtual Desktop(WVD) on Dell Wyse ThinOS 9.1. This is big news as it allows us to use a non-Windows thin client endpoint to connect to your WVD environment! Microsoft posted a quick announcement about this as well here.
I’ve covered some details about the configuration below and you can access the official documentation here;
ThinOS 9.1 administrators guide here, release notes here, & 8.6 to 9.1 migration guide here
Note – If you are still on ThinOS 8.6 you can learn how to upgrade to 9.x here
The configuration for ThinOS & WVD is pretty straightforward with the only configuration needed is a Wyse Management Suite (WMS) policy to specify Windows Virtual Desktop under the broker setting which is shown below.
Note – by default, the WVD client package is pre-installed on 9.1 but incase it’s not or you’re looking for latest you can get from support.dell.com under drivers for your model, for example 5070, search for ‘wvd’.
In WMS, edit your ThinOS 9 policy and browse to ‘Advanced –> Broker Settings –> Windows Virtual Desktop Settings’ as shown below
2. Under the following section you just need to choose the appropriate WVD deployment model you are using. You will chose either the latest WVD ARM (Azure Resource Manager) based deployment model or the ‘classic’ WVD non ARM based deployment. In my testing, I am using the Azure portal ARM based deployment so I selected the (ARMv2) option. When you are done, click ‘Save & Publish’.
3. Also under, Broker Settings\Global Broker Settings set to – “Windows Virtual Desktop” on your policy as shown below:
4. Once the updated WMS policy is received by your device, you should see your new WVD setting reflected on your device as shown below
4. Once the devices reboots, you should be prompted with the Microsoft Azure AD login screen as shown below 5. At this point you are ready to login into WVD and access your VMs! 6. In this case I have access to a Windows 10 VM!
Hope you found this helpful!
Additional Resources:
If you are new to ThinOS 9.1, here is a quick video overview of some of it’s features.
Looking for more details on ThinOS 9.1? Check out the release notes here
ThinOS 9.1 release notes discussing WVD setup here & 8.6 vs 9.1 feature comparison here
Microsoft Teams Optimization is now available for Dell Wyse ThinOS 9 with the launch of the latest Citrix WorkSpace app 2006 for Linux. Users of ThinOS 9 can now download this latest Citrix WorkSpace app and get the benefits of Microsoft Teams Optimizations in a Citrix environment.
Unified Communications have always been a challenge in virtual desktop environments and the continued innovations in this area are much needed.
Citrix does a nice job of outlining the details of how the optimization works along with a quick video in this blog post.
Here are some additional details:
Download this latest Citrix WorkSpace App 2006 for ThinOS 9 here
Check out ThinOS 9 release notes for additional details here
In this post I will cover how to upload SSL certificates into Wyse Management Suite (WMS) and how to assign them to a specific group configuration/profile for ThinOS 8.x and 9.x.
The process is slightly different for ThinOS 8.x & ThinOS 9.x but I will cover both below.
How to upload SSL certificates for use by ThinOS 8.x:
1. In WMS, browse to “Apps & Data”:
2. Scroll down to “File Repository”:
3. Click “Add File” to upload Certificate:
4. Browse out to the Certificates you exported. You will need to do for each Certificate you exported.
5. Once you click upload it should show up under the ‘Apps & Data – Inventory File Repository”:
How to upload SSL certificates for use by ThinOS 9.x:
In your ThinOS 9 policy, browse to “Privacy & Security\Certificates”. Here you can turn on “Auto Install Certificates” and browse to the certificates you want to upload as shown below:
How to assign SSL Certificates to WMS configuration group/policy:
Once your certificates are imported into WMS, you then need to assign them to your ThinOS profile you are using under, “Groups & Configs” select the group you want to edit following steps below;
ThinOS 8.x: in the policy, browse to “Device Configuration\Security\General Settings”. Select “Auto-install Certificates” and your Certificate should show up in the list to select. Once you are done, click “Save & Publish”. The next time the device reboots, it will pick up the new Certificate.
ThinOS 9.x: in your policy, browse to “Privacy & Security\Certificates”. Here you can turn on “Auto Install Certificates” and browse to the certificates you want to upload as shown below:
This completes the process of uploading your SSL certificates to WMS and assigning them to a ThinOS policy.
For more assistance, check out Dell Community Forums (formally Dell TechCenter):
A common issue connecting to a VDI connection broker, i.e Citrix, VMware, etc.., from Dell Wyse ThinOS or any thin client, is an SSL certificate error. There are generally 2 reasons why.
the Root Certificate Authority certificate is not installed on the device
the Intermediate Certificate Authority certificate is also not installed on the device
Error: SSL Certificate Authority is Unknown
This is easily fixed by installing both the missing Root and likely the Intermediate certificate.
To do this, you can simply export from a browser, and then import on the device, generally through Wyse Management Suite (WMS) or even a USB key if you had to.
I will cover the 3 step process to fix this.
Export the required certificates from a browser
Upload into Wyse Management Suite
Assign the certificates to the device profile
Steps to export certificate from browser:
In this example, I used https://portal.vmware.com as an example to work with certificates but this would be your VMware Horizon server, Citrix Storefront site, Citrix Netscaler/ADC, Microsoft Azure MFA site, etc…
Click on the SSL padlock on your browser as shown below to bring up below window. Click on ‘Certificate (Valid)’ field.
3. This will bring up the certificate information:
4. Click on “Certification Path” tab bring up the following:
5. Select the top level certificate, in this case, “Sectigo (formally Comodo CA)”
6. This will bring up the Root certificate as shown below, “Comodo RSA Certification Authority”. This is the first certificate we want to export.
7. Click on the “Details” tab and select, “Copy to File”:
8. Take defaults and follow the wizard to export the certificate:
9. Once you export the top level Root Certificate, follow the same steps to export the Intermediate certificate. This Intermediate is chained, or trusted, by this top level Root Certificate so we need both certificates in this chain.
10. In the browser, select the Intermediate Certificate, “COMODO RSA Domain Validation Secure Server CA” and select “View Certificate”:
11. Select “Details” and “Copy to File” to export the certificate:
12. Follow wizard again to export the Intermediate Certificate:
13. You now have successfully exported both the top level Root Certificate, “Comodo RSA Certification Authority”, and the Intermediate Certificate, “COMODO RSA Domain Validation Secure Server CA”.
Once exported you need to upload them into your WMS server. It’s a simple process and the steps to upload the certifications are outlined here. Once complete, resume to step 15 below to assign the certificate(s) to your group configuration/profile.
15. Once certificates are imported into WMS, you then need to assign them to your ThinOS profile you are using under, “Groups & Configs” select the group you want to edit following steps below;
ThinOS 8.x: in the policy, browse to “Device Configuration\Security\General Settings”. Select “Auto-install Certificates” and your Certificate should show up in the list to select. Once you are done, click “Save & Publish”. The next time the device reboots, it will pick up the new Certificate.
ThinOS 9.x: in your policy, browse to “Privacy & Security\Certificates”. Here you can turn on “Auto Install Certificates” and browse to the certificates you want to upload as shown below:
This completes the process of exporting the SSL certs, uploading to WMS, and assigning them to your profile. This should resolve the issue of “SSL Certificate Authority is Unknown”.
For more assistance, check out Dell Community Forums (formally Dell TechCenter):
6. In this case I have access to a Windows 10 VM! 
VDI Toolbox 