vfuse: How to solve “Error: VMware Fusion.app is not running”

I have been recently building some new VMs for Catalina for testing, and I was having the below error:

Error: VMware Fusion.app is not running

This was frustrating the hell out of me, as Fusion was 100% running, so I uninstalled vfuse, reinstalled it from homebrew so I knew I had the right version (2.2.6). I’m running Fusion Pro 11.5.6, I could not work out WTF was going on.

I then went to the vfuse source code (as you do) to see how the script determines the Fusion application path.

The lines we need start at 342 https://github.com/chilcote/vfuse/blob/master/pkgroot/usr/local/vfuse/bin/vfuse#L342 and end at 362.

I extracted the, note that “subprocess” is used so we need to import that.

I ran it with python3, and we see whats going on!

[[FACEPALM]]. I have the VMware Fusion Tech Preview installed!! I don’t run the tech preview day to day, and I had forgotten I even had it installed.

SO… close Fusion and launch Fusion Tech Preview (can’t use both together) and re-run the command (S/N redacted).

$ sudo vfuse -i osx_custom_200908-10.15.6-19G2021.apfs.dmg -n "Catalina 10.15.6" -s <<XXXXXXXXXX>> --hw-model "MacBookPro8,2" --snapshot --snapshot-name "Pre-Boot"


One good exercise here is vfuse 2.2.6, with AutoDMG v1.10b587 and VMware Fusion version “e.x.p” as of 8th September 2020, all work great!

Many thanks to all the contributors of vfuse https://github.com/chilcote/vfuse for making our lives easier!

P.S – if you’re looking to create VMs for Fusion, you can look at the following links:

Quick tip with AutoDMG on Catalina, once you’ve grabbed the installer from the App Store/Software Updates on macOS, copy it over to some external media before you drag it into AutoDMG, and save yourself some time! https://github.com/MagerValp/AutoDMG/wiki/FAQ

Set all Horizon Client’s to Auto-Connect, or not without user involvement

** DISCLAIMER **This is not intended for use on a production platform, VMware does not recommend amending or touching the View ADAM database manually. You will not receive support if anything fails after amending this. This blog is a learning exercise only.

At VMware, I’m responsible for looking after the whole Workspace ONE and Horizon suite (our Digital Workspace/End User Computing solutions). Most of my work is supporting the Unified Endpoint Management (UEM) and Access solutions, but more recently I’ve been assisting with some Horizon questions.

With that, I was presented an interesting question. How can we set all existing Horizon clients to not automatically connect to a desktop pool? In cases where only 1 pool is assigned, or reset any users who have set this option manually.

Never fear, there is a way! With our good friend PowerShell we can go in and make changes to the View ADAM Database which is within ADSI.

Continue reading “Set all Horizon Client’s to Auto-Connect, or not without user involvement”

Intel NUC from 32 to 64GB RAM!

Since the start of the the year I’ve been mulling over what upgrades to my Home Lab are in order. I’m doing a lot more VMware Horizon learning/testing and I’m prepping to take VCP-DCV, so I needed some capacity to make some cool things happen.

I was planning on buying a new NUC to get some extra capacity, but I decided to invest in a RAM upgrade instead. Considerably less cost outlay, less extra initial power consumption and theres a good possibly this extra headroom will be enough.

I’m going to do another post on my home lab setup, but for today I went successfully from 32 to 64GB RAM in my NUC7I7DNHE primary node.

Continue reading “Intel NUC from 32 to 64GB RAM!”

macOS Custom Enrolment with Workspace ONE, Okta and more

Post first appeared on the EUCSE.com blog at https://blog.eucse.com/macos-custom-enrolment-workspace-one-okta/

WWDC 2019 brought with it a whole host of new enterprise features for Apple’s OS’s, including macOS 10.15 Catalina. One of the most importnat in my opinion is called ‘Enrolment Customisation’. This is essentially a page during the DEP process where an MDM can present any web content. In our case, this was a perfect place to put a SAML authentication page.

We released our support for this feature in Workspace ONE UEM 1909 (our Sept 2019 release). All Workspace ONE UEM release notes can be found here. 

Personally, this is something which I’ve seen holding up a more broad rollout of DEP across enterprise customers. Mainly for one, MFA is leveraged in many organisations today and the existing DEP authentication relied on an LDAP connection, meaning Username / Password only.

Also, any organisation who are leveraging Smart Cards or certificates for authentication require the use of a Single Factor Token which can be generated from the UEM Self Service Portal. The UX downside to this was the Token needed to be input in the username AND password box, a slightly confusing process for many colleagues.

So, now Apple has delivered us this feature and VMware has released the to code to on-premise and SaaS customers, let’s have a look at how to deploy it.

1) SAML AuthN via UEM

The first step is to configure SAML authentication within Settings / Enterprise Integration / Directory Services. You can choose how users can be authenticated, whether this is for Admins, Enrolment or the SSP or all at once.

In this example, we have integrated our UEM with Workspace ONE Access as the identity broker for our device enrolments.

Next step, we go into Access and configure the ‘default_access_policy’ for macOS. I wont go into detail in this blog, but you can follow:

In our case here, we are performing Certificate auth with Access (Seamless SSO), and if we don’t have a cert yet (unenrolled), then we are sending our authentication to Okta.

As you can see, we can do more than just Okta with Access, we can hook into any SAML compliant Identity provider. We have other Access tenants, and AzureAD, we could also add Ping, JumpCloud and more into one tenant. This means IT has total flexibility over the ecosystem, and end users have a one stop catalog for ALL applications regardless of where they are federated.

The best way to validate your config is to authenticate to your SSP from a Mac. Head to https://yourds.awmdm.com/MyDevice/?gid=OGID

2) Configure DEP Profile in UEM

Once we have our UEM SAML authentication working, we can configure our DEP profile. Head to Settings / Devices & Users / Apple / Device Enrolment Program. If you dont have DEP setup yet, follow the steps to get started. If you have an existing DEP profile, there are only 2 amends to make for 10.15.

Switch this on. Done

OPTIONAL: We can now pre-fill the Computer Account Full Name and Username based on account fields within UEM, based on lookups. You can also then prevent users from changing these details using ‘Allow Editing’.

Once this is complete, any new devices assigned to this DEP profile which are switched on after this change will be presented with the new experience.

See the following video for an example of the experience with Workspace ONE Access and with Okta Verify.

VMware vExpert 2019!

Today I was accepted into the VMware vExpert 2019 list! I’ve been included in this due to, in part, this blog and the blog.eucse.com site, along with talks I’ve run at conferences and events this year.

The full list and more details are here. I expect to be ramping up my blogging efforts in the back half of 2019 following up to VMworld Europe. https://blogs.vmware.com/vexpert/2019/07/26/vexpert-2019-second-half-award-announcement/

Web SSO for Chrome with Workspace ONE

Web SSO Workspace ONE

So, you’ve enabled Workspace ONE for your organisation, you’re on your way to End User Nirvana. Theres just one thing in your way, the Username and Password field! 

Workspace ONE is great at becoming a one stop shop for all Web, Native and Virtual Applications, leaving your users with just one password to remember. But… what if that could be a thing of the past! 

On a Workspace ONE Managed Device (macOS or Windows 10), your users can simply open their Browser of Choice (except Firefox, we’ll cover that later), et voilà . Logged in without a second thought.  

Enable Workspace ONE Intelligent Hub for SaaS and Native Apps

If you’ve upgraded to Workspace ONE UEM 18.10 and you have anybody enrolled with the AirWatch Agent, you wont fail to see the new Intelligent Hub app and Hub Services configuration.

Intelligent Hub is an overhaul of the AirWatch Agent to deliver a full Unified App Catalog features, allowing the Hub to be the one stop shop for users to access any app on any device. The app also allows Administrators to deliver notifications to end users.

If you are an end to end Workspace ONE user, integrating UEM (Unified Endpoint Management, powered by AirWatch) with VMware Identity Manager, you’ll probably want to deliver your SaaS Apps as well as Native applications.

Continue reading “Enable Workspace ONE Intelligent Hub for SaaS and Native Apps”

Deleting a vSAN Partition

I set up VCSA (vCenter Server Appliance) running on a vSAN datastore, then wanted to move things around. I disconnected my ESXI hosts and deleted the VCSA appliance. Proper SDDC experts are probably crying at that statement not, but you learn by doing! I then had the issue where I was unable to delete the vSAN datastore.
To resolve this, I had to run thr following:
First enable SSH on your ESXI host. SSH into it and run:
esxcli vsan cluster leave
Once this was done, I was still unable to re-claim the disks back into regular datastores. I couldn’t remove the partitions via ESXi Web Client either, so resorted back to Google.
Run this:
esxcli vsan storage list
Run the command and get the VSAN UUID from one of them. If theres multiple, it doesnt matter!
esxcli vsan storage remove -u uuid
Once this has been run, you’re all good!
Disclaimer: this is a Lab… anything in production please contact VMware Support!

Easy access to Office 365 Apps from Workspace ONE

Providing access to applications as easy as possible is one of the primary goals of Workspace ONE. While Workspace ONE can enable Single Sign On to Office 365, I see most setups just deploying the main portal to Office 365.  One massive improvement we can make is to provide users with links directly to O365 services, such as OneDrive, Outlook and Excel Online by enabling one click links into these services.

Below is a step by step guide to get each service within Office 365 presented to end users via the Workspace ONE Catalog.

Continue reading “Easy access to Office 365 Apps from Workspace ONE”