childebrandt42

Worthless info……………Oh blinky lights!

Ultimate Guide to lmvutil Commands for Omnissa Horizon Cloud Pod Architecture

Posted by

childebrandt42

·

, , , , ,

This guide provides a detailed reference for managing an Omnissa Horizon Cloud Pod Architecture (CPA) environment using the lmvutil command-line utility. CPA enables the federation of multiple Horizon pods to deliver desktops and applications across data centers, supporting up to 250,000 sessions. The lmvutil utility, executed on a Horizon Connection Server, allows administrators to configure and manage pods, global entitlements, sites, and security settings. This post covers all 39 lmvutil commands with their purpose, syntax, examples, and descriptions, ensuring you have the tools to optimize your CPA environment effectively. Refer to the Omnissa Documentation for additional details.

Understanding Cloud Pod Architecture

Cloud Pod Architecture (CPA) federates multiple Horizon pods to create a unified system for desktop and application delivery. It supports resource sharing, global entitlements, and scalability across data centers. The lmvutil utility is the primary tool for configuring and managing CPA, offering precise control over federation setup, entitlement management, and security tasks.

Prerequisites for Using lmvutil Commands (No, You Can’t Skip These)

Before executing lmvutil commands, ensure the following:

  • Administrative Access: Admin credentials for the Horizon Connection Server are required.
  • Command Execution: Run lmvutil from the command line on a Connection Server.
  • Pod Federation: Some commands require an existing federation, while others initialize or modify it.
  • Case Sensitivity: Commands and parameters are case-sensitive.
  • Password Security: Use --authPassword "*" to prompt for passwords securely, avoiding hardcoded credentials. Hardcoding passwords is so last century.

Comprehensive lmvutil Command Reference

Below is a complete list of all 39 lmvutil commands, each with its purpose, syntax, example, and description, aligned with the Omnissa documentation.

1. Initialize a Pod Federation

  • Purpose: Initializes a new CPA federation to enable resource sharing across pods.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --initialize --federationName <federation-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --initialize --federationName CorpFederation
  • Description: Creates a federation named CorpFederation, designating the executing pod as the first member. This command establishes the foundation for a multi-pod CPA environment.

2. Join a Pod to a Pod Federation

  • Purpose: Adds a pod to an existing CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --join --serverName <existing-server-name> --federationName <federation-name> | --joinServer <existing-server-name> --userName <join-username> --password <join-password>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --join --serverName pod1-server.corp.local --federationName CorpFederation
  • Description: Joins the current pod to the CorpFederation by connecting to an existing Connection Server (pod1-server.corp.local). Alternatively, use --joinServer with credentials for authentication.

3. Unjoin a Pod from a Pod Federation

  • Purpose: Removes a pod from a CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --unjoin
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --unjoin
  • Description: Removes the current pod from the federation, requiring no active user sessions. For pods with unavailable servers, use --ejectPod. If it’s the last pod, use –uninitialize.

4. Uninitialize a Pod Federation

  • Purpose: Dissolves the entire CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --uninitialize
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --uninitialize
  • Description: Deletes the federation, removing all pods and global entitlements. This action is irreversible and requires no active user sessions.

5. Create a Global Desktop Entitlement

  • Purpose: Creates a global entitlement for desktop pools.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --createGlobalEntitlement --entitlementName <global-entitlement-name> --scope <scope> [--isDedicated | --isFloating] [--description <description>] [--defaultProtocol <protocol>] [--multiSessionMode <mode>] [--enabled | --disabled] [--fromHome] [--multipleSessionAutoClean] [--requireHomeSite] [--preventProtocolOverride] [--allowReset] [--multipleSessionsPerUser] [--tags <value>] [--categoryFolder <value>] [--shortcutLocations <value>] [--clientRestrictions] [--collaboration] [--aliasName <value>] [--disableAliasName] [--displayAssignedHostName] [--displayMachineAlias] [--federationAccessGroup <value>] [--sessionDistributionPolicy <value>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --createGlobalEntitlement --entitlementName GlobalDesktop --scope ALL_SITES --isFloating --description "Global Desktop Entitlement" --defaultProtocol BLAST --multiSessionMode ENABLED --collaboration
  • Description: Creates a global desktop entitlement named GlobalDesktop for accessing desktops across pods. Specify --isDedicated or --isFloating, scope (ALL_SITES, WITHIN_POD, WITHIN_SITE), protocol (PCOIP, BLAST, RDP), and optional settings like –collaboration.

6. Delete a Global Desktop Entitlement

  • Purpose: Deletes a global desktop entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --deleteGlobalEntitlement --entitlementName <global-entitlement-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --deleteGlobalEntitlement --entitlementName GlobalDesktop
  • Description: Removes the GlobalDesktop entitlement, revoking access to associated pools. Requires no active sessions. For application entitlements, use --deleteGlobalApplicationEntitlement.

7. Add a Local Pool to a Global Entitlement

  • Purpose: Associates a local desktop or application pool with a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --addPool | --addPoolAssociation --entitlementName <global-entitlement-name> --poolName <pool-name> | --poolId <pool-id>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --addPool --entitlementName GlobalDesktop --poolName DesktopPool1
  • Description: Links DesktopPool1 to GlobalDesktop, enabling access across pods. Use --addPoolAssociation with --poolId as an alternative.

8. Remove a Local Pool from a Global Entitlement

  • Purpose: Removes a local pool from a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --removePool | --removePoolAssociation --entitlementName <global-entitlement-name> --poolName <pool-name> | --poolId <pool-id>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --removePool --entitlementName GlobalDesktop --poolName DesktopPool1
  • Description: Removes DesktopPool1 from GlobalDesktop, preventing access via the entitlement. Use --removePoolAssociation with --poolId as an alternative.

9. Add a User to a Global Entitlement

  • Purpose: Grants a user access to a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --addUser | --addUserEntitlement --entitlementName <global-entitlement-name> --userName <username> --domain <user-domain>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --addUser --entitlementName GlobalDesktop --userName jdoe --domain corp
  • Description: Adds user jdoe from the corp domain to GlobalDesktop, granting access to associated pools. Use --addUserEntitlement as an alternative.

10. Remove a User from a Global Entitlement

  • Purpose: Revokes a user’s access to a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --removeUser | --removeUserEntitlement --entitlementName <global-entitlement-name> --userName <username> --domain <user-domain>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --removeUser --entitlementName GlobalDesktop --userName jdoe --domain corp
  • Description: Removes user jdoe from GlobalDesktop, revoking access. Use --removeUserEntitlement as an alternative.

11. Add a Group to a Global Entitlement

  • Purpose: Grants a group access to a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --addGroup | --addGroupEntitlement --entitlementName <global-entitlement-name> --groupName <group-name> --domain <group-domain>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --addGroup --entitlementName GlobalDesktop --groupName DesktopUsers --domain corp
  • Description: Adds the DesktopUsers group to GlobalDesktop, granting access to all members. Use --addGroupEntitlement as an alternative.

12. Remove a Group from a Global Entitlement

  • Purpose: Revokes a group’s access to a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --removeGroup | --removeGroupEntitlement --entitlementName <global-entitlement-name> --groupName <group-name> --domain <group-domain>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --removeGroup --entitlementName GlobalDesktop --groupName DesktopUsers --domain corp
  • Description: Removes the DesktopUsers group from GlobalDesktop, revoking access. Use --removeGroupEntitlement as an alternative.

13. Assign a Home Site to a Global Entitlement

  • Purpose: Assigns a home site to a user or group for a global entitlement to prioritize resource allocation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --assignHomeSite | --createUserHomeSite | --createGroupHomeSite --entitlementName <global-entitlement-name> --siteName <site-name> [--userName <username> --domain <user-domain> | --groupName <group-name> --domain <group-domain>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --assignHomeSite --entitlementName GlobalDesktop --siteName Site1 --userName jdoe --domain corp
  • Description: Assigns Site1 as the home site for user jdoe or a group in GlobalDesktop, prioritizing resources from that site. Use --createUserHomeSite or --createGroupHomeSite as alternatives.

14. Remove a Home Site from a Global Entitlement

  • Purpose: Removes a home site assignment for a user or group from a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --removeHomeSite | --deleteUserHomeSite | --deleteGroupHomeSite --entitlementName <global-entitlement-name> [--userName <username> --domain <user-domain> | --groupName <group-name> --domain <group-domain>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --removeHomeSite --entitlementName GlobalDesktop --userName jdoe --domain corp
  • Description: Removes the home site assignment for user jdoe or a group from GlobalDesktop. Use --deleteUserHomeSite or --deleteGroupHomeSite as alternatives.

15. Create a Site

  • Purpose: Creates a new site in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --createSite --siteName <site-name> [--description <description>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --createSite --siteName Site1 --description "Primary Data Center"
  • Description: Creates a site named Site1 to group pods by location, facilitating resource management and home site assignments.

16. Delete a Site

  • Purpose: Deletes a site from the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --deleteSite --siteName <site-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --deleteSite --siteName Site1
  • Description: Removes Site1 from the federation. Ensure no pods or home site assignments are associated with the site.

17. Add a Pod to a Site

  • Purpose: Assigns a pod to a specific site in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --addPodToSite | --assignPodToSite --podName <pod-name> --siteName <site-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --addPodToSite --podName Pod1 --siteName Site1
  • Description: Assigns Pod1 to Site1 for resource organization. Use --assignPodToSite as an alternative.

18. Remove a Pod from a Site

  • Purpose: Removes a pod from a specific site in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --removePodFromSite --podName <pod-name> --siteName <site-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --removePodFromSite --podName Pod1 --siteName Site1
  • Description: Removes Pod1 from Site1, while the pod remains in the federation.

19. List Pod Federation Information

  • Purpose: Displays information about the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --list [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --list --verbose
  • Description: Lists details about the federation, including pods, sites, and entitlements. Use --verbose for detailed output.

20. List Global Desktop Entitlements

  • Purpose: Displays all global desktop entitlements in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --listGlobalEntitlements [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --listGlobalEntitlements
  • Description: Lists all global desktop entitlements, including names and settings. For application entitlements, use --listGlobalApplicationEntitlements.

21. List Sites

  • Purpose: Displays all sites in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --listSites [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --listSites
  • Description: Lists all sites and their associated pods. Use --verbose for detailed output.

22. List Pods

  • Purpose: Displays all pods in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --listPods [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --listPods
  • Description: Lists all pods and their site affiliations. Use --verbose for detailed output.

23. Create a Global Application Entitlement

  • Purpose: Creates a global entitlement for application pools.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --createGlobalApplicationEntitlement --entitlementName <global-entitlement-name> --scope <scope> [--description <description>] [--defaultProtocol <protocol>] [--multiSessionMode <mode>] [--enabled | --disabled] [--fromHome] [--multipleSessionAutoClean] [--requireHomeSite] [--preventProtocolOverride] [--preLaunch] [--tags <value>] [--categoryFolder <value>] [--shortcutLocations <value>] [--clientRestrictions] [--aliasName <value>] [--disableAliasName] [--federationAccessGroup <value>] [--sessionDistributionPolicy <value>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --createGlobalApplicationEntitlement --entitlementName GlobalApp --scope ALL_SITES --description "Global Application Entitlement" --defaultProtocol BLAST --multiSessionMode ENABLED
  • Description: Creates a global application entitlement named GlobalApp. Specify scope, protocol, and optional settings like --preLaunch or --clientRestrictions.

24. Delete a Global Application Entitlement

  • Purpose: Deletes a global application entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --deleteGlobalApplicationEntitlement --entitlementName <global-entitlement-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --deleteGlobalApplicationEntitlement --entitlementName GlobalApp
  • Description: Removes the GlobalApp entitlement, revoking access to associated pools. Requires no active sessions.

25. Update a Global Desktop Entitlement

  • Purpose: Updates settings for an existing global desktop entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --updateGlobalEntitlement --entitlementName <global-entitlement-name> [--description <description>] [--disabled | --enabled] [--fromHome | --disableFromHome] [--multipleSessionAutoClean | --disableMultipleSessionAutoClean] [--multipleSessionsPerUser | --disableMultipleSessionsPerUser] [--requireHomeSite | --disableRequireHomeSite] [--defaultProtocol <protocol>] [--scope <scope>] [--tags <value> | --notags] [--categoryFolder <value> | --disableCategoryFolder] [--shortcutLocations <value>] [--clientRestrictions | --disableClientRestrictions] [--collaboration | --disableCollaboration] [--backupEntitlementName <value> | --disableBackupEntitlement] [--aliasName <value> | --disableAliasName] [--displayAssignedHostName | --disableDisplayAssignedHostName] [--displayMachineAlias | --disableDisplayMachineAlias] [--federationAccessGroup <value>] [--sessionDistributionPolicy <value>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --updateGlobalEntitlement --entitlementName GlobalDesktop --description "Updated Desktop Entitlement" --scope WITHIN_SITE --defaultProtocol RDP
  • Description: Modifies GlobalDesktop with updated settings like description, scope, or protocol. Use enable/disable flags to toggle features.

26. Update a Global Application Entitlement

  • Purpose: Updates settings for an existing global application entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --updateGlobalApplicationEntitlement --entitlementName <global-entitlement-name> [--description <description>] [--disabled | --enabled] [--fromHome | --disableFromHome] [--multipleSessionAutoClean | --disableMultipleSessionAutoClean] [--requireHomeSite | --disableRequireHomeSite] [--defaultProtocol <protocol>] [--scope <scope>] [--preLaunch | --disablePreLaunch] [--appVersion <value>] [--appPublisher <value>] [--appPath <value>] [--tags <value> | --notags] [--categoryFolder <value> | --disableCategoryFolder] [--shortcutLocations <value>] [--clientRestrictions | --disableClientRestrictions] [--aliasName <value> | --disableAliasName] [--backupEntitlementName <value> | --disableBackupEntitlement] [--federationAccessGroup <value>] [--sessionDistributionPolicy <value>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --updateGlobalApplicationEntitlement --entitlementName GlobalApp --description "Updated Application Entitlement" --scope WITHIN_POD --defaultProtocol BLAST --preLaunch
  • Description: Modifies GlobalApp with updated settings like scope, protocol, or --preLaunch. Parameters like --appVersion, --appPublisher, and --appPath allow specifying application metadata.

27. Edit a Site

  • Purpose: Updates a site’s name or description in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --editSite --siteName <site-name> [--newSiteName <new-site-name>] [--description <description>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --editSite --siteName Site1 --newSiteName SiteA --description "Updated Data Center"
  • Description: Updates Site1 with a new name (SiteA) or description. Ensure the site exists and has no conflicting assignments.

28. Eject a Pod from a Pod Federation

  • Purpose: Removes a pod from the federation when its servers are unavailable.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --ejectPod --podName <pod-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --ejectPod --podName Pod1
  • Description: Removes Pod1 from the federation when its servers are inaccessible. Requires no active sessions.

29. List Associated Pools

  • Purpose: Lists pools associated with a global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --listAssociatedPools --entitlementName <global-entitlement-name> [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --listAssociatedPools --entitlementName GlobalDesktop
  • Description: Lists all pools linked to GlobalDesktop. Use --verbose for detailed output.

30. List Entitlements

  • Purpose: Lists links between users or groups and global entitlements.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --listEntitlements [--userName <username> | --groupName <group-name> | --entitlementName <global-entitlement-name>] [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --listEntitlements --entitlementName GlobalDesktop
  • Description: Lists users or groups linked to GlobalDesktop or all entitlements. Filter with --userName or --groupName. Use --verbose for details.

31. List Global Application Entitlements

  • Purpose: Displays all global application entitlements in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --listGlobalApplicationEntitlements [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --listGlobalApplicationEntitlements
  • Description: Lists all global application entitlements, including names and settings. Use --verbose for detailed output.

32. List User Assignments

  • Purpose: Lists user assignments to identify users impacted by pod or site unavailability.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --listUserAssignments [--userName <username> | --entitlementName <global-entitlement-name> | --podName <pod-name> | --siteName <site-name>] [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --listUserAssignments --podName Pod1
  • Description: Lists user assignments for Pod1, showing impacted users if the pod is unavailable. Filter with --userName, --entitlementName, or --siteName. Use --verbose for details.

33. Resolve User Home Site

  • Purpose: Resolves the home site for a user for a specific global entitlement.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --resolveUserHomeSite --userName <username> --entitlementName <global-entitlement-name>
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --resolveUserHomeSite --userName jdoe --entitlementName GlobalDesktop
  • Description: Displays the home site assigned to user jdoe for GlobalDesktop, aiding in resource allocation troubleshooting.

34. Show Group Home Sites

  • Purpose: Displays configured home sites for a group.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --showGroupHomeSites --groupName <group-name> [--entitlementName <global-entitlement-name>] [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --showGroupHomeSites --groupName DesktopUsers --entitlementName GlobalDesktop
  • Description: Lists home sites for the DesktopUsers group, optionally filtered by GlobalDesktop. Use --verbose for detailed output.

35. Show User Home Sites

  • Purpose: Displays configured home sites for a user.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --showUserHomeSites --userName <username> [--entitlementName <global-entitlement-name>] [--verbose]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --showUserHomeSites --userName jdoe --entitlementName GlobalDesktop
  • Description: Lists home sites for user jdoe, optionally filtered by GlobalDesktop. Use --verbose for detailed output.

36. Update a Pod

  • Purpose: Updates a pod’s name or description in the CPA federation.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --updatePod --podName <pod-name> [--newPodName <new-pod-name>] [--description <description>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --updatePod --podName Pod1 --newPodName PodA --description "Updated Pod Description"
  • Description: Updates Pod1 with a new name (PodA) or description. Ensure the pod exists and has no conflicting assignments.

37. Create a Pending Certificate

  • Purpose: Creates a pending certificate for SSL connections to the pod.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --createPendingCertificate
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --createPendingCertificate
  • Description: Generates a pending certificate for SSL connections. Use --activatePendingCertificate to activate it.

38. Activate a Pending Certificate

  • Purpose: Activates a pending certificate for SSL connections to the pod.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --activatePendingCertificate
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --activatePendingCertificate
  • Description: Activates a previously created pending certificate, replacing the current certificate.

39. Rotate CPA Key Pair

  • Purpose: Rotates the CPA key pair for security maintenance.
  • Syntax: lmvutil --authAs <admin-username> --authDomain <domain-name> --authPassword <password> --rotateCPAKeyPair [--retainLatestKeyPair <value>]
  • Example: lmvutil --authAs admin --authDomain corp --authPassword "*" --rotateCPAKeyPair --retainLatestKeyPair 2
  • Description: Generates a new CPA key pair, optionally retaining the specified number of previous generations (e.g., 2). If --retainLatestKeyPair is omitted, all old generations are removed.

Best Practices for Effective lmvutil Management

To optimize your CPA environment with lmvutil, follow these recommendations:

  1. Secure Passwords: Always use --authPassword "*" to prompt for passwords securely.
  2. Enable Verbose Logging: Use –verbose with commands like --list, --listSites, or --listGlobalEntitlements for detailed troubleshooting output.
  3. Verify Session Status: Commands like --unjoin, --ejectPod, –uninitialize, --deleteGlobalEntitlement, and --deleteGlobalApplicationEntitlement require no active sessions. Use --listUserAssignments to check.
  4. Select Appropriate Scope and Protocol: Choose --scope (ALL_SITES, WITHIN_POD, WITHIN_SITE) and --defaultProtocol (PCOIP, BLAST, RDP) based on your environment’s needs.
  5. Monitor Scalability: CPA supports up to 250,000 sessions, with each pod handling 20,000. Use --listPods to track capacity.
  6. Use Command Synonyms: Commands like --addGroupEntitlement and --addGroup are interchangeable; select the most suitable for your workflow.

Troubleshooting Common lmvutil Issues

Address common challenges with these steps:

  • Resource Not Found Errors: Verify pods, sites, or entitlements exist using --listPods, --listSites, or --listGlobalEntitlements.
  • Active Session Conflicts: Use --listUserAssignments to identify and terminate active sessions before running commands like --unjoin or --deleteSite.
  • Case Sensitivity Issues: Ensure correct case for parameters like --entitlementName.
  • Authentication Failures: Confirm admin credentials and --authDomain accuracy.

Why lmvutil Matters

The lmvutil utility provides granular control over your CPA environment, enabling efficient configuration, scalability, and security management. By mastering these commands, you can:

  • Streamline Operations: Automate pod, entitlement, and site management.
  • Enhance Security: Manage certificates and key pairs effectively.
  • Scale Confidently: Support large-scale deployments across multiple pods.
  • Troubleshoot Efficiently: Use diagnostic commands to maintain system health.

Get Started with lmvutil

Start leveraging lmvutil to optimize your Omnissa Horizon CPA environment. For further details, consult the Omnissa Documentation or the Horizon 8 Architecture guide. Share your experiences or questions in the Omnissa Community Forums to connect with other administrators.

childebrandt42 Avatar

About the author

Hi, I’m Chris Hildebrandt, a Technology Generalist and passionate EUC Solutions Architect at Choice Solutions.

With hands-on experience from enterprise deployments to consulting, I specialize in virtualization, Omnissa Horizon, App Volumes, Azure Virtual Desktop, Nerdio, LoginVSI, Cisco UCS, Pure Storage and streamlining workflows through automation (PowerShell, APIs, and more).

Proud multi-year vExpert, Omnissa Tech Insider, Cisco Champion, former VMUG leader, and co-Leader of World of EUC in KC!

Active in the #vCommunity—let’s connect on EUC challenges, automation ideas, or modern workspaces! 🚀