VMware View Client Protocol Spec 4.5.0 GA PDF

Technical Note
Using the View Client Protocol

View Manager 4.5
VMware View Client Protocol License 1.0

APImeanstheVMwareViewClientProtocol. YouandYour meananindividualorasingleentityexercisingrightsunder,andcomplyingwithallofthe termsof,thislicense. VMware,Inc.(VMware)herebygrantstoYouaroyaltyfree,nonexclusive,nontransferable,worldwide, limitedcopyrightlicenseto: a b downloadandreproducetheAPIforYourinternalevaluationpurposes;and usetheAPItodevelop,test,andevaluateYourimplementationofclientsoftwareand/orclient device(s)thatusetheAPIsolelyfromtheclientside.
ThislicenseshallnotextendtoanyfunctionalityimplementedontheserversideoftheAPI. VMwarecovenantstoYouthatitwillnotassertanyNecessaryClaimsagainstYouforusing,making,having made,selling,offeringforsale,importing,orotherwisedistributingYourimplementationtotheextentit conformstotheclientsideoftheAPI(ConformingImplementation).Theforegoingcovenantshallnot extendtoanyfunctionalityofsuchimplementationthatisnotdescribedintheunmodifiedAPIorthatisnot implementedontheclientsideoftheunmodifiedAPI.TheAPIisunmodifiediftherearenochanges, additions,orextensionstotheAPI.NecessaryClaimsarethoseclaimsofVMwareownedpatentsorpatent applicationsthatarenecessarilyinfringedbyimplementationoftheAPIfromtheclientside.Thiscovenant flowsdirectlyfromVMwaretoYouandispersonal,nonassignableandnontransferable.IfYouassert,by filing,maintaining,orotherwiseparticipatinginapatentinfringementlawsuit,anyclaimagainstVMware relatedtotheAPIoragainstanyConformingImplementation,thenthiscovenantwillbecomevoidandall licensesgrantedtoYoubyVMwarehereunderwillterminateasofthedatesuchclaimisfiled.Inaddition,this covenantisnotanassurancethatYourimplementationwouldnotinfringetheintellectualpropertyrightsof anythirdparty. VMWAREANDITSLICENSORSEXPRESSLYRESERVEALLOTHERRIGHTSNOTEXPLICITLY GRANTEDHEREIN.THEAPIISPROVIDEDASISANDWITHALLFAULTS.VMWAREANDITS LICENSORSEXPRESSLYDISCLAIMALLWARRANTIESOFANYKIND,INCLUDINGBUTNOTLIMITED TOWARRANTIESOFACCURACYANDCOMPLETENESS,MERCHANTABILITY,ORFITNESSFORA PARTICULARPURPOSE. INNOEVENTSHALLVMWAREORITSLICENSORSBELIABLEFORANYDAMAGESINCLUDING WITHOUTLIMITATION,LOSTREVENUE,LOSSOFUSE,LOSSOFDATA,ORANYINCIDENTAL, CONSEQUENTIAL,DIRECT,INDIRECT,ORSPECIALDAMAGESREGARDLESSOFTHETHEORYOF LIABILITY,ARISINGOUTOFYOURHAVING,IMPLEMENTINGOROTHERWISEUSINGTHEAPI, WHETHERORNOTVMWAREAND/ORITSLICENSORSHAVEBEENADVISEDOFTHEPOSSIBILITYOF SUCHDAMAGES.
VMware, Inc.
NoofferismadehereinbyVMwaretoprovidesupportormaintenanceofanykindandVMwareshallnotbe obligatedtoprovideYouwithsupportormaintenanceofanykindfortheAPIorYourimplementationthereof. ThenameandtrademarksofVMwaremaynotbeusedinanymanner,includinginanyadvertising,publicity ormarketingrelatingtotheAPIorinconjunctionwithYourimplementationwithoutthepriorwritten permissionofVMware.
The View Client Protocol

TheVMwareViewClientprotocolisasetofXMLinstructionsthatclientdevicescanusetocommunicate withaViewConnectionServerinstance.Thistechnicalnotedescribestheprotocolthatissupportedby VMwareVirtualDesktopManager2.x,VMwareViewManager3.x,andlaterversionsofVMwareView Manager.Thirdpartyvendorsanddeveloperscanusetheprotocoldefinitionstocreatesoftwareforaclient devicethatinteractswithaViewConnectionServerinstance. Figure 1showsacompleteViewManagercomponentenvironmentwithconnectionsfromaViewClienttoa ViewConnectionServerinstance.TheclientsendsXMLrequeststotheViewConnectionServerinstanceover anHTTPorHTTPSconnection.IftheclientcanauthenticateitselfsuccessfullyusingtheViewClientprotocol, theViewConnectionServerinstancepermitstheclienttoestablishadirect(nontunneled)connectiontoa virtualdesktopusingaprotocolsuchasVMwarePCoIP,MicrosoftRemoteDesktopProtocol(RDP),orHP RemoteGraphicsSoftware(RGS). Figure 1. View Manager Components and Direct Client Connections
View Client
View Client
RDP Client
Direct RDP HTTP(S) View Client Protocol
Admin Console View Administrator

HTTP(S)
Tunneled RDP
View Secure GW Server
View Messaging View Connection Server
View Broker & Admin Server

SOAP
vCenter Server VMware vCenter
View Manager LDAP
JMS RDP RDP
View Agent
Virtual Desktop VM
ThisdocumentdescribeshowtocreateadirectconnectionbetweenaclientandaViewdesktopvirtual machine,whichbypassestheViewConnectionServerorsecurityserverhost.Itdoesnotdescribehowto createatunnelconnectionbetweenaclientandaViewdesktopviaaViewConnectionServerorsecurity serverhost.DirectconnectionstodesktopsaresuitableforuseoverLANorVPNconnections,andmustbe usedforthePCoIPandHPRGSdisplayprotocols.Tousedirectclientconnections,selectDirectconnection todesktopinthesettingsfortheViewConnectionServerinstance.
VMware, Inc.
TounderstandthemessageflowsintheViewClientprotocol,installacompleteViewManagerenvironment, anddisableSSLforclientconnections.Youcanthenusenetworkprotocolanalysissoftware(suchas WireShark)tomonitortheprotocolmessagesthatareexchangedbetweenaclientandtheViewConnection Serverinstance.TodisableSSLforclientconnections,deselectRequireSSLforclientconnectionsandView AdministratorSSLintheglobalsettings,andrestarttheViewConnectionServerservice. Inanenterpriseleveldeployment,youwouldusuallyconfigureViewManagertouseSSLforclient connectionsoverasecureHTTPSchannel.IftheViewConnectionServerorsecurityserverhostsarearranged inaloadbalancingconfiguration,yourclientshouldusethesame,persistentHTTPSconnectionforall requests. ClientservercommunicationstakeplaceusingeitherHTTPorHTTPSwherebothrequestsandresponsesare properlyconstructedXMLmessages.Allrequestscontaintherootelementbrokerwithanaccompanying versionattribute. YouusePOSTrequeststosubmitprotocoldatatotheURL/broker/xmlonaViewConnectionServerinstance. Arequestcancontainoneormoremessages.Forexample,theget-desktopsrequestcancontainjust get-desktopsorseveraladditionalrequests,suchasset-localeanddo-submit-authentication. Responsescontainareplytoeachmessagethatyousentintherequest.Theresultforasuccessfulrequest containsthevalueok. AllversionsoftheViewConnectionServerinstancerequirethatyouenablecookies.Youmustreturncookies thattheclientreceivesfromtheViewConnectionServerinstanceinsubsequentrequestswithstandardcookie headers.Aclientshouldpersistandexpirecookiesonrequest,accordingtothestandardcookiemechanism. Table 1showsthecookiesthataViewConnectionServerinstancerequires. Table 1. Cookies Used on a Client with a View Connection Server Instance
Cookie JSESSIONID com.vmware.vdi.broker.location.id Description Persistsonlyduringasession. Persistsacrosssessions,anddoesnotexpire.
Sample Client Code

TheVMwareViewOpenClientallowsyoutoconnectfromaLinuxdesktoptoremoteWindowsdesktopsthat aremanagedbyViewManager.YoucandownloadthesourcefilesfortheViewOpenClienttoexamine samplecodethatusestheViewClientprotocoltoimplementaclient.Thesamplecodeincludesan implementationofthetunnelingconnectionfeature,butyoushouldnotethatthisimplementationmight changeinafuturerelease.Formoreinformation,seehttp://code.google.com/p/vmwareviewopenclient.
Using the View Client Protocol to Create a Desktop Session

Table 2showsthegenericprocedureforusingtheViewClientprotocoltoretrievetheinformationthatyou needtostartadesktopsessiononaclientsystem. Table 2. Overview of How to Create a Desktop Session
Step 1. 2. Request Sendaget-configurationrequesttotheView ConnectionServerinstance. Sendado-submit-authenticationrequestto authenticatetheuseronaViewConnectionServer instanceandestablishasession. Sendaget-tunnel-connectionrequestfora directconnection. Response Returnstheauthenticationmechanismthatyou mustuse. Showswhethertheauthenticationsucceeded.
3.
ReturnswhethertheViewConnectionServer instanceacceptsdirectconnections.
VMware, Inc.
Table 2. Overview of How to Create a Desktop Session (Continued)

Step 4. 5. Request Sendaget-desktopsrequesttoretrievethelistof desktopstowhichtheuserisentitled. Sendaget-desktop-connectionrequestthat containstheIDofoneofthedesktopsthatthe previousrequestreturned. Response Containsthelistofdesktops,ifsuccessful. Returnstheparametersthatarerequiredtostarta desktopclientfortherequesteddesktop.
Youcanstartadesktopclientusingtheparametersthattheresponsetotheget-desktop-connection requestcontains. Aftertheuserhasfinishedusingthedesktop,sendthedo-logoutrequesttologout.Toterminatethesession, closetheclientanddisconnectanyremainingdesktopsessions.
View Client Protocol Versions

TheViewClientprotocolisupdatedwhenanewversionofViewManagerisreleased.Table 3liststheView Managerversion,thecorrespondingViewClientprotocolversion,andabriefdescriptionofmajorchangesin eachversionoftheViewClientprotocol. Table 3. View Client Protocol Versions
View Manager Release 2.0 2.1 3.0 View Client Protocol Version 1.0 2.0 3.0 Description of Changes Firstrelease. Newauthenticationscreens(disclaimerandpasswordexpiration). OfflineVirtualDesktopInfrastructure(VDI)informationaddedto theget-desktopsresponse. Certificateauthentication(smartcard)propertiesadded. 3.1 4.0 3.1 4.0 Protocolselection. SupportforPCoIPdesktopprotocol. Triplesinglesignon(SSO)andotherimprovementstosmartcard authentication. 4.5 4.5 Updatedsupportforlocal(offline)desktops.
Theversionattributeofthebrokerelementindicatestheprotocolversionthattheclientsupports.After receivingtheversioninformation,aViewConnectionServerinstanceensuresthattheresponseis backwardcompatible.Ifafeatureisrequiredbutisnotsupportedinanearlierclient,theserverrespondswith anerror. Forexample,aversion1.0clientthatrequestsadisclaimerreceivesthefollowingerrorresponse.

<?xml version="1.0"?> <broker version="2.0"> <configuration> <result>error</result> <error-code>UNSUPPORTED_VERSION</error-code> <error-message>Disclaimers are not supported by this client version</error-message> <user-message>Your View Client version does not support the features of this View Server. Please upgrade your View Client</user-message> </configuration> </broker>
NOTEAclientmustsendthesameversionnumberwitheveryrequest.
VMware, Inc.
Protocol Compatibility
UsethefollowingguidelineswhendeterminingprotocolcompatibilitybetweenaclientandaView ConnectionServerinstance.
Forbackwardcompatibility,aclientmustreportitsprotocolversioncorrectly,itmustreadtheversion numbersuppliedintheresponsefromaViewConnectionServerinstance,anditmustensurethatitsends onlymessagesthatareimplementedinthatversionorearlierversionsoftheprotocol. Forforwardcompatibility,aclientcanacceptaprotocolversionnumberhigherthanitsownifitignores anyXMLelementsthatitdoesnotunderstand,insteadofreturninganerror.Forexample,aversion1.0 clientthatreceivesaversion2.1responsetotheget-desktopsrequestignorestheunsupported reset-allowedelementinthemessage.
Error Handling
AViewConnectionServerinstancerespondswithanerrormessageunderthefollowingconditions:

Theformat,version,orpurposeofarequestisincorrectorcannotbedetermined. Anunauthenticatedclientmakesarequestthatrequiresauthentication.
Thefollowingexampleshowsthegenericformatofanerrorresponse.
<?xml version="1.0"?> <broker version="1.0"> <result>error</result> <error-code>[code]</error-code> <error-message>[message]</error-message> </broker>
Someerrorresponsesincludeanadditionalentryinthefollowingformat:
<user-message>[message]</user-message>
ThisinformationislocalizedinViewManagerversion2.0andlaterandmightbedisplayedtousers. Mostrequestsfromaclientrequirethattheuserisauthenticated.AViewConnectionServerinstanceresponds withaNOT_AUTHENTICATEDerrorforamessagethatrequiresanauthenticatedsession.IfaViewConnection Serverinstanceisdisabled,newclientscanconnectbutnotauthenticate,andtheyreceiveaBROKER_DISABLED errorresponse.However,clientsessionsthathavealreadybeenauthenticatedcancontinue. Table 4providesanoverviewofthegenericerrorcodesthataViewConnectionServerinstancecanreturn. Certaintypesofrequestscanreturnothererrorcodesthatarespecifictothoserequests. Table 4. Generic Error Codes
Error Code BROKER_DISABLED INVALID_ROOT_ELEMENT INVALID_VERSION INVALID_XML Description AViewConnectionServerinstancehasbeendisabledfromwithintheadministrative interfaceandcannotprocessrequests. Therootelementoftherequestissomethingotherthanbroker. Theversionattributeofthebrokerelementdoesnotcontainafloatoraninteger. TheXMLisnotwellformed.Forexample: Error on line 3: The element type "broker" must be terminated by the matching end-tag MISSING_CONTENT Therequestcontainsthecorrectrootelementandversionattribute,buttheenvelope containsnoinformation. Thiserrorisalsousedtoindicatethatanindividualmessageismissingchildelements,for example,set-localehasamissingoremptylocaleelement. MISSING_VERSION NOT_AUTHENTICATED Theversionattributeismissingfromthebrokerelement. TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed.
VMware, Inc.
Table 4. Generic Error Codes (Continued)

Error Code READ_ERROR UNRECOGNIZED_CONTENT Description AcommunicationerroroccurredthatpreventedtheViewConnectionServerinstance fromreadingtheXML. Therequestcontainedunrecognizedcontent.Forexample,attemptingtosendthe set-localeinstructiontoaversion1.0ViewConnectionServerinstanceresultsinthe followingerror: unrecognized content: set-locale UNSUPPORTED_VERSION TherequestcontainsdatathatisnotcompatiblewiththeViewConnectionServerversion.
View Client Protocol Requests

Thefollowingsectionsdescribetherequestmessagesthatcanbesentandtheresponsesthatarereceivedwhen usingtheViewClientprotocol.Italsoprovidestheversioninwhichthemessagewasfirstimplemented,and definitionsandresponsesforeachrequest. Themessagesarelistedinalphabeticalorder.Thefollowinglistorderstherequestmessagesinwhichyou mightinvoketheminanapplication.

setlocaleRequestonpage 36 getconfigurationRequestonpage 21 dosubmitauthenticationRequestonpage 8 gettunnelconnectionRequestonpage 32 getdesktopsRequestonpage 27 getuserglobalpreferencesRequestonpage 33 setuserglobalpreferencesRequestonpage 38 setuserdesktoppreferencesRequestonpage 37 getdesktopconnectionRequestonpage 24 killsessionRequestonpage 34 resetdesktopRequestonpage 35 dologoutRequestonpage 7
VMware, Inc.
do-logout Request
EndsasessionwithaViewConnectionServerinstance.
Request
<?xml version="1.0"?> <broker version="1.0"> <do-logout/> </broker>
Response
<?xml version="1.0"?> <broker version="1.0"> <logout> <result>ok</result> </logout> </broker>
Description
Thedo-logoutrequestmessageendsaViewConnectionServersessionsothatauserisnolonger authenticated.
Implementation
Implementedinprotocolversion1.0.
Authentication
Priorauthenticationisrequired.
Errors
Table 5showstheerrorcodeandmessagefordo-logout. Table 5. do-logout Error Codes and Messages
Code NOT_AUTHENTICATED Description TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed.Thisresponsewasfirstimplementedinprotocolversion3.1.
VMware, Inc.
do-submit-authentication Request
PerformsauthenticationoftheuserwiththeViewConnectionServerinstance. do-submit-authenticationsupportsthefollowingrequestsandresponses:

Request:AcceptDisclaimeronpage 8 Response:AcceptDisclaimeronpage 8 Request:SecurIDAuthenticationPasscodeonpage 9 Response:SecurIDAuthenticationPasscodeonpage 9 Request:SecurIDAuthenticationTokenCodeonpage 12 Response:SecurIDAuthenticationTokenCodeonpage 12 Request:ChangeSecurIDAuthenticationPINonpage 13 Response:ChangeSecurIDAuthenticationPINonpage 13 Request:WaitforSecurIDAuthenticationonpage 14 Response:WaitforSecurIDAuthenticationonpage 14 Request:PasswordAuthenticationonpage 14 Response:PasswordAuthenticationonpage 15 Request:UpdatePasswordonpage 16 Response:UpdatePasswordonpage 16 Request:CertificateAuthenticationonpage 17 Response:CertificateAuthenticationonpage 18 Response:CompleteAuthenticationFailureonpage 19 Response:AlreadyAuthenticatedErroronpage 19
Request: Accept Disclaimer

Therequestforacceptdisclaimerwasfirstimplementedinprotocolversion2.0.
<?xml version="1.0"?> <broker version="2.0"> <do-submit-authentication> <screen> <name>disclaimer</name> <params> <param> <name>accept</name> <values> <value>true</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
Response: Accept Disclaimer

<?xml version="1.0"?> <broker version="2.0"> <submit-authentication> <result>partial</result>  <authentication> <screen>
VMware, Inc.
<name>securid-passcode</name> </screen> </authentication> </submit-authentication> </broker>
Request: SecurID Authentication Passcode

TherequestforaSecurIDauthenticationpasscodewasfirstimplementedinprotocolversion1.0.
<?xml version="1.0"?> <broker version="1.0"> <do-submit-authentication> <screen> <name>securid-passcode</name> <params> <param> <name>username</name> <values> <value>user1</value> </values> </param> <param> <name>passcode</name> <values> <value>271828183</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
Response: SecurID Authentication Passcode

Thefollowingsectionsdetailthepossibleresponsestothesecurid-passcoderequest. Authentication Partially Complete Thisresponseissentwhenauthenticationispartiallycompleteandthenextscreenisbeingrequested.
<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result>  <authentication> <screen> <name>windows-password</name> <params> <param> <name>username</name>  <readonly/> <values> <value>user1</value> </values> </param> <param> <name>domain</name> <values> <value>DOMAIN1</value> </values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
VMware, Inc.
SecurID Token Code Required ThisresponseissentwhenthenextSecureIDtokencodeisrequiredtoproceed.

<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>securid-nexttokencode</name> <params/> </screen> </authentication> </submit-authentication> </broker>
New PIN Required ThisresponseissentwhentheusermustchooseanewPIN.

<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>securid-pinchange</name> <params>  <param> <name>user-selectable</name> <values> <value>MUST_CHOOSE_PIN</value> </values></param> <param> <name>message</name> <values> <value>PIN should be between 4 and 8 numbers.</value> </values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
New PIN Cannot Be Chosen ThisresponseissentwhentheusermustaccepttheassignedPINandcannotchooseanewPIN.

<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>securid-pinchange</name> <params> <!-The user must confirm the provided PIN number, first box for PIN should be pre-filled and not editable --> <param> <name>user-selectable</name> <values><value>CANNOT_CHOOSE_PIN</value> </values> </param> <param> <name>pin1</name>
VMware, Inc.
10
<readonly/> <values><value>1234</value></values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
New PIN Can Be Chosen ThisresponseissentwhentheusercanselectaprovidedPINorenteranewone.

<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>securid-pinchange</name> <params> <param> <name>user-selectable</name> <values> <value>USER_SELECTABLE</value> </values> </param> <param> <name>message</name> <values><value>PIN should be between 4 and 8 numbers.</value> </values> </param> <param> <name>pin1</name> <readonly/> <values><value>1234</value></values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
SecurID Authentication Failure ThisresponseissentissentintheeventofaSecureIDauthenticationfailure.

<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>securid-passcode</name> <params> <param> <name>error</name> <values> <value>Access Denied</value> </values> </param> <param> <name>username</name> <values> <value>user1</value> </values> </param> </params> </screen>
VMware, Inc.
11
</authentication> </submit-authentication> </broker>
Request: SecurID Authentication Token Code

Thefollowingrequestwasfirstimplementedinprotocolversion1.0.
<?xml version="1.0"?> <broker version="1.0"> <do-submit-authentication> <screen> <name>securid-nexttokencode</name> <params> <param> <name>tokencode</name> <values> <value>271828183</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
Response: SecurID Authentication Token Code

Thefollowingsectionsdetailthepossibleresponsestothesecurid-nexttokencoderequest. Authentication Partially Complete Thisresponseissentwhenauthenticationispartiallycompleteandthenextscreenisbeingrequested.
<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result>  <authentication> <screen> <name>windows-password</name> <params> <param> <name>username</name>  <readonly/> <values> <value>user1</value> </values> </param> <param> <name>domain</name> <values> <value>DOMAIN1</value> </values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
SecurID Authentication Failure ThisresponseissentintheeventofaSecurIDauthenticationfailure.

<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result>
VMware, Inc.
12
<authentication> <screen> <name>securid-passcode</name> <params> <param> <name>error</name> <values> <value>Access Denied</value> </values> </param> <param> <name>username</name> <values> <value>user1</value> </values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
Request: Change SecurID Authentication PIN

<?xml version="1.0"?> <broker version="1.0"> <do-submit-authentication> <screen> <name>securid-pinchange</name> <params> <param> <name>pin1</name> <values> <value>1111</value> </values> </param> <param> <name>pin2</name> <values> <value>1111</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
Response: Change SecurID Authentication PIN

Theresponsewaitsforthenexttokencode.
<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <authentication> <screen> <name>securid-wait</name> </screen> </authentication> </submit-authentication> </broker>
VMware, Inc.
13
Request: Wait for SecurID Authentication

<?xml version="1.0"?> <broker version="1.0"> <do-submit-authentication> <screen> <name>securid-wait</name>  <params></params> </screen> </do-submit-authentication> </broker>
Response: Wait for SecurID Authentication

Thisresponseissentifaloginattemptispermitted.
<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>securid-passcode</name> <params> <param> <name>username</name> <values><value>user1</value></values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
Request: Password Authentication

<?xml version="1.0"?> <broker version="1.0"> <do-submit-authentication> <screen> <name>windows-password</name> <params> <param> <name>username</name> <values> <value>user1</value> </values> </param> <param> <name>domain</name> <values> <value>DOMAIN1</value> </values> </param> <param> <name>password</name> <values> <value>secret</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
VMware, Inc.
14
Response: Password Authentication

Thefollowingsectionsdetailthepossibleresponsestothewindows-passwordrequest. Authentication Completed Successfully Thisresponseissentifauthenticationissuccessfulandtheauthenticationprocessiscomplete.
<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>ok</result>  <user-sid>session ID for user</user-sid>  <offline-sso-disabled>[true|false]</offline-sso-disabled>   <logout-on-host-suspend-enabled>[true|false]</logout-on-host-suspend-enabled>  </submit-authentication> </broker>
Authentication Failed Thisresponseissentifpasswordauthenticationfailed,butanotherattemptispermitted.

<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>windows-password</name> <params> <param> <name>error</name> <values><value>Unknown user name or bad password</value></values> </param> <param> <name>username</name>  <readonly/> <values> <value>user1</value> </values> </param> <param> <name>domain</name> <values> <value>DOMAIN1</value> </values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
Password Expired Thisresponseissentifapasswordauthenticationrequestwasreceivedwherethepasswordhasexpired. Thisresponsewasfirstimplementedinprotocolversion2.0.

<?xml version="1.0"?> <broker version="2.0"> <submit-authentication> <result>partial</result> <authentication>
VMware, Inc.
15
<screen> <name>windows-password-expired</name> <params> <param> <name>username</name> <readonly/> <values><value>user1</value></values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
Request: Update Password

Theoldpasswordhasexpired,andanewpasswordmustbeset. Thisrequestwasfirstimplementedinprotocolversion2.0.
<?xml version="1.0"?> <broker version="2.0"> <do-submit-authentication> <screen> <name>windows-password-expired</name> <params> <param> <name>oldPassword</name> <values> <value>secret</value> </values> </param> <param> <name>newPassword1</name> <values> <value>secret1</value> </values> </param> <param> <name>newPassword2</name> <values> <value>secret1</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
Response: Update Password

Thisresponseissentifthenewpasswordisnotacceptedandtheusercantryagain. Thisresponsewasfirstimplementedinprotocolversion2.0.
<?xml version="1.0"?> <broker version="2.0"> <submit-authentication> <result>partial</result> <authentication> <screen> <name>windows-password-expired</name> <params> <param> <name>error</name> <values> <value>New Password Not Accepted</value> </values> </param>
VMware, Inc.
16
<param> <name>username</name> <readonly/> <values> <value>user1</value> </values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
Request: Certificate Authentication

CertificateauthenticationisusedwhensmartcardauthenticationisenabledinaViewConnectionServer instance. Thecertificateauthenticationfeaturewasfirstimplementedinprotocolversion3.0. Accept Certificate Authentication TheclientacceptstheuserwhoisassociatedwiththecertificatethatwaspresentedduringtheinitialSSL handshake. Thefollowingformofthisrequestwasfirstimplementedinprotocolversion3.0.
<?xml version="1.0"?> <broker version="3.0"> <do-submit-authentication> <screen> <name>cert-auth</name> <params>  <param> <name>accept</name> <values> <value>true</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
Thefollowingformofthisrequestwasfirstimplementedinprotocolversion4.0.
<?xml version="1.0"?> <broker version="4.0"> <do-submit-authentication> <screen> <name>cert-auth</name> <params>  <param> <name>accept</name> <values><value>true</value></values> </param>   <param> <name>smartCardPIN</name> <values><value>1234</value></values> </param> <param> <name>smartCardReader</name> <values><value>XXXX</value></values> </param> </params>
VMware, Inc.
17
</screen> </do-submit-authentication> </broker>
Reject Certificate Authentication TheclientrejectstheuserwhoisassociatedwiththecertificatethatwaspresentedduringtheinitialSSL handshake.

<?xml version="1.0"?> <broker version="3.0"> <do-submit-authentication> <screen> <name>cert-auth</name> <params>  <param> <name>accept</name> <values> <value>false</value> </values> </param> </params> </screen> </do-submit-authentication> </broker>
Response: Certificate Authentication

Thefollowingsectionsdetailthepossibleresponsestothecert-authrequest. Authentication Successful and Complete Certificateauthorizationwasacceptedandclientauthenticationiscomplete.
<?xml version="1.0"?> <broker version="4.0"> <submit-authentication>  <result>ok</result>  <user-sid>S-1-5-21-12354123-123-4123</user-sid>  <offline-sso-disabled>false</offline-sso-disabled>   <logout-on-host-suspend-enabled>true</logout-on-host-suspend-enabled>   <logout-on-cert-removal-enabled>false</logout-on-cert-removal-enabled> </submit-authentication> </broker>
Certificate Authentication Rejected, Fall Back on Password Thisresponseissentifthecertificateauthenticationfailed.Ifthisformofauthenticationissetasoptional withinaViewConnectionServerinstance,thehostfallsbackonpasswordauthentication.

<?xml version="1.0"?> <broker version="3.0"> <submit-authentication> <result>partial</result>  <authentication>
VMware, Inc.
18
<screen> <name>windows-password</name> <params> <param> <name>domain</name> <values> <value>DOMAIN1</value> </values> </param> </params> </screen> </authentication> </submit-authentication> </broker>
Certificate Authentication Rejected, Certificate Authentication Required by Server Thisresponseissentiftheclientrejectedthecertificateauthentication.Ifthisformofauthenticationissetas requiredwithinaViewConnectionServerinstance,theauthorizationfails.

<?xml version="1.0"?> <broker version="3.0"> <submit-authentication> <result>error</result> <error-code>AUTHENTICATION_FAILED</error-code> <error-message>Authentication failure</error-message> <user-message>Smart Card or Certificate authentication is required.</user-message> </submit-authentication> </broker>
Response: Complete Authentication Failure

Ifauthenticationfailsonthreeconsecutiveattempts,anerrorisreturned,andtheauthenticationprocessmust berestartedfromthebeginning. Thisresponsewasfirstimplementedinprotocolversion1.0.
<?xml version="1.0"?> <broker version="3.0"> <submit-authentication> <result>error</result> <error-code>AUTHENTICATION_FAILED</error-code> <error-message>Authentication failed</error-message> <user-message>Maximum login attempts exceeded</user-message> </submit-authentication> </broker>
Response: Already Authenticated Error

Anerrorisreturnedifauthenticationisattemptedagainstasessionthatwaspreviouslyauthenticated.This errordoesnotpreventthesessionfromcontinuing. Thisresponsewasfirstimplementedinprotocolversion2.0.
<?xml version="1.0"?> <broker version="2.0"> <submit-authentication> <result>error</result> <error-code>ALREADY_AUTHENTICATED</error-code> <error-message>already authenticated</error-message> <user-message/> </submit-authentication> </broker>
Description
Thedo-submit-authenticationrequestmessagessubmitusercredentialsandauthenticatetheuserwith theViewConnectionServerinstance.Theresponsesindicateswhichauthenticationrequestisrequirednext.
VMware, Inc.
19
Implementation
Authentication
Priorauthenticationisnotrequired.
Errors
Table 6showstheerrorcodesandmessagesfordo-submit-authentication. Table 6. do-submit-authentication Error Codes and Messages
Code ALREADY_AUTHENTICATED AUTHENTICATION_FAILED BROKER_DISABLED UNSUPPORTED_VERSION Description Theclientsessionhasalreadybeenauthenticated,andcancontinue. Authenticationfailedonthreeconsecutiveattempts.Theauthenticationprocessmustbe restartedfromthebeginning. TheViewConnectionServerinstancehasbeendisabledfromwithintheadministrative interfaceandcannotprocessrequests. TherequestcontainsdatathatisnotcompatiblewiththeViewConnectionServerversion.
VMware, Inc.
20
get-configuration Request
Discoverstheauthenticationmethod.
Request
<?xml version="1.0"?> <broker version="1.0"> <get-configuration/> </broker>
Response
Thefollowingsectionsdetailthepossibleresponsestotheget-configurationrequest. Windows Password Authentication Required ThefollowingresponseissentwhenWindowspasswordauthenticationisrequired.Theresponsewasfirst implementedinprotocolversion1.0.Theresponsewasupdatedinprotocolversion3.0tointroducethe broker-guidelementfortheGUIDoftheViewConnectionServergroup,andinprotocolversion4.0to supportKerberosauthentication.
<?xml version="1.0"?> <broker version="4.0"> <configuration> <result>ok</result>   <broker-service-principal> <type>kerberos</type> <name>machine/mybroker@mydomain.int</name> <broker-service-principal>  <broker-guid>6e79ced1-b474-4ce6-a48c-c40c17c935c0</broker-guid> <authentication> <screen> <name>windows-password</name> <params> <param> <name>domain</name> <values> <value>DOMAIN1</value> </values> </param> </params> </screen> </authentication> </configuration> </broker>
SecurID Authentication Required ThefollowingresponseissentwhenSecurIDauthenticationisrequired.Theresponsewasfirstimplemented inprotocolversion1.0.

<?xml version="1.0"?> <broker version="1.0"> <configuration> <result>ok</result> <authentication> <screen> <name>securid-passcode</name>
VMware, Inc.
21
</screen> </authentication> </configuration> </broker>
Disclaimer Required Thefollowingresponseissentwhenadisclaimerisrequired.Theresponsewasfirstimplementedinprotocol version2.0.

<?xml version="1.0"?> <broker version="2.0"> <configuration> <result>ok</result> <authentication> <screen> <name>disclaimer</name> <params> <param> <name>text</name> <values> <value>Disclaimer message</value> </values> </param> </params> </screen> </authentication> </configuration> </broker>
Disclaimer Required for Identified Server Thefollowingresponseintroducesthebroker-guidelementtothemessagewhenadisclaimerisrequired. Theresponsewasfirstimplementedinprotocolversion3.0.

<?xml version="1.0"?> <broker version="2.0"> <configuration> <result>ok</result> <broker-guid>6e79ced1-b474-4ce6-a48c-c40c17c935c0<broker-guid> <authentication> <screen> <name>disclaimer</name> <params> <param> <name>text</name> <values> <value>Disclaimer message</value> </values> </param> </params> </screen> </authentication> </configuration> </broker>
Confirmation Required for Certificate Authentication WhenaclientcertificateisusedtoauthenticateagainstaViewConnectionServerinstanceaspartoftheSSL handshake,theauthenticationchainrequestsconfirmationthatcertificateauthenticationistobeused. CertificateauthenticationisusedwhensmartcardauthenticationisenabledinViewConnectionServer.The responsewasfirstimplementedinprotocolversion3.0.

<?xml version="1.0"?> <broker version="3.0"> <configuration> <result>ok</result> <broker-guid>6e79ced1-b474-4ce6-a48c-c40c17c935c0</broker-guid> <authentication>
VMware, Inc.
22
<screen> <name>cert-auth</name> <params> <param>  <name>user</name> <values><value>DOMAIN\user</value></values> </param> </params> </screen> </authentication> </configuration> </broker>
Description
Theget-configurationrequestmessagediscoverswhichmechanismisusedforthefirststageof authentication,anddetermineswhichauthenticationscreenisdisplayedfirst. Thismessageisusedbeforeenteringtheauthenticationflow.Whenusedwithintheauthenticationprocess,it returnsthenextexpectedscreenoranALREADY_AUTHENTICATEDerrorafterauthenticationiscomplete. Startingwithprotocolversion3.0,youcanusethebroker-guidelementintheresponsetoidentifytheGUID oftheViewConnectionServergroup.
Implementation
Authentication
Errors
Table 7showstheerrorcodesandmessagesforget-configuration. Table 7. get-configuration Error Codes and Messages
Code ALREADY_AUTHENTICATED BROKER_DISABLED UNSUPPORTED_VERSION Description Theclientsessionhasalreadybeenauthenticatedandcancontinue. TheViewConnectionServerinstancehasbeendisabledfromwithintheadministrative interfaceandcannotprocessrequests. TherequestcontainsdatathatisnotcompatiblewiththeViewConnectionServerversion.
VMware, Inc.
23
get-desktop-connection Request
Setsupandretrievestheparametersforadesktopconnection.
Request
Inprotocolversions1.0and2.0,theconnectionprotocolisassumedtobeRDP.
<?xml version="1.0"?> <broker version="1.0"> <get-desktop-connection>  <desktop-id>CN=Desktop,OU=Applications,DC=vdi,DC=vmware,DC=int</desktop-id> </get-desktop-connection> </broker>
Startingwithprotocolversion3.1,theconnectionprotocolcanbespecified,andlocalsysteminformationcan bepassedfromaViewClienttoaViewAgent.
<?xml version="1.0"?> <broker version="4.0"> <get-desktop-connection>  <desktop-id>CN=Desktop,OU=Applications,DC=vdi,DC=vmware,DC=int</desktop-id>  <protocol> <name>RDP</name> </protocol>  <environment-information> <info name="IP_Address">[...]</info> <info name="MAC_Address">[...]</info> <info name="Machine_Name">[...]</info> <info name="Machine_Domain">[...]</info> <info name="LoggedOn_Username">[...]</info> <info name="LoggedOn_Domainname">[...]</info> <info name="Type">[...]</info>  <info name="TimeOffset_GMT">-07:00</info>  <info name="TZID">Europe/London</info>  <info name="Windows_Timezone">GMT Standard Time</info>/info> </environment-information> </get-desktop-connection> </broker>
VMware, Inc.
24
Response
<?xml version="1.0"?> <broker version="3.0"> <desktop-connection> <result>ok</result> <id>CN=Desktop,OU=Applications,DC=vdi,DC=vmware,DC=int</id> <address>localhost</address> <port>23456</port>   <additional-listeners> <additional-listener name="MMR">127.0.0.1:9427</additional-listener> </additional-listeners> <protocol>RDP</protocol> <user-name>user1</user-name> <password>MWEyNDVmODgt</password> <domain-name>DOMAIN1</domain-name>  <enable-usb>true</enable-usb>   <enable-mmr>true</enable-mmr>   <protocol-settings> <token>token</token> </protocol-settings> </desktop-connection> </broker>
Description
Theget-desktop-connectionrequestmessagesetsupandretrievestheparametersforadesktop connection.Youcanusethereturnedparameterstolaunchanappropriateclientfortheconnectionprotocol. Forexample,youcouldlaunchanRDPclientwhen<protocol>RDP</protocol>isreturned. Iftheclientdoesnotspecifyaspecificprotocolintherequest,theViewConnectionServerinstancechooses theprotocol.
Implementation
Authentication
Errors
Table 8showstheerrorcodesandmessagesforget-desktop-connection. Table 8. get-desktop-connection Error Codes and Messages
Code DESKTOP_LAUNCH_ERROR DESKTOP_MAINTENACE_ERR OR Description Desktoplaunchisnotpossiblebecausenovirtualmachinesareavailable,oranexception occurredwhilepreparingthedesktopconnection. Desktoplaunchisnotpossiblebecauseallavailablevirtualmachinesareinmaintenance mode.(Implementedinprotocolversion3.0.)
VMware, Inc.
25
Table 8. get-desktop-connection Error Codes and Messages

Code MISSING_CONTENT Description Therequestcontainsthecorrectrootelementandversionattribute,buttheenvelope containsnoinformation. Thiserrorisalsousedtoindicatethatanindividualmessageismissingchildelements. NOT_AUTHENTICATED NOT_ENTITLED TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed. Theuserisnotentitledtousethedesktop.
VMware, Inc.
26
get-desktops Request
Returnsalistofdesktopstowhichanauthenticateduserisentitled. get-desktopssupportsthefollowingrequestsandresponses:

Request:GetListofDesktopsonpage 27 Request:GetListofDesktopsforaDisplayProtocolonpage 27 Request:AuthenticateUserandGetListOfDesktopsonpage 27 Responseonpage 28
Request: Get List of Desktops

Thefollowingrequestasksforthelistofdesktops.
<?xml version="1.0"?> <broker version="1.0"> <get-desktops/> </broker>
Request: Get List of Desktops for a Display Protocol

Thefollowingrequestspecifiesthedisplayprotocolsthattheclientsupports. Thisformoftherequestwasfirstimplementedinprotocolversion3.1.
<?xml version="1.0"?> <broker version="3.1"> <get-desktops>  <supported-protocols> <protocol> <name>RDP</name> </protocol> <protocol> <name>RGS</name> </protocol> </supported-protocols> </get-desktops> </broker>
Request: Authenticate User and Get List Of Desktops

Thefollowingrequestcombinestheget-desktopsrequestmessagewiththedo-submit-authentication requestmessage.
<?xml version="1.0"?> <broker version="1.0"> <do-submit-authentication> <screen> <name>windows-password</name> <params> <param> <name>username</name> <values> <value>user1</value> </values></param> <param> <name>domain</name> <values> <value>DOMAIN1</value> </values> </param> <param> <name>password</name> <values> <value>secret</value>
VMware, Inc. 27
</values> </param> </params> </screen> </do-submit-authentication> <get-desktops/> </broker>
Response
Thefollowingresponseissentbyprotocolversion1.0.
<?xml version="1.0"?> <broker version="1.0"> <submit-authentication> <result>ok</result> </submit-authentication> <desktops> <result>ok</result> <desktop> <id>CN=desktop2,OU=Applications,DC=vdi,DC=vmware,DC=int</id> <name>desktop2</name> <!-Desktop Type - Since 1.0 values are: free sticky auto --> <type>free</type>  <state/> <session-id/> <user-preferences> <preference name="autoConnect">false</preference> <preference name="screenSize">Windowed</preference> </user-preferences> </desktop> <desktop> <id>CN=pool1,OU=Applications,DC=vdi,DC=vmware,DC=int</id> <name>pool1</name>  <type>auto</type>  <state>disconnected</state> <session-id>DOMAIN1\user1(cn=...,cn=foreignsecurityprincipals,dc=...)/0@cn=...,ou= servers,dc=...:RDP:3389</session-id> <user-preferences> <preference name="autoConnect">false</preference> <preference name="screenSize">Windowed</preference> </user-preferences> </desktop> </desktops> </broker>
Thefollowingresponsecontainsinformationthatissentbyprotocolversion2.0andlater.Theversionthatis associatedwitheachelementorelementblockisindicatedbyaninlinecomment.
<?xml version="1.0"?> <broker version="3.1"> <desktops> <result>ok</result> <desktop> <id>CN=desktop2,OU=Applications,DC=vdi,DC=vmware,DC=int</id> <name>desktop2</name> <!-Desktop Type Since 1.0 values are: free
VMware, Inc.
28
sticky auto Since 3.0 values are: free sticky auto sticky-lc auto-lc free-unmanaged free-unmanaged-wts single-free single-free-unmanaged sticky-free sticky-free-unmanaged --> <type>free</type> <user-preferences> <preference name="autoConnect">false</preference> <preference name="screenSize">Windowed</preference> </user-preferences>  <state>disconnected</state> <session-id> DOMAIN1\user1(cn=...,cn=foreignsecurityprincipals,dc=...)/0@cn=...,ou=servers, dc=...:RDP:3389 </session-id>   <reset-allowed>true</reset-allowed>  <reset-allowed-on-session>true</reset-allowed-on-session>   <offline-enabled>true</offline-enabled>  <offline-state>checked in</offline-state> <offline-host>[hostname]</offline-host> <offline-checkoutTime>[time]</offline-checkoutTime>
VMware, Inc.
29
<offline-challenge>[GUID]</offline-challenge> <checkout-guid>52 64 06 88 a3 8d e7 ef-f7 50 bb 83 7a ef 7a 8d</checkout-guid>  <in-maintenance-mode>false</in-maintenance-mode>   <protocol-match>true</protocol-match> <protocols> <protocol> <name>RDP</name> <is-default>true</is-default> </protocol> <protocol> <name>RGS</name> </protocol> </protocols>   <policies> <info name="offlineUpdateFrequency">5</info> <info name="offlineAllowed">true</info> <info name="destroyFileCheckedIn">false</info> <info name="disksReplicated">user</info> <info name="userDeferrableReplication">false</info> <info name="allowCopyPaste">true</info> <info name="endpointAllowed">true</info> <info name="cacheLifetime">10080</info> <info name="targetReplicationFrequency">86400</info> <info name="clientRollback">true</info> <info name="destroyFileNoSession">false</info> <info name="allowMMR">true</info> <info name="allowUSB">true</info> <info name="offlineCheckoutState">checked out</info> <info name="USBFiltering">-------------------</info> > <info name="requestedReplication">policy-deferrable-request</info> </policies> </desktop> <current-time-in-seconds>time on broker</current-time-in-seconds> </desktops> </broker>
Description
Theget-desktopsrequestmessageretrievesalistofdesktopstowhichanauthenticateduserisentitled. Startingwithprotocolversion3.1,therequiredprotocolcanbespecifiedinthemessage.Themessagecanbe combinedwithado-submit-authenticationrequest. Eachentitleddesktophasauser-preferencesblockthatcontainstheuserpreferencespreviouslysupplied byaset-user-desktop-preferencesrequest. Sinceprotocolversion3.1,eachdesktopthatislistedintheresponsealsocontainsalistofsupportedprotocols theclientcanrequest,alongwithadefaultsetting.
VMware, Inc. 30
Desktopnamesaresortednumerically(09),thenuppercasealphabetically(AZ),andfinallylowercase alphabetically(az). Fromprotocolversion4.5,get-desktopsreturnsanemptylistforuserswhohavenodesktopentitlements, butwhoareinroleswithadministratorprivileges.
Implementation
Authentication
Authenticationisrequired.Themessagecanbecombinedwithado-submit-authenticationrequest.
Errors
Table 9showstheerrorcodesandmessagesforget-desktops. Table 9. get-desktops Error Codes and Messages
Code NOT_AUTHENTICATED DESKTOPS_ERROR Description TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed. Anerroroccurredwhileretrievingthelistofdesktops.
VMware, Inc.
31
get-tunnel-connection Request
Requestsadirectconnectionratherthanatunnelsession.
Request
Therequestforadirectconnectionwasfirstimplementedinprotocolversion2.0.
<?xml version="1.0"?> <broker version="2.0"> <get-tunnel-connection>  <bypass-tunnel>true</bypass-tunnel> </get-tunnel-connection> </broker>
Response
<?xml version="1.0"?> <broker version="1.0"> <tunnel-connection> <result>ok</result> <bypass-tunnel>true</bypass-tunnel> </tunnel-connection> </broker>
Description
Youcanusetheget-tunnel-connectionrequestmessagetorequestadirectconnectionbetweenaclientand adesktopifatunnelisnotrequired. NOTEThisdocumentdoesnotdescribehowtocreateatunnelconnectionbetweenaclientandadesktop.
Implementation
Authentication
Authenticationisrequired.Themessagemaybecombinedwithado-submit-authenticationrequest.
Errors
Table 10showstheerrorcodesandmessagesforget-tunnel-connection. Table 10. get-tunnel-connection Error Codes and Messages
Code NOT_AUTHENTICATED Description TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed.
VMware, Inc.
32
get-user-global-preferences Request
Returnsalistofuserspecificpreferences.
Request
<?xml version="1.0"?> <broker version="1.0"> <get-user-global-preferences/> </broker>
Response
<?xml version="1.0"?> <broker version="1.0"> <user-global-preferences> <result>ok</result> <user-preferences> <preference name="doautolaunch">true</preference> </user-preferences> </user-global-preferences> </broker>
Description
Theget-user-global-preferencesrequestmessagereturnsalistofpreferencesthatarespecifictoauser butnottoadesktop.
Implementation
Authentication
Errors
Table 11showstheerrorcodesandmessagesforget-user-global-preferences. Table 11. get-user-global-preferences Error Codes and Messages
Code NOT_AUTHENTICATED PREFERENCES_ERROR Description TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed. Anerroroccurredwhileretrievingthelistofpreferences.
VMware, Inc.
33
kill-session Request
Terminatesadesktopsession.
Request
<?xml version="1.0"?> <broker version="1.0"> <kill-session>  <session-id> DOMAIN1\user1(cn=...,cn=foreignsecurityprincipals,dc=...)/ 0@cn=...,ou=servers,dc=...:RDP:3389</session-id> </kill-session> </broker>
Response
<?xml version="1.0"?> <broker version="1.0"> <kill-session> <result>ok</result> </kill-session> </broker>
Description
Thekill-sessionrequestmessageterminatesadesktopsession.TheusercontinuestohaveaView ConnectionServersession,whichcanbeterminatedbyusingthedo-logoutrequest.
Implementation
Authentication
Errors
Table 12showstheerrorcodesandmessagesforkill-session. Table 12. kill-session Error Codes and Messages
Code KILL_SESSION_ERROR MISSING_CONTENT Description Anerroroccurredwhileterminatingthedesktopsession. Therequestcontainsthecorrectrootelementandversionattribute,buttheenvelope containsnoinformation. Thiserrorisalsousedtoindicatethatanindividualmessageismissingchildelements. NOT_AUTHENTICATED TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed.
VMware, Inc.
34
reset-desktop Request
Requestsaresetofadesktop.
Request
<?xml version="1.0"?> <broker version="2.0"> <reset-desktop>  <desktop-id>CN=Desktop,OU=Applications,DC=vdi,DC=vmware,DC=int</desktop-id> </reset-desktop> </broker>
Response
Thisresponseissentwhenthedesktopcanbereset.
<?xml version="1.0"?> <broker version="2.0"> <reset-desktop> <result>ok</result> </reset-desktop> </broker>
Description
Thereset-desktoprequestmessagerequeststheViewConnectionServerinstancetoperformaresetonthe desktopofthespecifiedvirtualmachine.
Implementation
Authentication
Errors
Table 13showstheerrorcodeandmessageforreset-desktop. Table 13. reset-desktop Error Codes and Messages
Code NOT_AUTHENTICATED NOT_ENTITLED RESET_DESKTOP_ERROR Description TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed.Thisresponsewasfirstimplementedinprotocolversion3.1. Theuserisnotentitledornolongerallowedtoaccessthedesktop. Anerroroccurredwhileresettingthedesktop.
VMware, Inc.
35
set-locale Request
Specifiesthelocaleusedformessages.
Request
<?xml version="1.0"?> <broker version="2.0"> <set-locale> <locale>en_GB</locale> </set-locale> </broker>
Response
<?xml version="1.0"?> <broker version="2.0"> <set-locale> <result>ok</result> </set-locale> </broker>
Description
Theset-localerequestmessagespecifiesthelocale.Thelocaledeterminesthelanguagethatisusedfor user-messageinerrormessagesandforanyusermessagesthatarereturnedbytheresponsetoa do-submit-authenticationrequest.
Implementation
Authentication
Errors
Table 14showstheerrorcodesandmessagesforset-locale. Table 14. set-locale Error Codes and Messages
Code BROKER_DISABLED MISSING_CONTENT Description AViewConnectionServerinstancehasbeendisabledfromwithintheadministrative interfaceandisnotabletoprocessrequests. Therequestcontainsthecorrectrootelementandversionattribute,buttheenvelope containsnoinformation. Thiserrorisalsousedtoindicatethatanindividualmessageismissingchildelements.
VMware, Inc.
36
set-user-desktop-preferences Request
Setsthepreferencesforadesktop.
Request
<?xml version="1.0"?> <broker version="1.0"> <set-user-desktop-preferences> <desktop-id>CN=Desktop,OU=Applications,DC=vdi,DC=vmware,DC=int</desktop-id> <user-preferences> <preference name="alwaysConnect">true</preference> <preference name="screenSize">Windowed</preference> </user-preferences> </set-user-desktop-preferences> </broker>
Response
<?xml version="1.0"?> <broker version="1.0"> <set-user-desktop-preferences> <result>ok</result> </set-user-desktop-preferences> </broker>
Description
Theset-user-desktop-preferencesrequestmessagesetsthepreferencesforaspecificdesktop.A completesetofpreferencesmustbespecified.Preferencesthatarenotspecifiedaredeleted.Preferencenames mustnotcontainanequalsign(=). NOTEAViewConnectionServerinstancestorespreferencevaluesonbehalfofaclient.Itdoesnotusethe values.
Implementation
Authentication
Errors
Table 15showstheerrorcodesandmessagesforset-user-desktop-preferences. Table 15. set-user-desktop-preferences Error Codes and Messages
Code MISSING_CONTENT Description Therequestcontainsthecorrectrootelementandversionattribute,buttheenvelope containsnoinformation. Thiserrorisalsousedtoindicatethatanindividualmessageismissingchildelements. NOT_AUTHENTICATED NOT_ENTITLED PREFERENCES_ERROR TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed. Theuserisnotentitledtousethedesktop. Anerroroccurredwhileretrievingthelistofpreferences.
VMware, Inc.
37
set-user-global-preferences Request
Setsthepreferencesforauser.
Request
<?xml version="1.0"?> <broker version="1.0"> <set-user-global-preferences> <user-preferences> <preference name="doautolaunch">true</preference> </user-preferences> </set-user-global-preferences> </broker>
Response
<?xml version="1.0"?> <broker version="1.0"> <set-user-global-preferences> <result>ok</result> </set-user-global-preferences> </broker>
Description
Theset-user-global-preferencesrequestmessagesetsthepreferencesforauser.Acompletesetof preferencesmustbespecified.Preferencesthatarenotspecifiedaredeleted.Preferencenamesmustnot containanequalsign(=). NOTEAViewConnectionServerinstancestorespreferencevaluesonbehalfofaclient.Itdoesnotusethe values.
Implementation
Iplementedinprotocolversion1.0.
Authentication
Errors
Table 16showstheerrorcodesandmessagesforset-user-global-preferences. Table 16. set-user-global-preferences Error Codes and Messages
Code NOT_AUTHENTICATED PREFERENCES_ERROR Description TheclientmustbeauthenticatedbyaViewConnectionServerinstancebeforetherequest canbeprocessed. Anerroroccurredwhileretrievingthelistofpreferences.
If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave., Palo Alto, CA 94304 www.vmware.com Copyright 2009-2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item: EN-000293-04
38

VMware View Client Protocol Spec 4.5.0 GA PDF

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

VMware View Client Protocol Spec 4.5.0 GA PDF

Caricato da

Copyright:

Formati disponibili

Technical Note

Using the View Client Protocol

VMware View Client Protocol License 1.0

Using the View Client Protocol

The View Client Protocol

Direct RDP HTTP(S) View Client Protocol

Admin Console View Administrator

View Secure GW Server

View Messaging View Connection Server

View Broker & Admin Server

vCenter Server VMware vCenter

View Manager LDAP

JMS RDP RDP

Using the View Client Protocol

Sample Client Code

Using the View Client Protocol to Create a Desktop Session

Using the View Client Protocol

Table 2. Overview of How to Create a Desktop Session (Continued)

Youcanstartadesktopclientusingtheparametersthattheresponsetotheget-desktop-connection requestcontains. Aftertheuserhasfinishedusingthedesktop,sendthedo-logoutrequesttologout.Toterminatethesession, closetheclientanddisconnectanyremainingdesktopsessions.

View Client Protocol Versions

Using the View Client Protocol

Using the View Client Protocol

Table 4. Generic Error Codes (Continued)

View Client Protocol Requests

Using the View Client Protocol

Using the View Client Protocol

Request: Accept Disclaimer

Response: Accept Disclaimer

Using the View Client Protocol

<name>securid-passcode</name> </screen> </authentication> </submit-authentication> </broker>

Request: SecurID Authentication Passcode

Response: SecurID Authentication Passcode

Using the View Client Protocol

SecurID Token Code Required ThisresponseissentwhenthenextSecureIDtokencodeisrequiredtoproceed.

New PIN Required ThisresponseissentwhentheusermustchooseanewPIN.

New PIN Cannot Be Chosen ThisresponseissentwhentheusermustaccepttheassignedPINandcannotchooseanewPIN.

Using the View Client Protocol

<readonly/> <values><value>1234</value></values> </param> </params> </screen> </authentication> </submit-authentication> </broker>

New PIN Can Be Chosen ThisresponseissentwhentheusercanselectaprovidedPINorenteranewone.

SecurID Authentication Failure ThisresponseissentissentintheeventofaSecureIDauthenticationfailure.

Using the View Client Protocol

</authentication> </submit-authentication> </broker>

Request: SecurID Authentication Token Code

Response: SecurID Authentication Token Code

SecurID Authentication Failure ThisresponseissentintheeventofaSecurIDauthenticationfailure.

Using the View Client Protocol

Request: Change SecurID Authentication PIN

Response: Change SecurID Authentication PIN

Using the View Client Protocol

Request: Wait for SecurID Authentication

Response: Wait for SecurID Authentication

Request: Password Authentication

Using the View Client Protocol

Response: Password Authentication

Authentication Failed Thisresponseissentifpasswordauthenticationfailed,butanotherattemptispermitted.

Password Expired Thisresponseissentifapasswordauthenticationrequestwasreceivedwherethepasswordhasexpired. Thisresponsewasfirstimplementedinprotocolversion2.0.

Using the View Client Protocol

Request: Update Password

Response: Update Password

Using the View Client Protocol

Request: Certificate Authentication

Using the View Client Protocol