I also have this from the LB log;

I am wondering why it says "Broker version="4.5"", the ViewAdmin interface says 4.6 to all of my security / connection servers.

http://www.youtube.com/watch?v=hPsyhI6_s-I <-- How come he puts in 192.168.1.100 in the connection server as the external IP adress, and 192.168.10.100 ind the security server as the external IP adress?

Also, great links everyone, but i've been through them all and none really describe a setup where a load balancer is used, and none speak of External IP adresses and NAT'ing.

FrederikLeed wrote:

http://www.youtube.com/watch?v=hPsyhI6_s-I <-- How come he puts in 192.168.1.100 in the connection server as the external IP adress, and 192.168.10.100 ind the security server as the external IP adress?

Also, great links everyone, but i've been through them all and none really describe a setup where a load balancer is used, and none speak of External IP adresses and NAT'ing.

Every environment varies to some degree, but the simplest scenario I see involving a security server is like this:

people sitting inside the company in the same LAN, can just point their View Client towards the View Connection Server; In the View Administration, in the simplest scenarion, where the Connection Server just has a single NIC and a single IP, you would then enter this IP (for pcoip external url) and dns name ( for https external url) for the Connection Server (I can't remember if the installation will have to correct by default in single ip scenario).  And if you will also have a tunneling Security Server for people sitting outside the company (homeoffice/coming from wan/etc.) you must check the checkboxes to use tunneling and pcoip secure gateway.

For the Security Server you change the pcoip external URL to be the nat'ed virtual ip address and the https external url to be the dns-name that corresponds to the virtual ip provided by NAT. View Clients sitting outside the company are pointed to that outside name.

After that it should be just verififying that the nat/virtual ip passes traffic to the actual ip of the security server and all firewalls rules are correct from the view clients to the security server and from the security server to the virtual desktops.

FrederikLeed wrote:

... but i've been through them all and none really describe a setup where a load balancer is used, and none speak of External IP adresses and NAT'ing.

This one does - http://communities.vmware.com/docs/DOC-14974

It even goes through a worked example in the video of two Connection Servers, two Security Servers and a load balancer with access from the Internet. It also covers precisely how to set things up through View Administrator.

Mark.

After waching some more video and reading some more, i've changed the settings to:

• Tags 
  • Tags: BLANK
• HTTP(S) Secure Tunnel
  • External URL: https://connectionserver1.domain.local:443
  • Use Secure Tunnel Connection to desktop: YES
• PCoIP Secure Gateway
  • PCoIP External URL: 172.xx.xx.1:4172
  • Use PCoIP Secure Gateway for PCoIP connections to  desktop: YES

The weird thing is, when i am connected to my desktop from one pc ( PCoIP from local lan to connectionserver3/4) and then tries to connect via PCoIP from an external network from another pc, the connection actually goes so far as to disconnect the 1. session AND i am promtet for username and password when connecting again from my pc on LAN.

So some kind of connection is actually made, but then it quits.

Could this be becaus port 32111 is not open from the security server to my desktop or does this just disable USB traffic?

do a telnet test to the port if it works

ex: use putty

telnet ip of the security gateway:443 and 4172

and also if dosent work open also port 50002 the pcoip uses this protocol its not in the manual but for me it worked

4172 ud and tcp

50002 tcp and udp

if it goes black ex: it prompts username and password connects u see the bar of the vmware but the screen is black and disconnects use this workarround http://twitpic.com/3yuw2r u have to use this version of the vmware svga driver to connect to pcoip other drivers simply dont work

tcp32111 is only needed for usb redirection; If you have it blocked, the you usb devices won't be available, but the desktop will work otherwise.

Check the firewall config very carefully. (TCP in and UDP in both directions). This is step 3 http://communities.vmware.com/docs/DOC-14974

This was the problem in this post - http://communities.vmware.com/thread/318586 - it's possible you have the same problem. Look at the steps described in that post and see if this fixes your issue too.

The problem with a telnet type test for the ports is that this will only test TCP not UDP. Also, UDP is both directions.

Port 50002 was used in old View clients. View 4.6 uses 4172. 50002 can be used still as a source port and reply UDP to that source port, but destination ports are 4172 so it's unlikely you will need to do anything with 50002 at your firewall config.

If you still can't get this configured correctly, you may want to resort to Wireshark to look at the PCoIP interactions (as described in the referenced post above) to help you track this down.

Also check that your load balancer is not directing some or all of the PCoIP traffic from the client to the wrong Security Server. There is a section in the video on this specific point.

Let us know what it was once this is resolved.

Thanks.

Mark.

From internet:
telnet mydesktoptest.xx.com 4172 = OK!

From Securityserver1:
telnet 172.xx.xx.145 4172 = OK

How to test UDP ports?

I am thinking that UDP from Virtual Desktop to Security server is not enabled. Since i actually kind of connects to my desktop, but the connection is broken just as i would be presented with login screen.

I have a date with at network dude this week and i'll give you an update once it works.

FrederikLeed wrote:

How to test UDP ports?

That's not possible, because you'd need to test not only inbound UDP, but outbound too. Test with a View Client and if you still get the black screen look at wireshark traces at the client and at the security server. This should help you to narrow down where PCoIP is getting blocked.

When you talk to your network person, please be very clear about the 6 PCoIP firewall rules needed (as detailed in step 3).

Mark.

Not sure if you're familiar with Wireshark, and whether your environment permits installing it;

I had the priviledge of running this setup out-of-production, and could install it, I went and installed it on three hosts:

the view client host (my pc), the view security server and the virtual desktop.

Had it running simultaneously on all three hosts, and tried the view client on my pc to see what happens.

I created the following checklist for myself:

I carefully went through all my questions, and noticed that my network team had forgot to permit udp4172 between ss and virtual desktop, they permitted only tcp4172. After they fixed it, I was all good, and things worked.

Anyhow, going through a strict check-regime helped me pinpoint the issue. Maybe you can give it a try?

im sure of it if you can connect but the screen is black change to rdp protocol and try to connect if it works its the vmware svga driver. i had the same problem and i found an old post migrating to vmware view 4.5 because of the svga driver the link is in the previous post