VMware Horizon Community
jacole
Contributor
Contributor
‎06-27-2017 06:38 AM

Certification issues with UAG 2.8.1 and 3.0

I’m having some trouble accessing my view desktops from the UAG. I initially deployed UAG 2.8.1 as I was on horizon view 7.0.2. I deployed the UAG through PowerShell following the instructions from Mark Benson’s post Using PowerShell to Deploy VMware Unified Access Gateway .  I didn’t run into any issues during the deployment, and I was able to logon to the admin web gui to add the thumbprint. However, when I try to access the view environment from the UAG either through the browser or the view client I get the following errors.

            Through the web (firefox, IE, Chrome):

“ 404 Error Page Not Found “ “ The page you requested (https://MyViewURL/r/EABs8329-282A-3328-7432-A383477587234/certAccept.html?numPages=1) could not be found” “Click to return to Front page.”

            Through the view Client:

“ Failed to connect to the Connection Server. The server provided a certificate that is invalid. See below for details:  - The host name in the certificate is invalid or does not match.

I thought I might have just converted the certificate incorrectly, so I upgraded my environment to 7.1 and tried using the UAG 3.0. the UAG 3.0 accepts the PFX format I figured it would be easier importing the cert. Using the new PFX format I could not deploy the PowerShell script with it in place. I had to omit the certificate and go back into the web gui and add the cert after the UAG was deployed. When trying to add the certificate using PFX, I received and error message stating “More than one certificate found. Specify an alias from list” . I was able to work around the error by copying the entire alias that was presented with the error into the PFX Alia bar (As suggested in this post “Deploying UAG 3.x using powershell with PKCS#12 certificate fails”)). I made sure my Thumbprint was the same as the Thumbprint found on the certs within the connection server. Unfortunately, that did not resolve the issue.

My connection servers are behind a NetScaler load balancer and the connection is working internally. However, going through the UAG I get the errors stated above.

Also, I get this issue whether I point the UAG to the internal vip or directly connected to the Connection server.

Has anyone run into this issue before? 

0 Kudos
2 Replies
parmarr
VMware Employee
VMware Employee
‎07-04-2017 03:17 AM

This could be an issue with the external certificate. Have you got any other details?

Sincerely, Rahul Parmar VMware Support Moderator
0 Kudos
markbenson
VMware Employee
VMware Employee
‎07-04-2017 12:00 PM

There is a UAG bug to do with PFX handling, but you may have worked around it by specifying that rather cryptic alias. With a browser, you can display the certificate to see if it is the certificate you supplied, or whether it is the self signed certificate. If you use PEM format, there are no issues.

The 404 errors may be different. Look at the logs on UAG. Look at esmanager.log to see if you see errors connecting to the backend Connection Server (e.g. certificate mismatch due to incorrect thumbprints etc.). You can add the thumbprint in the .ini file and redeploy. You shouldn't need to use the admin GUI after a PowerShell deploy (other than to check settings, look at status, or download logs etc.).

0 Kudos