Re: tera1, View 7 - It worked then it didn't

keviom · ‎01-11-2019

Hi, Strange behaviour with our EVGA tera1 zero clients. I have followed all the relevant documents on enabling TLS1.0 and had the following results which I hope someone can help with.

I have several hosts running Vsphere 5.5 u3 and View 6.02. I want to upgrade this to esx 6.5 and View 7.x so I removed all current VMS from one of my hosts (still on 5.5), then installed a 2008 r2 server with View composer 7.4, a VCSA V6.5 and another Win server with View Connection server 7.4. I then took one of my golden images across and updated it to View Agent 7.4 and created a linked clone VM. After adding registry entries for Pcoip.ssl_protocols in the linked clone and pcoip.ssl_Cipher_list in the linked clone, and the SSLprotcol and SSLcipherlist registry entires in the connection server I managed to connect to the VM using one of my zero clients. I tested this several times after rebooting etc. and it worked every time.

I then decided to see if I could get it to work with View 7.7 so I snapshott'd both the connection server and composer server then upgraded both to 7.7. When I tried to connect the tera1 wouldn't connect to the connection server. I then tried reverting back to the snapshotted V7.4 composer and connection server. This time I could connect to the connection server, but when I tried to login to the machine I got 'Session Negotiation Failed. Client may not be compatible with the host session negotiation cipher setting'. I have tried deleting and recreating the VCSA, uninstalling View Composer and connection server. Still the same.

Finally I have started completely from scratch on the test host. Loaded esx 6.5, Created a new VCSA, built a new 2008 R2 server and loaded 7.2 composer, ditto with 7.21 connection server, reverted back to the golden image with the 6.02 agent, uninstalled and installed 7.1 agent and added the pcoip.ssl_protocol lines then composed a new VM. I still get the Session negotiation failed.!

Is there anything that 7.7 might have done / added to the AD controller or something on the rest of my original network machines that has stopped this working suddenly (the live V6.02 view linked clones are still working with no issues on the 6.02 view vcenter, composer and connection server)

Hopefully someone can help as I have 60 users all using tera1 machines.

larstr · ‎01-11-2019

keviom,

tera1 has not been supported in years (had only 8 years support cycle) and the last version with official support from VMware was 5.3, while it also worked with 6.0.x. With new features being introduced in 6.x it stopped working, and it's kind of strange that you had it working on 7.4 is actually strange, but maybe it was full moon and the stars were aligned that day(?)....

End-of-Life Details: Tera1 Firmware (1076)

Lars

keviom · ‎01-15-2019

I appreciate it may not be officially supported, but if you google tera1 and View 7, on how to get Tera1 clients working you find many answers all telling you how to re-enable TLS1.0, which apparently is the only thing stopping them connecting since VMWare decided to disable it. I do not need any of the new functionality for audio, video or scanners added in the latest versions, just to be able to connect to a desktop.

The strange bit is why it stopped working after an upgrade from 7.4 to 7.7 then back to 7.4.

The question I would still like an answer to is does View change something to do with the Cipher suite and how it talks to the AD (AD LDAP?), and if so how can I remove the 7.7 version.

BenFB · ‎01-15-2019

It's not that VMware decided to just disable it. The industry has decided that TLS 1.0 is an insecure protocol and everything is moving away from it.

I strongly advise against doing this due to the security risks but if you can't replace the tera1 clients then you need to stay on an older version of Horizon that is supported with the tera1 clients.

HPU-ADM · ‎03-20-2019

I can verify that samsung 240 (tera1) have been working in our view environment up to 7.5.1. Then when I upgraded one of the connection servers to 7.7 that's when I finally could not establish a connection with a desktop. I could log into the 7.7 connection server, just could not connect to a desktop in any pool.

I've asked support (vmware) and they will not give a definitive answer that they have stuck a knife into tera1 clients. They will only confirm it is no longer compatible for years.

Can anyone confirm that they have a tera1 client working with horizon 7.6,7.7 or 7.8?

I have 500+ samsung tera1 clients. I've been telling management for years that we have to upgrade. Of course I'm going to tell management that it's vmware's fault that the samsungs will not work anymore.

mcclaind · ‎05-01-2019

We have a 7.6 environment working for our staff with hundreds of T1s. Long as they are on a somewhat newer firmware, like 4.6 or 4.7.1. I think around 4.2 or lower it won't work.

I recently installed a fresh 7.8 environment for our students, but cannot get T1s to work, unless I use the 7.6 agent on the VMs instead of 7.8, then they connect.

Use the settings described in here to get T1s working:

Horizon 7.6 and Teradici Zero Clients - View Connection Server communication error - Teradici

Darin

ejulrich · ‎06-27-2019

I was able to use 7.5.1 with Tera1 clients and using the 7.8 connection agent broke it. So it looks like something changed after 7.5.

USCUpstate · ‎11-05-2019

I have hundreds of Tera 1 clients currently working with the TLS edits on connections servers. I have Horizon 7.8 environment but I run 7.6 agent on the VMs to support the Tera 1 clients.

I could not get Tera 1 with 4.7.3 firmware to connect to VMs with 7.8 agent. Yes I realize they are older and unsupported, but these are lab machines that are non persistent and are for simple VM access.

I'm curious as to why agent 7.8 and up (I assume) will not connect. Is 7.10 going to have the same issue? I'd like the benefits of 7.10 for my connection servers and persistent VMs but need to maintain Tera 1 access for the time being.

Anyone using Tera 1s with 7.8 or higher?

tkeith · ‎11-25-2019

We were running Horizon 7.6 with our Tera1's and they worked fine when TLS1.0 was enabled as per previous documents.

We upgraded to 7.10 over the weekend and they also stopped working.

We followed the directions above with regards to trying the old agent.

When testing with view Agent 7.6 the Tera1's work again.... so can confirm 7.10 using 7.6 agent works for our Tera1's.

Something must be different in the agents post 7.6 since others have stated 7.8 for example also does not work.

Hope this helps.

rcarsey1 · ‎02-16-2021

Hey guys. So I'll confirm for you that Tera1 clients break with Horizon Agent 7.7 or higher.

The problem is that the Tera1 client has a problem setting up the SSL connection to the Horizon Agent on port 4172 after it received the Server Hello SSL packet.

The issue seems to be that Horizon 7.7 creates a self-signed certificates using SHA-256. Of course, Tera1 only knows how to handle SHA-1.

I may not have a resolution for this anytime soon, but attached are two packet captures; one to Horizon 7.6 and another to Horizon 7.7 for you to compare.

All

tera1, View 7 - It worked then it didn't