VMware Horizon Community
MSchaff
Contributor
Contributor
‎09-30-2019 01:17 PM

Horizon Server Naming Questions

Hello all,

I have a couple of questions about server names (host names and DNS entries) within the context of a VMware Horizon deployment.  I have an existing production deployment running Horizon v7.9, and the system is working as expected.  At this time access is only available either internally or over a VPN connection, and my goal is to provide the same results over an external connection using the UAG appliance.

I followed the deployment guide closely when doing the initial deployment, but I didn't have the benefit of a wide-angle lens during that process, which may have introduced some obstacles for achieving the goal of external use.

A few things to keep in mind:

1.  We're using an internal Active Directory domain called DCN.LOCAL which includes all the Horizon desktops and servers.

2.  Externally we have a company domain of DCN-ND.COM.

3.  For consistency purposes, most of our internal servers also have DCN-ND.COM DNS entries, so that URLs for accessing corporate information are the same whether accessing them from internal or external locations.  (SharePoint, etc.)

4.  We have a set of internal DNS servers running on our Windows A/D controllers.

5.  We have a set of external standalone DNS servers that are not part of the A/D domain and are not running Windows.

6.  The Horizon connection server has an internal name of DCN-HORIZON.DCN.LOCAL.

Internal users are able to connect to their VDI sessions without issue.  I have added an internal DNS record for the Horizon server using the name "View.DCN-ND.COM".  The Horizon server has a wildcard *.DCN-ND.COM certificate on it so that when I access https://view.dcn-nd.com I don't get a certificate warning and access works normally.  However, when I look at the administration page,the system reports an error with the connection server.  When I expand the error, I get the following dialog:

Connection Server Dialog.PNG

Q1.  Is this error message an indicator of a significant issue that needs to be resolved, or can I overlook it?

Q2.  If it is significant, can anyone point me in the direction of how to resolve it?  I can change the computer name from DCN-HORIZON to VIEW, but I suspect that may only cause more serious issues.

Q3.  I'd be grateful for any guidance on how to address the multiple domain (DCN.LOCAL vs DCN-ND.COM) scenario.  I know this must be a common situation, but I'm not clear on how to address it.

Thanks in advance for your comments on the above items.  I sincerely appreciate any pointers on this.

Mitchell

0 Kudos
3 Replies
NathanosBlightc
Commander
Commander
‎10-01-2019 12:48 AM

A1: It's not exactly a significant issue (certificate error) and it's not necessary to fix it. Everything will work on Horizon and none of critical tasks and operations of connection server is dependent to this certificate, But anyway because nature of self-signed generated certificate used by default in the Horizon connection server, you will see this error until you change your default certificate and use a valid certificate that must be generated by an trusted internal or external CA server.

A2: Check this link BEFORE you change the computer name. You should know how to use vdmadmin CLI.

A3: If your domains belongs to a single forest, nothing need to do. By default you can add and entitle users of them all without any special configuration, but for separate forests you need to trust them first

Please mark my comment as the Correct Answer if this solution resolved your problem
0 Kudos
MSchaff
Contributor
Contributor
‎10-01-2019 06:51 AM

Hello Amin, and thank you for your response.

You mentioned in A1 that installing a signed certificate would eliminate the Connection Server warning.  In this case, I do have a CA-signed certificate installed, but it is based on the *.DCN-ND.COM domain.  Would I add a second certificate for the DCN.LOCAL domain to eliminate the error message?

0 Kudos
NathanosBlightc
Commander
Commander
‎10-01-2019 08:09 AM

Because you use the Connection server inside the network (Internal zone of your network) you must add a certificate generated by local CA (AD-Integrated Enterprise CA) and for external connections from outside of the network, add the .DCN-ND.COM certificate to the Security Server. Although you can also use the .DCN-ND.COM certificate in your internal network into the connection server.

Please mark my comment as the Correct Answer if this solution resolved your problem
0 Kudos