VMware Workspace ONE Community
StefanSv
Contributor
Contributor
Jump to solution

VMware Tunnel An error has occurred

Hi, We are trying out Workspace One UEM and have a strange issue when configure vmware tunnel. We cannot save the configuration, When I press save I got An error has occurred Something unexpected happened. If the issue persists, please contact your IT administrator. Any ideas? Thanks Stefan

Labels (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
StefanSv
Contributor
Contributor
Jump to solution

Hi,

I will answer my self

We have now been able to save the tunnel configuration. Next step is to see if it works all the way from the mobile device.

I had to import our internal root and intermediate certificate.

The support team never mention that on our session, they collected logs and changed some IIS services to start with another user and changed the API to Api.

When I told them we got it to work with our certificat I got this answer.

"I wanted to inform you that when you use the internal CA to issue certificates for the console server and if the console server was being used as API endpoint as well, in that case, you have to add the certificate chain as trusted CA for tunnel in order for it to trust the API endpoint and accept the configuration shared by it."

/Stefan

View solution in original post

Reply
0 Kudos
11 Replies
Aginaco
Contributor
Contributor
Jump to solution

Hi,


we are having the same problem in our on.-premise installation (v. 19.07) . What we have checked is that we can configure the per-app tunnel only if we configure the proxy tunnel first. So we configure proxy tunnel, then per-app tunnel and then delete the proxy tunnel configuration.
Our next problem with per-app tunnel is that we can not download the xml file with the configuration and get the same error as you. We opened a ticket with vmware and after collecting a lot of logs and having several zoom sessions they suggest us to install again the API or to upgrade to 19.09 to see if this solves the problem. We are now upgrading to 19.09. We wil let you know about the results.
Regards

Reply
0 Kudos
StefanSv
Contributor
Contributor
Jump to solution

Hi,
Thanks for the input. We are running v. 19.09.
Reply
0 Kudos
Aginaco
Contributor
Contributor
Jump to solution

Hi Stefan,


no luck with the upgrade. One question: have you done a fresh installation of Workspace ONE starting with v.19.09 or have you upgrade from a previous version? In our case we noticed this error when upgrading from 19.02 to 19:07
thanks
regards

Reply
0 Kudos
StefanSv
Contributor
Contributor
Jump to solution

Hi,
We did a fresh installation of v.19.09 and applied patch 19.9.0.18.
Reply
0 Kudos
Aginaco
Contributor
Contributor
Jump to solution

Hi,

windows server 2016?

regards
Reply
0 Kudos
FHLB
Contributor
Contributor
Jump to solution

The account you use to make changes on the UAG (like turning on tunnel) or configuring it. You need to make sure that the user account is not disabled OR needing a password change. (hopefully you are using a service account) this account should be listed in the Workspace One Console.

what you can do to check it log into workspace One Admin Console with that account. If you can't sign in or it asks for a password you need to change it. Basically the account and credentials lock or need to change every 30 days, but they will work until you make a configuration change.

I had a similar issue in the past.
Reply
0 Kudos
StefanSv
Contributor
Contributor
Jump to solution

Hi,
We are using Windows 2016 std ENG with latest patches.

We have created a service account for the tunnel and I have tried to login with that on our Workspace ONE console without any issue.
Reply
0 Kudos
FHLB
Contributor
Contributor
Jump to solution

Can you ping the tunnel server from the UAG or however else you want to verify connectivity? From both inside and outside your firewall?

maybe its just not connecting to the tunnel server? I believe it has to verify any config changes before it can save it.
Reply
0 Kudos
StefanSv
Contributor
Contributor
Jump to solution

I have ICMP opend in the FW so i can ping from everywhere Smiley Happy

Reply
0 Kudos
AndreasDoerfler
Contributor
Contributor
Jump to solution

we also "had" this tunnel problem.

we tried a lot of different things, but the final solution for this was a full reinstallation of workspace one (all ws1 related applications), with the removal of all ws1 related certificates, including the public signed ones (we did not touch the database). since the ws1/vmware dev-team changed a lot if things in the background, we guess some migration failed and a broken certificate was the reason for those errors.

right now i can at least access the tunnel configuration again. tunnel proxy is working, but sadly per-app vpn is not. our support ticket in this case can fill a very small book and escalated bejond 2nd support line now.

Reply
0 Kudos
StefanSv
Contributor
Contributor
Jump to solution

Hi,

I will answer my self

We have now been able to save the tunnel configuration. Next step is to see if it works all the way from the mobile device.

I had to import our internal root and intermediate certificate.

The support team never mention that on our session, they collected logs and changed some IIS services to start with another user and changed the API to Api.

When I told them we got it to work with our certificat I got this answer.

"I wanted to inform you that when you use the internal CA to issue certificates for the console server and if the console server was being used as API endpoint as well, in that case, you have to add the certificate chain as trusted CA for tunnel in order for it to trust the API endpoint and accept the configuration shared by it."

/Stefan

Reply
0 Kudos