VMware Horizon Community
steveromine
Contributor
Contributor

Horizon 7 Radius Authentication Problems

Has anyone had success with configuring RADIUS 2-Factor Auth on Horizon View 7?  I've been attempting to setup Duo on our pre-production HV7 environment and have had little success.

When trying to authenticate with 2-Factor enabled I receive a "Error Encountered While Authenticating" Alert from the Horizon Client.  A packet capture on the connection server shows no activity to or from our RADIUS server, its almost as if something in the application stack is broken.

Attached is a sample of what I've found in the debug logs, noting that there is an error at 2016-05-18T11:03:51.090-04:00 "Error setting up/performing authentication net.propero.portal.filters.ProperoAuthFilter.doFilter(SourceFile:472) java.lang.ArrayIndexOutOfBoundsException" and another at 2016-05-18T11:03:51.091-04:00  "Finished processing: submit-authentication, Result: error, Error Code: BROKER_DISABLED, Error Message: this broker currently disabled, User Message: Error encountered while authenticating".  I have submitted a ticket with VMware, but I'm curious to see if anyone else is experiencing the issue, this is a freshly built environment and not an upgrade from 6.

Reply
0 Kudos
6 Replies
TDJB3
Enthusiast
Enthusiast

Did you figure out the answer to your problem?  I am using DUO and running into issues.

Reply
0 Kudos
TDJB3
Enthusiast
Enthusiast

Did you figure out the answer to your problem?  I am using DUO and running into issues.

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso

I'm using Duo with Horizon View 7.4.0 and it's working perfectly.

Reply
0 Kudos
sjesse
Leadership
Leadership

Try follow

Two-Factor Authentication for VMware Horizon View (VDI) | Duo Security

even if your not using DUO. It goes through the horizon steps and you can see if your missing anything thing. Its what I used to setup my 7.4 enviornment and it works.

Reply
0 Kudos
TDJB3
Enthusiast
Enthusiast

I figured out my issue.  I had an IP address that was wrong in the Security server.  Once I took care of that, I was golden.

Reply
0 Kudos
ntenbargeEW
Contributor
Contributor

Just spent 3 hours on the phone with support - it came down to using the HTML5 admin client vs the Flash admin client. Our MFA product doesn't support accounting and in the HTML5 client you can't leave the port set to 0 to disable it.

Changing the port to 0 in the flash client solved the issue. Simple.

Reply
0 Kudos