acpzehetal
Enthusiast
Enthusiast

After upgrade Horizon View 7.10.3 to 7.13.1 old clients can´t connect anymore (unsupported)

We have a very special Horizon View 7 environment with several desktop pools for our process machine in production. Our oldest pool is for "old" Windows XP Embedded process clients with Horizon View 3.0 client on it. This clients are accessing a WIndows 7 desktop pool via RDP protocol. This system has been working since yesterday before we upgraded our horizon environment.

Yesterday we had to upgrade our Horizon View 7.10.3 environment to 7.13.1 to get the Log4J security flaw fixed. During the upgrade everything was fine, but when we upgraded the last Connection Server all RDP session got lost and the "old" clients weren´t able to reconnect. in the first place we only got the typical "An SSL error has occured" from the Windows XP Embedded clients.

In the following we updated the Horizon clients to Version 4.6 and then to Version 5.0, but we only got other error messages:

A certificate is required to complete client authentication

the status of the handle does not match the requested operation

We are using an MS internal CA and on all positions in the Horizon View Environment there is no issue with this certificate .

Does anyone have an idea what has been changed by the upgrade that the authentication doesn´t work anymore?

 

Labels (1)
Tags (2)
0 Kudos
2 Replies
Mickeybyte
Hot Shot
Hot Shot

@acpzehetal 

Have you seen the release notes for 7.13? Release Notes for VMware Horizon 7 version 7.13

There's a section about disabled old protocols and ciphers (which, as you mention Windows XP could be the cause I guess):

  • RC4, SSLv3, and TLSv1.0 are disabled by default in Horizon 7 components, in accordance with RFC 7465, "Prohibiting RC4 Cipher Suites," RFC 7568, "Deprecating Secure Sockets Layer Version 3.0," PCI-DSS 3.1, "Payment Card Industry (PCI) Data Security Standard", and SP800-52r1, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations." If you need to re-enable RC4, SSLv3, or TLSv1.0 on a Connection Server, security server, View Composer, or Horizon Agent machine, see Older Protocols and Ciphers Disabled in Horizon in the Horizon 7 Security document.

Maybe that can help you in finding a solution.

 

Regards,
Mickeybyte

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any
acpzehetal
Enthusiast
Enthusiast

Unfortunately i have read this KB already, but we already had a Horizon 7 version running before and the old Windows XP Embedded Clients were working.

Nevertheless we were searching for settings on the client side to use the "new" secure ciphers. Currently we are struggling with Windows XP Horizon client to use TLS and AES ciphers to connect to the Connection Servers.

Does anyone know to set this in the Windows XP registry?

0 Kudos