Solved: Re: Created new VLAN For VMs, now users cannot con...

AndyGK · ‎08-26-2011

We created a new VLAN to place linked-clones into, but we cannot connect through the view client via RDP or PCOIP

Our steps were:

1. Added the vlan to the virtual distrubted switch in Vsphere.

2. Switched the base VM to the new vlan. (The machine is Windows 7, and this seemed to re-enable IPV6, so I disabled it again with the common registry edit.)

3. Took a new snapshop for provisioning.

4. Added exceptions in our firewall between our Security server and the new VLAN for 4172 TCP/UDP (for PCOIP), 9427 TCP (For MMR), 32111 TCP (For USB Redirect), and 3389 TCP for Redirect.

The new linke clones machines acquire new IPs successfully. We can ping them by FQDN, or IP. We can even manually RDP into them. But the view client insists: "This desktop is currently unavailable. Please try connecting to this desktop again later, or contact your system admnistrator."

The only notable difference between the old VLAN and the new one is the subnet mask changed from 255.255.254.0 to 255.255.252.0

What did I miss?

mittim12 · ‎08-27-2011

I saw the error below

"R = failed launching desktop: com.vmware.vdi.sessionclientapi.TunnelManager$TunnelManagerException: Error raising port: Unable to connect to 137.216.48.33:3389, reason: Connection timed out: connect"

Can you login to the security server and start a remote desktop session to the IP above?

View solution in original post

mittim12 · ‎08-26-2011

What is the status of the clone in View admin? just wondering if the agent is reporting it as available. How about if you are connecting internal and not through the security server. Does that work?

AndyGK · ‎08-26-2011

The status in View Administrator for all the new machines reads as Available.

We cannot connect through our internal connection server. If you attempt to, you are told authentication fails and Initialization failed while connecting to server 'https://SecurityServer.URL:443' That is normally like that however. (I believe that's because our internal server doesn't have an SSL cert, and we direct all users through our security portal.)

mittim12 · ‎08-26-2011

Can you gather client side logs so we can try to determine what is happening?

AndyGK · ‎08-26-2011

I wasn't sure if you meant from the local machine running the View Client, or the one of the linked clone's log files, so I have attached both.

Edit:

For frame of reference, I shrunk the linked clone pool down to 1 machine. (So I'd know which log to grab.) and then attempted to connected at 2:45 pm

SDO1 · ‎08-26-2011

(havent looked at your log files)

What if you set the pool to use RDP? atm you are using PCoIP and that fails .. but you state you can manually RDP to the desktops right?

are you tunneling the connections through the connection server with PCoIP?

AndyGK · ‎08-26-2011

We are setup to tunnel through through with PCOIP. Both protocols still work on the old vlan. I've set up a second provisioned linked clone to verify this.

When changing the default to RDP instead of PCOIP and trying to connect I still recieve the same message as above about desktops not currently being available.

mittim12 · ‎08-27-2011

I saw the error below

"R = failed launching desktop: com.vmware.vdi.sessionclientapi.TunnelManager$TunnelManagerException: Error raising port: Unable to connect to 137.216.48.33:3389, reason: Connection timed out: connect"

Can you login to the security server and start a remote desktop session to the IP above?

AndyGK · ‎08-29-2011

Thanks, mittim.

We found an old route in the firewall that directed all going to this vlan to a completely different vlan for posture checking.

All

Created new VLAN For VMs, now users cannot connect, what did I miss?