Hi,
At the beginning when i was setting blast for a project for external users, blast port was set to default 8443 and i was not working. I read on one of the discussions and it was saying to set the blast port to 443 and some entries to the locked.properties file.
locked.properties
checkOrigin=false
enableCORS=false
enableCSP=true
content-security-policy=font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';img-src 'self' blob: data:
portalHost=a.a.com
Everything was working fine until i started to do tests with load balancer products. It didn't work out and i reverted back all the settings.
But now i cannot get the screen from a browser or a horizon client with blast protocol. I get a blank screen. But when i check the events i can see the logon process and there is no error. It says connected and the protocol is blast. PCoIP works fine.
Internally with browser and horizon client works fine.(PCoIP and Blast).
Nearly i read all the discussions about this issue on the community but couldn't find any solution.
Connection servers settings.
Uag settings
Any ideas?
Thank you
Do you have port 22443 open between your UAGs and the virtual desktops?
yes it is open. didn't change and fw rules.
I see you have a UAG in play. You should not be doing any sort of tunneling / BSG when connecting via UAG. Otherwise both the CS and UAG will attempt to proxy your connection to the agent and your connection will fail. You have PCoIP disabled which is why it is working.
Try turning it off on the Connection Server and report back your results.
That’s one of the beauties of UAG - you do not need any special configuration on your Connection Servers.
I disabled blast on the connection server but did not do any difference.
I can connect , system authenticates me. After i click on the desktop pool it starts loading and turns black screen.
And i can see my session on the horizon console. protocol blast.
How many connection servers do you have? Is the UAG pointed to a specific Connection Server or load balancer? Only one UAG in play?
That configuration is specific to each CS. If load balanced, you'll need to go through each one and select "Do not use Blast Secure Gateway."
If they're all set that way, you are likely denying port 22443 somewhere between UAG - > VDA. You should be able to run "curl -v telnet://VDA:22443" from UAG and get an established connection. You can also run tcpdump 'port 22443' from UAG to see if you see the VDA responding back to the UAG's 22443 traffic when you try to establish the connection.
If you haven't already, run /etc/vmware/gss-support/install.sh on the UAG to enable tcpdump.
Ah - I just realized your Connection server name and Blast external URL on the UAG are configured the same. The Blast External URL, Tunnel URL, and PCoIP External URL should be the UAG name/IP (or load balanced name/IP if behind a VIP). This will tell the client to proxy the Blast/PCoIP connection via the UAG.
Upon connection, the connection is attempting to be proxied via the Connection Server URL, which is likely why it's breaking.
2 connection servers. Now UAG point to 1 connection server and i have changed the connection server on UAG with the connection servers ip address.
Got it - see my previous post to see if that fixes your issue. Use the UAG name for your Blast/Tunnel URLs.
changed the urls with the uag's ip address. client works over blast but browsers dont.
I am getting content security policy error message.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: wss://a.a.com:8443 ..................................... Resource will be blocked.
I was getting this message when i first deployed the system so i created locked.properties file and added the lines (below) in it.After that it started to work from EDGE with Blast.
It is the same file and the values but i still get the error. I deleted and re created the file.
checkOrigin=false
enableCORS=false
enableCSP=true
content-security-policy=font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';img-src 'self' blob: data:
portalHost=a.a.com
Remove everything in locked.properties except for checkOrigin=false and reboot the CS. See if the problem persists.
-Nick
removed everything except checkOrigin=false. still the same.
By the way, i am doing my test only with EDGE.
Chrome or firefox works okay.
Ah, I thought you were referring to Edge from a network perspective, not a browser. Does Edge work internally (not going through UAG)?
everything works from inside.
i do my test externally.
actually it was set to 443 after it broke down i switched it back to 8443.
when port is set to 8443 i can connect with horizon client or firefox/chrome. but not with edge.
When i set the port to 443 i can connect from every thing but i get blank screen.
I know it sounds weird but i spent hours on this issue couple of months ago and i have the notes from that time. I did every thing but some thing breaks the process.