davebaker87
Enthusiast
Enthusiast

Horizon 5.3 client with PAC file can't connect

Howdy

I'm working with a client that runs win 10 with a PAC file. Contained within the PAC there is some redirection commands similar to below :

If (dns domainls (lost, "vmwareuaggateway.com")

Return "PROXY some proxy server.com:8080)

Traffic destined for our UAG gateway is redirected via an second proxy. We know the traffic is routing correctly.  However, when we connect using Horizon Client with blast settings enabled for 'use system proxy" and the PAC file enabled in Windows Proxy settings , the connection fails.

If we explicitly configure a system proxy  with the IP of' someproxyserver.Com;8080 in Windows proxy settings, and then disable using a pac file, the connection works.

We're beginning to think the Horizon Client 5.3 can't handle PAC files Or it can't handle redirection taking place within a pac file (ala my first paragraph).

Does anyone have suggestions for this? Does it warrant a ticket with vmware? Any pac file we try to use simply doesn't work.

Thanks

0 Kudos
7 Replies
davebaker87
Enthusiast
Enthusiast

*should say lshost, not 'lost'

0 Kudos
Jingxiao
VMware Employee
VMware Employee

For the same scenario, do you have tried the Horizon 5.2 client (especially Windows Client)?

From Horizon 5.2 clients, all of PC clients (Windows, macOS, and Linux) are added proxy support for Blast connection.

And we think all of the WPAD, PAC, and explicit proxy should work on Horizon Client for Windows for Blast connection.

We'd like to investigate why it doesn't work for you.

Please contact the customer support team and provide the client debug level logs for troubleshooting.

0 Kudos
davebaker87
Enthusiast
Enthusiast

Hi,

I've provided logs to your customer support team. We also ran trace logs, connected with a pac enabled vs disabled (manual proxy configured) and logs were identical. I'll provide excerpts on this thread early next week.

0 Kudos
davebaker87
Enthusiast
Enthusiast

Hi

We've submitted client level logs and PAC files to support. Below is their initial diagnosis. We will provide more logs today.

From a client with PAC file configured (fails):

2020-02-14T13:37:58.244+00:00 INFO (5E64) [libcdk] CdkProxy_GetProxyForAutoSettings: Call WinHttpGetProxyForUrl for external.uag.com.
2020-02-14T13:37:58.245+00:00 INFO (5E64) [libcdk] CdkProxy_GetProxyForAutoSettings: Failed to get WinHTTP proxy info with error 0x00002ee6.
2020-02-14T13:37:58.245+00:00 DEBUG (5E64) [libcdk] CdkUtil_StringToAddress: Failed to get addr info with family 23: error=11001.
2020-02-14T13:37:58.245+00:00 DEBUG (5E64) [libcdk] CdkUtil_StringToAddress: Failed to get addr info with family 2: error=11001.
2020-02-14T13:37:58.277+00:00 DEBUG (5E64) [libcdk] CdkUtil_StringToAddress: Failed to get addr info with family 0: error=11001.
2020-02-14T13:37:58.277+00:00 ERROR (5E64) [WinCDK] PCoIPWindow::CreateRemoteWindow : The type of address external.UAG.com is unknown, could be invalid.
2020-02-14T13:37:58.277+00:00 DEBUG (5E64) [WinCDK] DesktopWindow::Connect : Creating remote window failed.  Posting generic error message.

With manual proxy configured (successfuk)

2020-02-14T13:25:55.385+00:00 INFO (2064) [WinCDK] PCoIPWindow::CreateRemoteWindow : Launching RemoteMKS with BLAST protocol, launchitem is: 'PSmartDesktop' ('cn=1a696234-f7f7-4510-9d65-0602549b58a9,ou=entitlements,dc=vdiglobal,dc=vmware,dc=int')
2020-02-14T13:25:55.388+00:00 INFO (2064) [libcdk] CdkProxy_GetProxyForAutoSettings: external.uAG.Com
2020-02-14T13:25:55.390+00:00 INFO (2064) [libcdk] CdkProxy_GetProxyForAutoSettings: Failed to get WinHTTP proxy info with error 0x00002ee6.
The following business is to handle the static proxy.
2020-02-14T13:25:55.390+00:00 INFO (2064) [libcdk] CdkProxy_GetProxyForUrl: Evaluate a semicolon-delimited proxy bypass list for external.UAG.com.
2020-02-14T13:25:55.390+00:00 DEBUG (2064) [libcdk] CdkProxy_RetrieveProxyName: The proxy name is : '10.33.241.200:8080'.
2020-02-14T13:25:55.390+00:00 DEBUG (2064) [libcdk] CdkProxy_RetrieveHttpsProxy: Find proxy: '10.33.241.200:8080'
2020-02-14T13:25:55.390+00:00 DEBUG (2064) [libcdk] CdkProxy_RetrieveHttpsProxy: Get Https proxy '10.33.241.200:8080' and use the same proxy forall protocols.
2020-02-14T13:25:55.391+00:00 INFO (2064) [libcdk] CdkProxy_GetProxyForUrl: Found windows proxy string: '10.33.241.200:8080'.
2020-02-14T13:25:55.391+00:00 INFO (2064) [libcdk] CdkProxy_HandleFailover: Will go through failover proxy chain: '10.33.241.200:8080'.
2020-02-14T13:25:55.391+00:00 DEBUG (2064) [libcdk] CdkDnsLookup_ResolveAddress: Server name 10.33.241.200 is resolved as 10.33.241.200 for IPv4.
2020-02-14T13:25:55.391+00:00 DEBUG (2064) [libcdk] Starting peer reachability check: CdkConnection_CheckPeerReachabilityImpl: host ip list : 10.33.241.200, tcp port 8080, udp port 0, tcp connect count 1, udp send count 0
2020-02-14T13:25:55.391+00:00 DEBUG (9650) [WinCDK] UdpProxyLogger : udpProxyLib: VTHREAD 38480 "vthread-38480"
2020-02-14T13:25:55.391+00:00 DEBUG (9650) [WinCDK] UdpProxyLogger : UDPProxyCreateTestData: Hostlist = 10.33.241.200, v4 address count = 1, v6 address count = 0
2020-02-14T13:25:55.391+00:00 ERROR (2064) [libcdk] CdkConnection_CheckPeerReachabilityImpl: peer reachability check returns 1 with error 0.
2020-02-14T13:25:55.391+00:00 DEBUG (9650) [WinCDK] UdpProxyLogger : UDPProxyCreateTestConnectionData: Create test data for hostAddress = 10.33.241.200 with connection Type = 0
2020-02-14T13:25:55.391+00:00 DEBUG (9650) [WinCDK] UdpProxyLogger : UDPProxyCheckTCPPeerReachabilityImpl: Request to test TCP peer reachability to 10.33.241.200:8080
2020-02-14T13:25:55.391+00:00 DEBUG (9650) [WinCDK] UdpProxyLogger : udpProxyLib: SOCKET creating new IPv4 socket, connecting to 10.33.241.200:8080 (10.33.241.200)
2020-02-14T13:25:55.418+00:00 DEBUG (97A0) [WinCDK] UdpProxyLogger : UDPProxyPeerTestConnectCallback: Peer reachability response for successful connect for 10.33.241.200:8080, connection type = 0
2020-02-14T13:25:55.418+00:00 DEBUG (97A0) [libcdk] CdkConnection_CheckPeerReachabilityCb: TCP reachable for 10.33.241.200:8080.
2020-02-14T13:25:55.491+00:00 INFO (2064) [libcdk] CdkProxy_HandleFailover: Will use proxy '10.33.241.200:8080'.
2020-02-14T13:25:55.491+00:00 INFO (2064) [WinCDK] PCoIPWindow::GetSystemProxyForBlastConnection : The proxy '10.33.241.200:8080' is applied to the blast external.Uag.com'.
2020-02-14T13:25:55.491+00:00 DEBUG (2064) [libcdk] CdkUtil_StringToAddress: Failed to get addr info with family 23: error=11001.
2020-02-14T13:25:55.491+00:00 DEBUG (2064) [libcdk] CdkUtil_StringToAddress: Failed to get addr info with family 2: error=11001.
2020-02-14T13:25:55.520+00:00 DEBUG (2064) [libcdk] CdkUtil_StringToAddress: Failed to get addr info with family 0: error=11001.
2020-02-14T13:25:55.520+00:00 ERROR (2064) [WinCDK] PCoIPWindow::CreateRemoteWindow : The type of address external.UAG.com is unknown, could be invalid.
2020-02-14T13:25:55.520+00:00 WARN (2064) [WinCDK] PCoIPWindow::CreateRemoteWindow : Use FQDN 'external.uag.com' to try the Blast connection.
2020-02-14T13:25:55.545+00:00 INFO (2064) [WinCDK] FolderRedirectionManager::InitAutoRedirect : Init folder auto redirect settings.
2020-02-14T13:25:55.545+00:00 INFO (2064) [WinCDK] FolderRedirectionManager::SubscribeCDRCapabilityChange : Init folder redirection capablity tests.
2020-02-14T13:25:55.545+00:00 INFO (2064) [WinCDK] GeolocationRedirectionManager::InitPermRequest : Init geolocation permission request settings.
2020-02-14T13:25:55.545+00:00 DEBUG (2064) [WinCDK] PCoIPWindow::CreateRemoteWindow : Get unity mgr: 06ACBC88.

We are going to try adding the IP address of our external.uag.com into the PAC file instead. A second test will be to use the A record address, currently external.uag.com is a cname.

more to follow -

Any ideas?

0 Kudos
davebaker87
Enthusiast
Enthusiast

Senior tech's identified that, within the PAC file, the URL for our proxy server was not being interpreted to include https:// in the address string. Although the entry in the PAC used an FQDN.  We were provided with a sandbox version of the client, which worked, and are hoping a patch or remedial fix will be provided.

Thanks for the support. But I won't gives thanks for the headaches it caused getting to this point...

0 Kudos
Jingxiao
VMware Employee
VMware Employee

Hi Dave,

Please contact the support engineer for the hot patch request.

Then engineerings team will prepare it for you.

0 Kudos
davebaker87
Enthusiast
Enthusiast

Thanks - we were advised to wait until march 5.4 client release, despite the request for hotfix. It's not as time sensitive as it was - so we'll just wait for a huge bug finders bounty to deposit into my cayman's account! Smiley Happy

Thanks for your help

0 Kudos