Horizon 7.1 direct access to HTML blast causes IP ...

Justin_Y · ‎04-14-2017

We just removed tunneling on our Horizon 7.1 internal connection servers so clients will connect directly to the desktops to reduce the load on our internal load balance appliance. With the desktop client everything works as expected and the traffic now is routed directly to the desktop. Same with blast but after the user select the desktop it changes the address to the IP of the desktop. You can then select accept to the certificate error and the desktop open up and the address bar changes back to our horizon address. Is there a way to specify the address without enabling tunneling?

Thanks

CraigH1 · ‎04-17-2017

Hello. Im doing this from memory, but the choices are this:

(1) Put a unique certificate on each desktop that has the IP address in it, which is assigned the generic name "Blast". Not sure if this can be done through a windows CA request auto-enrolment, but if so, it would probably occur after the blast service had started. So this option is probably not going to work.

(2) Get a wildcard digital certificate which is installed on each desktop. There is a group policy telling horizon to connect using DNS names instead of IP address (can't remember what it's called). The issue here is that it relies on the DNS being 100% accurate. In our case, using application layering and machine rebuilding, deleting all the time, it get's out of whack. So we cant.

Hope that helps.

All

Horizon 7.1 direct access to HTML blast causes IP of desktop to display with a certificate prompt