VMware Horizon Community
Henrique_Cicuto
Enthusiast
Enthusiast

Horizon 8 2006 + UAG: Almost everything works (except for BSG)

Good evening,

I'm running a lab with Horizon 8 2006 and I've been facing some issues when connecting remotely with UAG.

Horizon Client 8.0.0 (16531419)

Connection Server: 8.0.0-16592062

  • HTTPS Secure Tunnel Enabled
  • PCoIP Secure Gateway Disabled
  • Blast Secure Gateway Enabled (all connections)

UAG: 3.10

  • PCoIP External URL Enabled
  • Blast External URL Enabled
  • Tunnel External URL Enabled

UAG is in a DMZ. The following ports were opened between it and the Connection Server:

  • TCP: 443, 8443

The following ports were opened between it and Horizon desktops:

  • TCP: 3389, 4172, 9427, 22443, 32111
  • UDP: 4172, 22443

Above ports were set following official documentation and monitoring firewall blocks.

The following ports were exposed to the Internet and redirect to the UAG:

  • TCP and UDP: 443, 4172, 8443

Above ports were set following official documentation and monitoring client calls.

The issue:

  • Internet connections using PCoIP and RDP works! Smiley Happy
  • Internet connections using Blast return "The connection to the remote computer ended" after a couple of seconds (sometimes I don't even receive the black screen) Smiley Sad
  • HTML access return "Failed to connect to the Connection Server" ​when using Chrome, Firefox or Edge (it does not show the login prompt) Smiley Sad

The closest I got to a solution was to disable the Blast Secure Gateway in the Connection Server. Doing so enabled Blast internet connections but I'm not sure why!

Sadly nothing worked so far to get the HTML access working Smiley Sad

Anyone that could give me some directions on what could be wrong?

Thank you very much.

Reply
0 Kudos
5 Replies
dbrutus
Enthusiast
Enthusiast

Hi, you want to disable secure tunnel, pcoip gateway, and select do not use blast secure gateway. Picture attached.

Henrique_Cicuto
Enthusiast
Enthusiast

Hi dbrutus.

Indeed that works for Blast and PCoIP Gateway was already disabled.

But RDP protocol works no matter if Secure Tunnel is enabled or not.

I'll probably workaround it for now by disabling the Gateway in the Connection Server but I still don't understand why 😞

Also that does not solve the HTML access error

Reply
0 Kudos
dbrutus
Enthusiast
Enthusiast

Do you have a screen of the error?

Reply
0 Kudos
Henrique_Cicuto
Enthusiast
Enthusiast

I actually managed to solve the UAG HTML Access error by creating the locked.properties file in the Connection Server and setting checkOrigin as false.

Since I'm doing a POC that should do it and I'm assuming that won't happen in production since I'll have connection names and certificates all figured out by then.

Thanks a lot for your help.

Waynefl
Contributor
Contributor

Thank you! This resolved my POC issue as well!

Reply
0 Kudos