I have a SC, CS installed onServer 2008R2.
Externally I can connect to my vDesktops, but inside the network I can not connect to the vDsktops.
I installed on the desktop the Client w/local.
The CS server uses the same certificate as my SS.
The settings for my CS under General are:
HTTP(s) Secure Tunnel = (checkmark) https.//externaldomainname.com:443
PCoIP Secure Gateway= (checkmark) PCoIP External URL: inetrnal CSIPaddress:4172
Blast External URL: https://CSName.domain.local:8443
Under local mode tab I have:
Use SSL for local mode operations
Use SSL when provisioning desktops in Local Mode
What settings am I missing that I can not connect to vdesktops from within the network.
When i connect using the view clinet, i enter my credentials and enter the connection server ip or url and i get certificate error.
If i use the same url from outside the newtork i connect to desktop but it is black then it disconnects.
It tells me configuring dekstop, authenticating, preparing desktop, connection to desktop, then i get a black screen with a bar on top to send:ctrl alt del, or close/disconnect dekstop, or options,connectUSB device.
then it closes the window with an eror message:
the connection to the remote computer ended.
pls advise
The black screen when connecting from an external source sounds like a firewall issue. You should follow all the steps in this document, https://communities.vmware.com/docs/DOC-14974, to resolve that issue.
What kind of certificate error do you get when connecting internally? FWIW the View client with local mode only needs to be used if you are going to utilize local mode. Local mode is the ability to download and run a desktop on local resources instead of geneating a session from the server.
mittim12, just stepped in from a meeting.
will review your link, but first you mention first sentence: "black screen when connecting from an external source", externally from outside the network we can connect.
it is when we are insde the network we get the black screen. Is that what you meant to write? internal or external?
we get the black screen when we enter the url for the security server that is normally accessed externally outside the network.
please advise.
certificate error we get when we enter the ip address of the CS is: The host name in the certificate is invalid or does not match.
Sorry, I must have read it wrong. Still review the link because almost all of black screen/disconnects are firewall related. On the certificate side maybe you used the fqdn of the server when creating the certificate and then you are connecting it using some type of loadbalanced URL. Maybe you a SAN in the certificate so that both are valid names.
I added anew SAN to my certificate last friday and then the SS worked.
The SS for outside users will type in on their URL: for example : vDesktop.websitedomainName.com
that name was added to the SSL certificate, that's why now our SS works.
What should I use for the CS?
Should I create a new one for the CS? such as : csDesktop.websitedomain.com?
And then use that certificate for the CS, will that fix the problem?
Our FW has the 4172 ports opened.
My users utilize the same URL for both internal and external to avoid confusion.
I was wondering, can I simply use the certificate that the CS created when installed and rename it the freindly name to "vdm? will this be a secured method?
interesting, how did you get it to work?
Our internel DNS points the clients to our internal servers and when working external the URL points to our Security Server.
so if vDesktop.websitedomainName.com points to the SS
then your internal DNS points vDesktop.websitedomainName.com to CS?
so when an internal user keys in the URL : vDesktop.websitedomainName.com the internal DNS points it to CS ip address?
i am still watching the video.
Correct
Sent from my iPhone
i will try that now, thanx.
oops, i just remembered when i looked, I have a DNS using vDesktop.websitedomainName.com pointing to the ip address of the SS.
can I create anew one pointing to the CS or change the ip of the SS to the ip of the CS?
nope, that did not work. changing the ip from SS to CS.
My external users could not connect with that change.
Sorry for the confusion
External DNS Server would have a DNS record that specifies the external SS Ip address for the external users.
Internal DNS server would have a DNS record that specifies the internal CS IP addresses for the internal users.
mittim,
My FW has the routing and DNS that takes one of my static ip address and points it to the url: vDesktop.websitedomainName.com which in turn points to our internal static ip address for our SS. Our DNS/DC server takes that request of vDesktop.websitedomainName.com and pushes it to SS static ip.
I am a bit confused here.
Before changing the certificate of the CS from it's default, internal users could access a vDesktop, but since the ssl certificate was changed so SS can work properly the SSL cert from the connection server was changed to the same as the SS. Now internal users can not use vDesktops.
If i try to connect through the CS I get certificate error as stated earlier.
if i try to enter the CS FQDN i get error: The view CS connection failed. The server name or address could not be resolved.
Maybe i DNS i create an entry for CS and point it to the ip address of the CS.
Good morning mittim.
I had no luck configuring this internal desktop usage.
I know external users are connecting though SS, that works.
Here are some example IPs:
55.55.55.55 = external public IP used for SS
55.55.55.56 = external public IP used by our domain
44.44.44.44 = our internal static domain ip
44.44.44.45 = our static SS ip
44.44.44.46 = our static CS ip
44.44.44.47 = our static FW ip
44.44.44.48 = our static DNS/DC #1 ip (one replicates to 2 in case of failure on #1)
44.44.44.49 = our static DNS/DC #2 ip
==========Below is what I have configured for my SS connection for my external users=========
My FW has the setting of FW access Rules :
WAN--> LAN : source=any: destination=55.55.55.55: services=UDP+TCP 4172,443
MY FW has the setting of Network NAT Policies :
source=any: destination=55.55.55.55: services=UDP+TCP 4172,443
My SSL cert has as a SAN for SS the value e.g. : SSname.myWebdomainName.com
My DNS server has a Forward Look up of : SSname.myWebdomainName.com pointing to host (A) 44.44.44.45
===========END OF SETTINGS FOR SS==========================================
Can you please advice me on how to proceed to make it possible for my internal users to connect to the vDesktops?
I have been playing with setting this VMware View for the last 3 weeks between other projects at work with no assistance, I am starting to tire out.
Assistance would be great.
Thanks a million.
My solution to the problem was to change the ip address of the e.g. SSname.myWebdomainName.com (which i created) to point the CS rather than to the SS ip address in my DND forward lookup zone with update to the associated ptr.
Now I can access my desktops from inside the network and outside the network.
I hope this is a safe practice.
Is there a way to check to see if external users are still having a secured connection.
I know outside users when the hit the URL the FW points them to the SS static internal domain Ip address.
From inside the network it points them to the CS instead via use of the DNS pointing to CS rather than SS.
I was thinking of buying a new SAN for my SSL cert but since this works, i'll leave it this way for now until I hear otherwise.
Any suggestions will be greatly appreciated.
newbie vm-dude