mittim12, just stepped in from a meeting.

will review your link, but first you mention first sentence: "black screen when connecting from an external source", externally from outside the network we can connect.

it is when we are insde the network we get the black screen.  Is that what you meant to write? internal or external?

we get the black screen when we enter the url for the security server that is normally accessed externally outside the network.

please advise.

certificate error we get when we enter the ip address of the CS is: The host name in the certificate is invalid or does not match.

Sorry, I must have read it wrong.   Still review the link because almost all of black screen/disconnects are firewall related.     On the certificate side maybe you used the fqdn of the server when creating the certificate and then you are connecting it using some type of loadbalanced URL.     Maybe you a SAN in the certificate so that both are valid names.

I added anew SAN to my certificate last friday and then the SS worked.

The SS for outside users will type in on their URL: for example : vDesktop.websitedomainName.com

that name was added to the SSL certificate, that's why now our SS works.

What should I use for the CS?

Should I create a new one for the CS? such as : csDesktop.websitedomain.com?

And then use that certificate for the CS, will that fix the problem?

Our FW has the 4172 ports opened.

My users utilize the same URL for both internal and external to avoid confusion. 

I was wondering, can I simply use the certificate that the CS created when installed and rename it the freindly name to "vdm? will this be a secured method?

interesting, how did you get it to work?

Our internel DNS points the clients to our internal servers and when working external the URL points to our Security Server.   

so if vDesktop.websitedomainName.com points to the SS

then your internal DNS points vDesktop.websitedomainName.com to CS?

so when an internal user keys in the URL : vDesktop.websitedomainName.com the internal DNS points it to CS ip address?

i am still watching the video.

Correct

Sent from my iPhone

i will try that now, thanx.

oops, i just remembered when i looked, I have a DNS using vDesktop.websitedomainName.com pointing to the ip address of the SS.

can I create anew one pointing to the CS or change the ip of the SS to the ip of the CS?

nope, that did not work. changing the ip from SS to CS.

My external users could not connect with that change.

Sorry for the confusion

External DNS Server would have a DNS record that specifies the external SS Ip address for the external users.

Internal DNS server would have a DNS record that specifies the internal CS IP addresses for the internal users.

mittim,

My FW has the routing and DNS that takes one of my static ip address and points it to the url: vDesktop.websitedomainName.com which in turn points to our internal static ip address for our SS.  Our DNS/DC server takes that request of vDesktop.websitedomainName.com and pushes it to SS static ip.

I am a bit confused here.

Before changing the certificate of the CS from it's default, internal users could access a vDesktop, but since the ssl certificate was changed  so SS can work properly the SSL cert from the connection server was changed to the same as the SS.  Now internal users can not use vDesktops.

If i try to connect through the CS I get certificate error as stated earlier.

if i try to enter the CS FQDN i get error: The view CS connection failed. The server name or address could not be resolved.

Maybe i DNS i create an entry for CS and point it to the ip address of the CS.

Good morning mittim.

I had no luck configuring this internal desktop usage.

I know external users are connecting though SS, that works.

Here are some example IPs:

55.55.55.55 = external public IP used for SS

55.55.55.56 = external public IP used by our domain

44.44.44.44 = our internal static domain ip

44.44.44.45 = our static SS ip

44.44.44.46 = our static CS ip

44.44.44.47 = our static FW ip

44.44.44.48 = our static DNS/DC #1 ip (one replicates to 2 in case of failure on #1)

44.44.44.49 = our static DNS/DC #2 ip

==========Below is what I have configured for my SS connection for my external users=========

My FW has the setting of FW access Rules :

WAN--> LAN : source=any: destination=55.55.55.55: services=UDP+TCP 4172,443

MY FW has the setting of Network NAT Policies :

source=any: destination=55.55.55.55: services=UDP+TCP 4172,443

My SSL cert has as a SAN for SS the value e.g. : SSname.myWebdomainName.com

My DNS server has a Forward Look up of : SSname.myWebdomainName.com pointing to host (A) 44.44.44.45

===========END OF SETTINGS FOR SS==========================================

Can you please advice me on how to proceed to make it possible for my internal users to connect to the vDesktops?

I have been playing with setting this VMware View for the last 3 weeks between other projects at work with no assistance, I am starting to tire out.

Assistance would be great.

Thanks a million.

My solution to the problem was to change the ip address of the e.g. SSname.myWebdomainName.com (which i created) to point the CS rather than to the SS ip address in my DND forward lookup zone with update to the associated ptr.

Now I can access my desktops from inside the network and outside the network.

I hope this is a safe practice.

Is there a way to check to see if external users are still having a secured connection.

I know outside users when the hit the URL the FW points them to the SS static internal domain Ip address.

From inside the network it points them to the CS instead via use of the DNS pointing to CS rather than SS.

I was thinking of buying a new SAN for my SSL cert but since this works, i'll leave it this way for now until I hear otherwise.

Any suggestions will be greatly appreciated.

newbie vm-dude