Solved: Hrizon client connection prompts SSL error

WILLSHENG0083 · ‎01-04-2022

HI, friends:

I don't know if it's right to ask a question here again? But I have a very difficult problem

Short Description.
The secure server's https port cannot be accessed, so it always prompts an SSL error

The question is as follows.

When I use a client to connect to the host, it prompts that the SSL connection failed
The domain name accessed via ping is fine, and it returns the correct external address of the server
The PcoIP and Blast gateway configured in the secure server are default 4172 and 8443
Under normal circumstances, the external network access through the domain name + IP will be fine
Only https I set the port number is 3088, then the external network can not ping through
I can't find the secure server by netstart -ano command, which means that the port is not started, so I have the above problems
Tried restarting the server and changing the port, but the problem persists

I hope someone can help me

Thank you very much!

Translated with www.DeepL.com/Translator (free version)

WILLSHENG0083 · ‎01-04-2022

Vielen Dank, ich habe das Problem gefunden

Der Grund dafür hat nichts mit Horizon zu tun, denn es funktioniert einwandfrei, ohne jegliche Probleme.

Das Problem war, dass ich eine Verbindung zum Server mit der https-Adresse für die sichere Verbindung herstellte, die interne Adresse war 443, aber als ich die Portweiterleitung des Routers einrichtete, stellte ich die internen und externen Adressen so ein, dass sie identisch sind, was dazu führte, dass 3088 auf dem internen Server nicht existiert, daher das 443-Problem

Ich hoffe, das hilft

Ich weiß nicht einmal, wie ich zu diesem Problem gekommen bin.

View solution in original post

fabio1975 · ‎01-04-2022

Ciao

I'm trying to understand your infrastructure.

Do your users need to access the Horizon infrastructure from outside (from the internet) or are they just users of your network?
What version of Horizon do you have?
Do you have only one connection server or do you have more? if you have more how do you manage the balance?
Why are you talking about port 3088 in point 5?

Is the certificate you use for a public FQDN or connection server name?
If you want to use access from outside your corporate network, I recommend using UAGs (Unified Access Gateways)

You can post the screenshot of the error?

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

WILLSHENG0083 · ‎01-04-2022

Do your users need to access the Horizon infrastructure externally (from the Internet), or are they just users of your network?
Yes, my users can access Horizon from the Internet

Which version of Horizon do you have?
It's version 7.13.1 build-18057992, and this is what I see on the Horizon backend page

Do you have only one connection server, or do you have more servers? If you have more servers, how are you managing the balance?
I only have one link server and I don't have the capacity to add more yet

Why did you talk about port 3088 in point 5?
He is my custom access port, specifically the first address that needs to be filled in the edit secure server screen, which is the external URL, his example is https://myserver.com:443

Are you using a public FQDN certificate or a connection server name?
I use the public FQDN, not the server name itself, for example: https://sina.com:3088

If you want to use access from outside the corporate network, I would recommend using a UAG (Unified Access Gateway).
Thank you very much for your advice, but with my current level of skill, it may take a while to get the hang of this

fabio1975 · ‎01-04-2022

Ciao

What is the FQDN used in Horizon Client to connect (https://myserver.com:443 or https://sina.com:3088)?

Did you try to disable the Horizon client SSL check and re-try the connection?

Is the certificate installed in the repository of the local computer of the connection server to which the VDM friendly name has associated the one used externally to connect?

From the local network, you are able to connect?

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

WILLSHENG0083 · ‎01-04-2022

What is the FQDN used to connect in Horizon Client (https://myserver.com:443 or https://sina.com:3088)?
Well, right now https://sina.com:3088 is used

Did you try disabling the SSL check for the Horizon Client and retrying to connect?
Yes, it was already set to disabled

Does the VDM friendly name of the certificate installed in the repository of the local computer of the connecting server have anything to do with the external certificate used for the connection?
This is not relevant because I have not configured the SSL certificate from the beginning, so I am prompted every time that SSL is not secure, so I have turned it off before

From the local network, are you able to connect?
From the local network, I am able to connect by skipping the secure server and entering the connection server directly

Now the problem is that in the secure server, in CMD, I can't listen to port 3088, I think he is not working causing these problems