dmurph
Contributor
Contributor

Issues with hardware PCoIP client

I am having an issue with my P20 PCoIP client.

I can remotely connect to my View server and see all the avaialbe pools. When I try to connect to any of them (using PCoIP or RDP), it then tries to connect to the desktop using the internal LAN IP and of course, this never resolves.

When I do the same thing using a windows view agent to connect from my laptop, I get through with no issues. Both the P20 and my laptop have the exact same network settingsfor DNS, domain, etc (except for IP of course).

What is the difference when connecting via hardware vs software, and why would it try to connect to a internal IP instead of the host name of the desktop? I'm assuming at this point that I have a configuration issue somewhere, but can not trace it.

Any insight would be appreciated.

0 Kudos
17 Replies
dmurph
Contributor
Contributor

I moved the client to my internal LAN tonight just to verify it does resolve to the desktop . Works perfectly on the internal LAN. Still can not get past the view connection to the desktop when on a WAN.

Any ideas?

-dmurph

0 Kudos
eeg3
Commander
Commander

PCoIP does not work on the WAN. To use View over the WAN, you will need to use the View Security Server which only supports RDP.






____________

blog.eeg3.net | Useful VMware-related Links

If you found this or any other post helpful, please consider the use of the Helpful/Correct buttons to award points.

Blog: http://blog.eeg3.net
0 Kudos
dmurph
Contributor
Contributor

RDP is doing the same thing. I connect to the view server, but then it tries to take me to an internal IP that can not be resolved from the WAN.

0 Kudos
eeg3
Commander
Commander

To connect from the WAN, even using RDP, you must use the View Security Server. You can't use the regular Connection Server.






____________

blog.eeg3.net | Useful VMware-related Links

If you found this or any other post helpful, please consider the use of the Helpful/Correct buttons to award points.

Blog: http://blog.eeg3.net
0 Kudos
dmurph
Contributor
Contributor

Thanks eeg3.

Is this something that only applies to the hardware client?

I can connect to just fine with RDP using the windows View client over the WAN.

-dmurph

0 Kudos
eeg3
Commander
Commander

Hrm, not sure. By WAN, are you talking entirely external network, e.g. over the internet? Perhaps I'm misunderstanding you.

Over the WAN, the client shouldn't know how to get to the internal virtual desktops without the assistance of the forwarding by the security server.






____________

blog.eeg3.net | Useful VMware-related Links

If you found this or any other post helpful, please consider the use of the Helpful/Correct buttons to award points.

Blog: http://blog.eeg3.net
0 Kudos
mittim12
Immortal
Immortal

If I'm not mistaken some hardware clients can't handle tunneled connections and must run in direct connect mode. This would prevent it from being able to connect from a Security server and prevent it from connecting to a connection broker running in tunneled mode.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

0 Kudos
dmurph
Contributor
Contributor

Yes, I am talking connecting over the internet completely external to the internal network..

Currently for testing, I have the firewall set to forward incoming traffic to the view server, so I get to that with no problems. Using a RDP protocol (with view client) gets me to the desktops with no issues. With the p20 client, I can not get to anything past the view connection server with RDP or PCoIP protocols.

If I can get to the view server not sure why I would need the security server unless I am missing something. But this is my first attempt at testing virtual desktops and view, so I could definitely not be understanding things Smiley Happy

-dmurph

0 Kudos
mittim12
Immortal
Immortal

The security server is a scaled down version of the connection broker so if you have to expose something to external traffic it might as well be the security server. As I said though I don't think it's going to work if your tunneling with your connection broker. If you switch over to direct connect on the connection broker than the p20 would need ports open to establish a PCOIP session directly with the VDI machine.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

dmurph
Contributor
Contributor

Thanks for the clarification.

I think my initial point is getting lost in all the discussion on whether rdp or pcoip will work over the internet.

What I am trying to figure out is why I can access my desktops from the software client, and when i try to access the same way using a hardware client (in my case the p20), i get "contacting 192.168.x.x, please wait". This is the IP on the internal network that the internet knows nothing about. The view server is on the same network, so the firewall is letting me through it looks like. The issue as I see it is that the hardware client is doing something differnt in the fact that it tries to connect the desktop using an IP and the software client uses the hostname maybe?

-dmurph

0 Kudos
eeg3
Commander
Commander

I think mittim hit the nail on the head. If you're not using direct connections to the desktop (this isn't the case by default), then the connection server is tunneling the connections for you. If the hardware PCoIP client has trouble using tunneled connections, it won't work, because there is no way for the internet machine to know how to get to your internal subnet without that tunneling by the connection server.

You could try disabling "Use secure tunnel connection" in the Servers section of View Administrator, and see if your software client still works from the internet.






____________

blog.eeg3.net | Useful VMware-related Links

If you found this or any other post helpful, please consider the use of the Helpful/Correct buttons to award points.

Blog: http://blog.eeg3.net
dmurph
Contributor
Contributor

Thanks both of you for the continues assistance.

I will try your suggestions and see if it helps or not and post the results.

I also found some posts on the Teradici KB that references the absolute need for a hardware VPN for external access with zero clients. I'm hoping they follow up on my questions around that. If a hardware VPN is required, then trying to give zero client portals remote access to a large client base from their homes will probably not be the right configuration.

-dmurph

0 Kudos
dmurph
Contributor
Contributor

Well,

Turning off secure tunneling did not fix anything, but did break the software client Smiley Happy

I'll keep poking at it to see what I can come up with. Keep throwing any ideas my way if you think of any.

0 Kudos
mittim12
Immortal
Immortal

When you disable the tunneling you will need to have RDP or PCOIP to that desktop available from outside the firewall. The direct connect method means that the pc only gets it's entitlements from the broker and then connects directly to the vdi machine.

Sent from my iPhone

0 Kudos
dmurph
Contributor
Contributor

I did give access directly to the desktop through the firewall, but still no luck. I verified that I had desktop access by just using windows RDP and not the view client. I got through the firewall and connected with no issues. But View client would not connect with tunneling turned off. Hardware client would not connect either way.

If I can figure out a way for the hardware client to not look to connect by internal IP once at the view connection server, I think it would work. Not sure why it behaves differently than the software View client, but for some reason it does.

-dmurph

0 Kudos
eeg3
Commander
Commander

I think to have it work without tunneling, you would actually need to give the virtual desktops their own externally accessible IP.

PCoIP isn't going to work without a VPN either way, at least currently. There are products in the works to resolve this, though. If you're only going to use RDP, I'd imagine a hardware PCoIP client would be a very expensive choice given that you can get regular RDP-based thin clients for a fraction of the cost?






____________

blog.eeg3.net | Useful VMware-related Links

If you found this or any other post helpful, please consider the use of the Helpful/Correct buttons to award points.

Blog: http://blog.eeg3.net
0 Kudos
dmurph
Contributor
Contributor

Yeah, Everything I am researching comes full circle back to the same conclusion. Without a VPN in place PCoIP just will not work from external networks since it bypasses the security and tunneling aspects that RDP uses. And since zero clients are stateless, there is no way to put a software VPN on them and a hardware VPN would not work for these remote needs.

Agree a thin client would be much cheaper, but I was hoping for PCoIP over RDP to improve on the graphics pieces since the clients require high quality images along with performance. It just may have to go on hold until the next iteration of PCoIP that could possibly resolve the issue.

-dmurph

0 Kudos