I have upgraded a View Connection server from 4.5 to 4.6 and installed a new View Security Gateway 4.6. Also I have created new guests running Windows XP and installed the View Agent 4.6 on them.
From an the Internet on a laptop I can't access any guests. I have opened IE and naviagted to my external URL and it recognizes that I need to install the View 4.6 client so I know that connectivity is there. Once installing I can log in and select a desktop but once l click on 'Connect' it loads a black screen and then just dies. A message pops up after about 5 seconds and says "The connection to the remote computer ended".
I'm sure I'm almost there! I must have something wrong though! Any idea's?
Sounds like you have a port blocked. Are you trying to connect with PCOIP or RDP?
Hmm.... I'm using 4.6 so PCoIP and I've opened ports 4172 on UDP and TCP
You opened them between Security Server and desktop and Security Server and client? Here is a nice document that goes into detail which ports and which directions to unblock them, http://communities.vmware.com/docs/DOC-14974.
Can you also verify that you can connect through RDP?
I can access via RDP but not PCoIP. I think I have all the ports open. Here's what I have
Outside to security server
TCP 80
TCP 443
TCP 4172
UDP 4172
Security Gateway to View connection server
TCP 80
TCP 443
TCP 4001
TCP 4100
TCP 8009
TCP 3389
TCP 4172
UDP 4172
From the Security server to the VDI desktop you need to have the TCP and UDP 4172 unblocked.
So from the Security Gateway in the DMZ it needs access to via TCP and UDP port 4172 to ALL VDI guests on the LAN?
Sounds like a security issue? I would of thought that it would pass PCoIP traffic from the Security Gatweay to the connection server ?
It needs access to the Virtual machine it's connecting to. It might be the non security person in me but I don't really the issue.
OK. I'll give it a try but the documentation you linked in an earlier post doesn't state this? It is incorrect?
Also the DMZ will not have DNS so how is it meant to keep up to date with all the IP addresses of a VDI enrironment?
This is taken from the documente I linked earlier.
PCoIP between Security Server and virtual desktop
http://communities.vmware.com/docs/DOC-14974 describes this.
It's not necessary to forward PCoIP from Security Servers to Connection Servers. Only PCoIP traffic on behalf of authenticated users will be passed to the internal network, and even then, only to virtual desktops that the user is authorized to access. On the internal firewall, just permit this PCoIP from the View Security Servers. That way the Security Server acts as the secure gateway for this traffic. This is the same for RDP/HTTPS on all View versions.
Mark.
Blimey! My head hurts!
Thanks for your help guys!
I'm still can't get this working but confused why it works for RDP and not PCoIP. Is it worth looks at logs?
Not wishing for your head to hurt even more ..... but have you gone through the 3 setup steps correctly?
There's a section on troubleshooting in the linked video as well which should hopefully resolve this for you.
Let us know what it was. Thanks.
Mark.
You may also see this issue internally if you configured your connection servers with the option "Use PCoIP Secure Gateway for PCoIP Connections to Desktops".
Quim P.
Yes. If you have ""Use PCoIP Secure Gateway for PCoIP Connections to Desktops" on your internal Connection Server you need to also make sure your "External URL" and "PCoIP External URL" are set correctly on that Connection Server for internal use.
You can do remote and local access with a single Connection Server but it is not as efficient as dedicating one or more Connection Servers for each purpose. That way you can set it up so that PCoIP from internal clients go direct to the desktop instead of being unnecessarily gatwayed.
Mark.
Were you able to find a resolution to this issue? I am having the exact same problem.
Thanks
Yes. Folks have resolved it by doing the 3 steps here - http://communities.vmware.com/docs/DOC-14974
It's been fairly even as to whether people missed step1, step 2 or step 3, but if you miss any, you'll get a black screen.
Let us know how you get on.
Mark.
Hi vwman,
I just completed the VMware View 4.6 deployment with security server to access vdesktops from public and its successfully working, may i know what setup you are having? and please brief about your problems, so that we can help you to overcome on this.
Regards,
Rajasekar