UAG/F5 LB/Horizon view servers

suri123 · ‎03-06-2021

We are currently utilizing workspace one/UAG for our external portal recourses

We are seeing session getting disconnects and users are not able to connect back to the same session. We recommend users to use the Chrome Browser for all connections

We get a grey screen trying to connect back to the session. Best we found is go to view server manger and kill that session. Users are able to connect back.

Our assumption is the problem is steaming from the LB Load balancer or a mismatch of route.

Why are the Desktop sessions getting disconnected for end users.. All the default setting in view disconnects are max out

Secondary issue, route problem after disconnects. users are not able to connect back to the same UAG and View Server.. That's the reason the sessions are not connecting and grey screen

What is the best way to configure to resolve the disconnect issues and route?

We NAT from outside.

f5 -source IP affinity

single VIP address for four UAG

f5 -source IP affinity

single VIP address for two view horizon connector

Thanks for your help.

sjesse · ‎03-06-2021

Did you follow this when setting up the UAG F5 virtual servers?

https://www.f5.com/pdf/solution-center/load-balancing-vmware-unified-access-gateway-servers-deployme...

suri123 · ‎03-09-2021

Yes we have.. We are validating with F5 Engineers.. To determine the drops..

we don't see this behaviour in VMware Client or Firefox..

Just in Chrome Browser. Interesting...

sjesse · ‎03-09-2021

I'm on 7.10 and UAG 3.9 and don't seem to see the issue. what does your locked.properties look like on the connection servers, I don't think that should matter if the first connection works.

suri123 · ‎03-10-2021

# Configure whether download page is accessible enable.download=true # Configure whether web client page is accessible enable.webclient=true # Configure the download page's URL address link.download=https://www.vmware.com/go/viewclients # Configure the help page's URL address link.help=https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html # Links of view clients installers on different platforms link.win32=https://www.vmware.com/go/viewclients#win32 link.win64=https://www.vmware.com/go/viewclients#win64 link.linux32=https://www.vmware.com/go/viewclients#linux32 link.linux64=https://www.vmware.com/go/viewclients#linux64 link.mac=https://www.vmware.com/go/viewclients#mac link.ios=https://itunes.apple.com/us/app/vmware-view-for-ipad/id417993697 link.android=https://play.google.com/store/apps/details?id=com.vmware.view.client.android link.chromeos=https://chrome.google.com/webstore/detail/vmware-horizon-client/pckbpdplfajmgaipljfamclkinbjdnma link.winmobile=https://www.microsoft.com/en-us/store/p/vmware-horizon-client/9nblggh51p19

sjesse · ‎03-10-2021

Take a look at

https://docs.vmware.com/en/VMware-Horizon-7/7.1/com.vmware.horizon-view.security.doc/GUID-AA5D0A57-5...

https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-installation/GUID-BFF2E726-A5EB-4105-A0EA-F...

I have both the balancedHost and portalhost in mine, along with the origin checking set to false. With the F5 you can fix this but if your stuck this is something to try, again I'm not sure this is your issue.

Protegimus · ‎05-26-2022

Hi suri123,
Were you ever able to resolve the issue?

We've been looking into the same issue, albeit on Horizon 8 2111 and it appears it may be related to the persistence timeout values.
Version 1.0 of the F5 configuration guide (dated Nov 2017) and the later v3.0 guide dated Dec 2020 both recommend default 180s persistence timeout values and this is too short to sustain the heartbeat intervals recommended by VMware in the recently revised KB Monitoring health of Horizon Connection Server using Load Balancer, timeout, Load Balancer persisten...

As an aside, note for the health monitors the use of the more efficient
send "HEAD /favicon.ico HTTP/1.1\r\nHost: host\r\nConnection: Close\r\n\r\n"
is recommended.

All

UAG/F5 LB/Horizon view servers

We are curretnly