I am unable to access the admin page when using the VIP. I get the below result:
The page you requested (https://xyz-vip.com/admin#) is not available.
Error code: 404
I can get to the admin page, by going directly to a connection servers address (and obviously locally on the connection server), but I get a certificate error (which I expect). The fact that I get a VMware Horizon page when going through the VIP, makes me believe the VIP is OK, but the connection servers are not configured to redirect the admin page, as they are with desktops.
Is it possible to access the View admin pages through the VIP?
We are running:
Horizon View 6.1
4 connection servers (2 internal, 2 external)
A10 load balancer with SSL offloaded.
Try to use SSL_BRIDGE instead of SSL OFFLOAD
If it is a LB configuration issue, this will probably solve your problem.
Does anyone access the admin console through a VIP?
Unfortunately, I don't have access to the production F5's, and my lab F5-VE is not configured at the moment. Though, I was able to replicate your issue another way. My Horizon environment is internet accessible and we have NAT through the front-end firewall. I can load up Horizon home page no problem using the external address. The second I try to load /admin, it gives me the same 404 you're seeing. This is with the NAT IP and with the external address.
Wild Speculation Time: The only thing I can assume is that the web consoles in Horizon are configured to answer to their specific FQDN for virtual directories. When using your VIP, you are technically accessing the Horizon server (which is why the Horizon webserver is responding with the 404) but you are not trying to access that specific named FQDN virtual directory (connection.server.com/admin). That may be why the server is responding 404, as it doesn't have a virtual directory listing for VIP.com/admin.
I hope that made sense. I personally just stick to accessing a connection server directly. Maybe someone else has a more eloquent and official answer to this.
Thanks for your reply, Tim. I was thinking along those lines as well. You can configure the connection servers to accept the VIP for blast and PCoIP. I have been looking for some way to do that for admin (I thought the locked.properties file would have something) but am yet to discover anything.
We have a policy that any service behind the load balancer can only be accessed through the VIP (accept from admin networks). So I can access them fine as I'm on an admin network but I want to open it up to support staff. I can't do that until either I get it to work through the VIP or I convince the security boss to allow direct access.
Thanks again.
I'm going to keep looking around when I have time to see if a solution can be found, as I had never thought about this type of scenario before. If you find something, please share it. I'm interested to find out how this hashes out.
Have a look at this short Document.
I think the problem is Load Balancer Configuration
https://www.a10networks.com/sites/default/files/resource-files/A10-DG-16119-EN.pdf
Try to use SSL_BRIDGE instead of SSL OFFLOAD
If it is a LB configuration issue, this will probably solve your problem.
Thanks Claudiocaf - that worked a treat!
Hello,
This solution works for me:
Put this file/config on : C:\Program Files\VMware\VMware View\Server\sslgateway\conf\locked.properties
balancedHost= @VIPHostname
checkOrigin=false