Calyps0Craig
Enthusiast
Enthusiast

Unable to access admin from VIP

Jump to solution

I am unable to access the admin page when using the VIP. I get the below result:

vdi.png

Error: Not Found

The page you requested (https://xyz-vip.com/admin#) is not available.

    Error code: 404

I can get to the admin page, by going directly to a connection servers address (and obviously locally on the connection server), but I get a certificate error (which I expect). The fact that I get a VMware Horizon page when going through the VIP, makes me believe the VIP is OK, but the connection servers are not configured to redirect the admin page, as they are with desktops.

Is it possible to access the View admin pages through the VIP?

We are running:

Horizon View 6.1

4 connection servers (2 internal, 2 external)

A10 load balancer with SSL offloaded.

1 Solution

Accepted Solutions
Claudiocaf
Enthusiast
Enthusiast

Try to use SSL_BRIDGE instead of SSL OFFLOAD
If it is a LB configuration issue, this will probably solve your problem.

View solution in original post

0 Kudos
8 Replies
Calyps0Craig
Enthusiast
Enthusiast

Does anyone access the admin console through a VIP?

0 Kudos
vTimD
Enthusiast
Enthusiast

Unfortunately, I don't have access to the production F5's, and my lab F5-VE is not configured at the moment. Though, I was able to replicate your issue another way. My Horizon environment is internet accessible and we have NAT through the front-end firewall. I can load up Horizon home page no problem using the external address. The second I try to load /admin, it gives me the same 404 you're seeing. This is with the NAT IP and with the external address.

Wild Speculation Time: The only thing I can assume is that the web consoles in Horizon are configured to answer to their specific FQDN for virtual directories. When using your VIP, you are technically accessing the Horizon server (which is why the Horizon webserver is responding with the 404) but you are not trying to access that specific named FQDN virtual directory (connection.server.com/admin). That may be why the server is responding 404, as it doesn't have a virtual directory listing for VIP.com/admin.

I hope that made sense. I personally just stick to accessing a connection server directly. Maybe someone else has a more eloquent and official answer to this.

-vTimD http://www.vtimd.com If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points.
Calyps0Craig
Enthusiast
Enthusiast

Thanks for your reply, Tim. I was thinking along those lines as well. You can configure the connection servers to accept the VIP for blast and PCoIP. I have been looking for some way to do that for admin (I thought the locked.properties file would have something) but am yet to discover anything.

We have a policy that any service behind the load balancer can only be accessed through the VIP (accept from admin networks). So I can access them fine as I'm on an admin network but I want to open it up to support staff. I can't do that until either I get it to work through the VIP or I convince the security boss to allow direct access.

Thanks again.

0 Kudos
vTimD
Enthusiast
Enthusiast

I'm going to keep looking around when I have time to see if a solution can be found, as I had never thought about this type of scenario before. If you find something, please share it. I'm interested to find out how this hashes out.

-vTimD http://www.vtimd.com If you found this or any other answer useful please consider the use of the Helpful or Correct buttons to award points.
0 Kudos
Gaurav_Baghla
VMware Employee
VMware Employee

Have a look at this short Document.

I think the problem is Load Balancer Configuration

https://www.a10networks.com/sites/default/files/resource-files/A10-DG-16119-EN.pdf

Regards Gaurav Baghla Opinions are my own and not the views of my employer. https://twitter.com/garry_14
0 Kudos
Claudiocaf
Enthusiast
Enthusiast

Try to use SSL_BRIDGE instead of SSL OFFLOAD
If it is a LB configuration issue, this will probably solve your problem.

0 Kudos
Calyps0Craig
Enthusiast
Enthusiast

Thanks Claudiocaf - that worked a treat!

0 Kudos
mamsbah
Contributor
Contributor

Hello,

This solution works for me:

Put this file/config on : C:\Program Files\VMware\VMware View\Server\sslgateway\conf\locked.properties

balancedHost= @VIPHostname

checkOrigin=false

 

0 Kudos