VMware Horizon Community
rhan6291
Contributor
Contributor
Jump to solution

View 6.2/Tera1 cipher negotiation workaround?

I've posted this on the Teradici forum as well, but wanted to reach out here just in case someone has seen it before.

We just did an upgrade to View 6.2.1. I tested out a connection on my T2 devices, and found that I had to upgrade to firmware 4.8 to bypass a "Session negotiation failed. The Zero Client may not be compatible with the host session negotiation cipher settings" message. Of course, I can't do that on T1 devices. I tried doing the multiple different ways of enabling the ciphers in the View Security section at

https://pubs.vmware.com/horizon-62-view/index.jsp#com.vmware.horizon-view.security.doc/GUID-70506F8C...

without any luck, but I might also be doing it wrong - I'm a back-end VM noob Smiley Happy Although I know anything past 6.0.1 isn't supported on T1, but I'm trying to see if anyone out there has encountered the same problem and found a workaround.

Other notes: in the logs, it is a handshake error. I can upload an actual log in a few hours. ESX5.5, LG Zero Clients, using linked-clone, not RDS desktops

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
rhan6291
Contributor
Contributor
Jump to solution

Reply
0 Kudos
4 Replies
rhan6291
Contributor
Contributor
Jump to solution

Got the answer I was looking for!

https://www.reddit.com/r/sysadmin/comments/3y839x/tera1_and_vmware_view_agent_621_dont/

Hope that helps someone else!

Reply
0 Kudos
jeniferslabaugh
Enthusiast
Enthusiast
Jump to solution

I got Tera1's working with the 6.2.1 agent in our test lab. I followed VMware KB 2130798, but here's the step by step for fixing the "Session negotiation failed. The Zero Client may not be compatible with the host session negotiation cipher setting," error:

  1. You need to edit the pcoip.adm GPO template, either with domain GPO or with the local GPO. Import it if you haven't already, then navigate to Classic Administrative Templates - PCoIP Session Variables - Not Overridable Administrator Settings.
  2. Under Not Overridable Administrator Settings, double-click "Configure SSL". Enable it, and enter "TLS1.0:TLS1.1:TLS1.2". (You may be able to get away with just enabling 1.0, haven't tested that yet.) Save and exit. If you did local GPO, snapshot and recompose.
  3. Go to a Connection Broker (this next step will be performed on all connection brokers and security servers in the environment). Open RegEdit and navigate to HKLM\SOFTWARE\Teradici\SecurityGateway.
  4. Right click and choose New - String Value. Name is SSLProtocol. Enter tls1.2:tls1.1:tls1.0 as the value data.


Also, Tera2's give you the same cipher error message unless you upgrade them to 4.8. Hope this helps some people.

Reply
0 Kudos
nzorn
Expert
Expert
Jump to solution

Thanks Jenifer, I'm sure we'll need to use this workaround for when we upgrade.

Reply
0 Kudos
HPU-ADM
Enthusiast
Enthusiast
Jump to solution

Aloha,

I can confirm this "work around" works on view connection server 7.3.1.  Yes, we still have tera1, in this case, samsung nc240, firmware 4.7.3.  The hope is next year we'll be primarily on blast and not having to maintain tera1 compatibility.

Mahalo,

Booker

Reply
0 Kudos