So it doesn't matter if the Security Server setted up in a LAN? Because we don't have a DMZ.

Do I still need portforwarding from Security server to Virtual Desktop if the Security Server and virtual desktops is setted up in a LAN?

I have portforwarded those ports from External to Security Server.

It's OK that your Security Server is on the LAN. You don't need a DMZ. In that case you don't have a firewall between the Security Server and your virtual desktops. Just go through the 3 steps and when you've fixed it let us know which it was.

Mark.

I did the 3 steps correctly and yet it doesn't work.

What ports do I need for VMware View?

I setted those ports open:

4443 (instead of 443 because it's already in use by Exchange 2010, and automatically mapped to 443 when it's going inside) to View Connection Server

4172 TCP to security server

4172 UDP to security server

Am I still missing some ports?

EDIT:

In attachment you see what ports I have portforwarded (note: I hided the last number from IP-address for security reasons)

BTW: everything in LAN works fine with PCoIP.

Just only on internet doesn't work. I think it has to be with portforwarding. But I can't find the problem.

The info that PCOIP from within the LAN is helpful.

Can you explicitly set on the firewall to allow 4172 from the security server to the outside world?

So UDP 4172 from the security server to the external should be added.

What firewall are you using?

Also, I had seen someone else's post at some time saying that some firewalls (I use a Cisco ASA) have issues if you group the protocol Access Rules. He meant that I should have one for TCP 4172, a separate for UDP 4172, where as I have them all as a single Access Rule.

Good Luck,
Dave

Make sure on your secuirty server the external PcoIP is set to have the "external" ip address that is exposed not the internal address being forwarded.

Everything but except the SMTP are allowed to the outside world.

We use FortiGate 50A. I'm gonna try now to make ungroup. Gotta let you know later.

EDITED:

Ungrouping didn't help.

Message was edited by: MAPABVBA

Camek, those settings are filled in with these information:

View Connection Server:

HTTPS Secure Tunnel:

The External URL: DNS-name from the WAN-IP.

PCoIP Secure Gateway:

Internal IP-address to View Connection Server (numbers)

Security Server:

HTTPS Secure Tunnel:

The External URL: DNS-name from the WAN-IP.

PCoIP Secure Gateway:

The External PCoIP is set to the WAN-IP (numbers).

I think I'm right about those settings filling in?

you're right!

Then I really don't understand why it doesn't work...

when you put in the external DNS in place, if you try to login, it might be trying to access an external DNS which is not resolvable internal. can you post your error message again?

When I try to connect the client, I goes to VMware View Client, logging in with the credentials => works

I select the desktop with PCoIP and clicking connect, I only see the black screen and after few times later I get the error message: "The Connection to the remote computer ended."

See in the attachment for the screenshots

Check in the View Client logs to make sure it is attempting the PCoIP connection to the addresses and ports you expect. (i.e. to get to the Security Server).

Look at firewall logs.

Look at the Security Server logs.

The black screen indicates that the PCoIP connection is being blocked somewhere in your setup. This may be between View Client and Security Server or between Security Server and virtual desktop.

With others who have had this same problem it was either caused by a configuration error in step 1, 2 or 3. Once they'd corrected that, it all worked fine. This forum has examples of all 3 errors.

Other reasons can include a Web proxy blocking PCoIP traffic, misconfigured firewall settings on any of the firewalls involved etc.

If you still can't set this up correctly in your environment, run Wireshark on your Security Server and follow the protocol carefully based on the protocol details shown in step 3. This should allow you to find where the error is. Perhaps if you have a network admin available in your organization, they could assist with this part.

Mark.

Log from VMware View Client:

http://pastebin.com/f90k9TPC

I can't understand that, offcourse, bt maybe anyone of you can help me?

I can't working with Wireshark...

Any tips how I can work with Wireshark?

Thanks.

Let me ask again this:

From external to where I need to portforward the port 443 ? Connection Server or Security Server?

And what port do I need all of this VMware View to work with that?

Your external View Clients connect to the Security Server. That's shown in all the diagrams you've looked at and is also described in detail in the video.

If you were to forward from external View Clients to your Connection server you'd end up bypassing it altogether. Not what you want.

In addition to the existing 443 in your firewall configuration, you also need to allow PCoIP. That's step 3 in the 3 steps.