Re: View agent not able to communicate to connecti...

RahulPathak · ‎04-05-2017

I am managing a view env. 6.1.1 build-2769403 , all linked clones floating desktops. After deploying a pool I see that desktops are not getting in available state , instead all the giving error

Apr 5, 2017 10:31:18 AM CST: No network communication between the View Agent and Connection Server. Please verify that the virtual desktop can ping the Connection Server via the FQDN.

Pairing state:In pairing...

Configured by:connectionS1.doamin.com connectionS2.doamin.com

Attempted theft by:

This error is common for all the linked clones from different pools , the view agent version is 6.1.1 To check further I did below steps:

1. Reinstalled vmtools and agent on master image , recomposed - same error.

2. Logged in to one of the linked clones from vcenter to check the connectivity , successfully able to ping and resolve both connection servers , telnet to 4001 JMS also works fine.

3. Followed vmware kb article 2007319 , installed the MS hotfix - still the same problem.

4. checked VMD agent logs , couldn't see anything relevant.

Finally I tried to install a different version of view agent , I installed agent 5.3.0 and to my surprise it works. I do not want to downgrade the agent version since it will be against compliance but still struggling to make it work with agent 6.1.1.. Does anyone has any leads what I might be missing to check ? I could really use some help !

PCTechStream · ‎04-05-2017

What guest operating systems as desktop virtual machines do you have?

www.ITSA.Cloud

TechMassey · ‎04-05-2017

Hmmmmm, this could be a few possible causes. I have a suggestion and a question.

You mention that installing 5.3 resolves the issue. This makes me think that the customization script or sysprep method is fine but it is possible the installation order for the Parent VM may be an issue. Meaning that by following proper best practice of the order of install, you solved the issue. I would try the following, uninstall the agent, uninstall VM tools, reinstall VM tools, reinstall 6.1.1 agent and test.
I would be very curious, is this a recent or long standing issue? I guess I will make this a double question! You mention network connectivity is verified. I would try restarting the Horizon View agent service and monitor the connection server VDM log for any entry.

Please help out! If you find this post helpful and/or the correct answer. Mark it! It helps recgonize contributions to the VMTN community and well me too 🙂

RahulPathak · ‎04-06-2017

Hi Raul,

The desktop OS is win7 64

RahulPathak · ‎04-06-2017

Hello WarrenM01,

Thanks for the suggestions , here are the responses:

1.Yes 5.3 does helps , and as I mentioned in my post , I have already did a clean re-install of these components in correct order. Uninstalled agent then tools. Reinstalled tools and agent 6.1.1. but the error still persisted.

2. I would say it is recent , to make the picture clear this is a new env and sort of "replica" of another env in different geography. So I copied the master image from some other region to this region and changed the domain.( I believe sysprep will take care of rest of the things) . Now this is not the first time I have done something like this , I have copied images from different geographies to other regions with the same process and they always worked(with agent 6.1.1 as well). All environments are same in terms of configuration and settings.

Part 2 - In the VDM log on connection server , I see some events post restarting the agent :

2017-04-06T13:54:36.098+08:00 DEBUG (0C70-1488) <VirtualCenterDriver-58e0ab92-a214-4ed6-b254-4f8aafe6f4c1> [VirtualCenterDriver] VM Name:vm-001, VM IP:null ,GuestInfo Agent [Error Code:ffffffff, Error Text:javax.jms.JMSException: Unable to create a connection to: [[ServerEntry, hostname=connectionS2.domain.com, port=4002]], Active Broker:connectionS2.domain.com connectionS2.domain.com/10.94.100.100]

same event for other connection server, also I see events related to restart of VM(related to sysprep, maybe !) during customisation.

RalphBethke · ‎04-06-2017

Hello,

Please verify if port 4002 is reachable from agent to connection server. Your logs indicate that the communication targeted towards port 4002 gets dropped (I assume you have FW between the VMs and the connection servers). If communication on Port 4002 gets dropped by a FW, ensure to allow that port within your rule base for Horizon View.

Best regards

Ralph

RahulPathak · ‎04-06-2017

Hello,

Thanks for the response.

JMS uses 4001 from desktop(agent) to connection server which is allowed on firewall as you can see in below table as well. To open a port in FW will be a time taking task(in my env. ! ).

So I am not sure if these problems are just because of 4002(moreover 4002 is for secure JMS which usually is required for Enhanced security mode , mine is Enabled). The agent 5.3 works well for all the OS so I guess it cannot be just the port 4002 (unless someone can explain me otherwise).

However I will surely keep this in my mind if nothing else helps !

TCP Ports for View Connection Server and Replica Server Instances

Source	Destination	Port	Protocol
View Desktop	Connection Server	4001	JMS
Replica Connection Servers	Connection Server	4100	JMSIR
Admin Browser	Connection Server	80	HTTP
Admin Browser	Connection Server	443	HTTPS
Client 1	Connection Server	4172	PCoIP (TCP and UDP)
Client 2	Connection Server	443	HTTPS
Connection Server 1	View Desktop Subnet	4172	PCoIP
Connection Server 2	View Desktop Subnet	3389	RDP
Connection Server	Virtual Center Server	443	HTTPS
Connection Server	Virtual Center Server	80	HTTP
Connection Server	Virtual Center Server (View Composer)	18443	HTTPS

RalphBethke · ‎04-06-2017

Hello,

Please refer to VMware View ports and network connectivity requirements (1027217) | VMware KB , especially the section which highlights View Agent requirements.

TCP Ports for View Agent

Source	Destination	Port	Protocol
Client	View Desktop	3389	RDP
Connection Server2	View Desktop	3389	RDP
Client	View Desktop	4172	PCoIP(TCP and UDP)
Connection Server1	View Desktop	4172	PCoIP(TCP and UDP)
Security Server1	View Desktop	4172	PCoIP(TCP and UDP)
Client	View Desktop	32111	USB Redirection
Client	View Desktop (Physical Only)	42966	HP RGS
Client	View Desktop	9427	MMR
View Desktop	Connection Server	4001	JMS
View Desktop	Connection Server	4002	JMS

Best regards

Ralph

PCTechStream · ‎04-06-2017

Agent 5.3.0 to 6.1.1 When the View Agent is reinstalled or upgraded, it may change the keypair used to identify the View Agent with the Connection Server. Try to Change the JMS Message Security mode to enhanced in the post-upgrade tasks section.

OPTION 1:

1. In the View Administrator console, on the left pane to go View Configuration > Global Settings

2. Under Security, click Edit

3. Select Mixed or Disabled in the Message security mode dropdown. Try (Mixed)

OPTION 2: VMWARE SOLUTION "Enhanced message security mode to Enabled security mode (2110760)"

1. Start the ADSI Edit utility on your View Connection Server host.

2. In the Connection Settings dialog box, select or connect to DC=vdi,DC=vmware,DC=int.

3. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the View Connection Server host followed by port 389.

For example: localhost:389 or mycomputer.mydomain.com:389

4. On the object OU=Properties, OU=Global, CN=Common, set the pae-MsgSecMode attribute to ON.

5. Manually restart the VMware Horizon View Message Bus Component service on all View Connection Server hosts in the pod, or restart the View Connection Server instances.

6. After the services have restarted, use the View Administrator UI to check that the message security mode has changed. Go to View Configuration > Global Settings and verify that the setting has changed from Enhanced to Enabled.

UNDERSTANDING: Message Security Mode for View Components

LINK: https://pubs.vmware.com/horizon-62-view/index.jsp?topic=%2Fcom.vmware.horizon-view.administration.do...

Raul.

VMware VDI Administrator

http://ITCloudStream.com/

www.ITSA.Cloud

All

View agent not able to communicate to connection server ! Everything looks perfect :(