I am managing a view env. 6.1.1 build-2769403 , all linked clones floating desktops. After deploying a pool I see that desktops are not getting in available state , instead all the giving error
Apr 5, 2017 10:31:18 AM CST: No network communication between the View Agent and Connection Server. Please verify that the virtual desktop can ping the Connection Server via the FQDN.
Pairing state:In pairing...
Configured by:connectionS1.doamin.com connectionS2.doamin.com
Attempted theft by:
This error is common for all the linked clones from different pools , the view agent version is 6.1.1 To check further I did below steps:
1. Reinstalled vmtools and agent on master image , recomposed - same error.
2. Logged in to one of the linked clones from vcenter to check the connectivity , successfully able to ping and resolve both connection servers , telnet to 4001 JMS also works fine.
3. Followed vmware kb article 2007319 , installed the MS hotfix - still the same problem.
4. checked VMD agent logs , couldn't see anything relevant.
Finally I tried to install a different version of view agent , I installed agent 5.3.0 and to my surprise it works. I do not want to downgrade the agent version since it will be against compliance but still struggling to make it work with agent 6.1.1.. Does anyone has any leads what I might be missing to check ? I could really use some help !
What guest operating systems as desktop virtual machines do you have?
Hmmmmm, this could be a few possible causes. I have a suggestion and a question.
Hi Raul,
The desktop OS is win7 64
Hello WarrenM01,
Thanks for the suggestions , here are the responses:
1.Yes 5.3 does helps , and as I mentioned in my post , I have already did a clean re-install of these components in correct order. Uninstalled agent then tools. Reinstalled tools and agent 6.1.1. but the error still persisted.
2. I would say it is recent , to make the picture clear this is a new env and sort of "replica" of another env in different geography. So I copied the master image from some other region to this region and changed the domain.( I believe sysprep will take care of rest of the things) . Now this is not the first time I have done something like this , I have copied images from different geographies to other regions with the same process and they always worked(with agent 6.1.1 as well). All environments are same in terms of configuration and settings.
Part 2 - In the VDM log on connection server , I see some events post restarting the agent :
2017-04-06T13:54:36.098+08:00 DEBUG (0C70-1488) <VirtualCenterDriver-58e0ab92-a214-4ed6-b254-4f8aafe6f4c1> [VirtualCenterDriver] VM Name:vm-001, VM IP:null ,GuestInfo Agent [Error Code:ffffffff, Error Text:javax.jms.JMSException: Unable to create a connection to: [[ServerEntry, hostname=connectionS2.domain.com, port=4002]], Active Broker:connectionS2.domain.com connectionS2.domain.com/10.94.100.100]
same event for other connection server, also I see events related to restart of VM(related to sysprep, maybe !) during customisation.
Hello,
Please verify if port 4002 is reachable from agent to connection server. Your logs indicate that the communication targeted towards port 4002 gets dropped (I assume you have FW between the VMs and the connection servers). If communication on Port 4002 gets dropped by a FW, ensure to allow that port within your rule base for Horizon View.
Best regards
Ralph
Hello,
Thanks for the response.
JMS uses 4001 from desktop(agent) to connection server which is allowed on firewall as you can see in below table as well. To open a port in FW will be a time taking task(in my env. ! ).
So I am not sure if these problems are just because of 4002(moreover 4002 is for secure JMS which usually is required for Enhanced security mode , mine is Enabled). The agent 5.3 works well for all the OS so I guess it cannot be just the port 4002 (unless someone can explain me otherwise).
However I will surely keep this in my mind if nothing else helps !
TCP Ports for View Connection Server and Replica Server Instances
Source | Destination | Port | Protocol |
View Desktop | Connection Server | 4001 | JMS |
Replica Connection Servers | Connection Server | 4100 | JMSIR |
Admin Browser | Connection Server | 80 | HTTP |
Admin Browser | Connection Server | 443 | HTTPS |
Client 1 | Connection Server | 4172 | PCoIP (TCP and UDP) |
Client 2 | Connection Server | 443 | HTTPS |
Connection Server 1 | View Desktop Subnet | 4172 | PCoIP |
Connection Server 2 | View Desktop Subnet | 3389 | RDP |
Connection Server | Virtual Center Server | 443 | HTTPS |
Connection Server | Virtual Center Server | 80 | HTTP |
Connection Server | Virtual Center Server (View Composer) | 18443 | HTTPS |
Hello,
Please refer to VMware View ports and network connectivity requirements (1027217) | VMware KB , especially the section which highlights View Agent requirements.
TCP Ports for View Agent
Source | Destination | Port | Protocol |
Client | View Desktop | 3389 | RDP |
Connection Server2 | View Desktop | 3389 | RDP |
Client | View Desktop | 4172 | PCoIP(TCP and UDP) |
Connection Server1 | View Desktop | 4172 | PCoIP(TCP and UDP) |
Security Server1 | View Desktop | 4172 | PCoIP(TCP and UDP) |
Client | View Desktop | 32111 | USB Redirection |
Client | View Desktop (Physical Only) | 42966 | HP RGS |
Client | View Desktop | 9427 | MMR |
View Desktop | Connection Server | 4001 | JMS |
View Desktop | Connection Server | 4002 | JMS |
Best regards
Ralph
Agent 5.3.0 to 6.1.1 When the View Agent is reinstalled or upgraded, it may change the keypair used to identify the View Agent with the Connection Server. Try to Change the JMS Message Security mode to enhanced in the post-upgrade tasks section.
OPTION 1:
1. In the View Administrator console, on the left pane to go View Configuration > Global Settings
2. Under Security, click Edit
3. Select Mixed or Disabled in the Message security mode dropdown. Try (Mixed)
OPTION 2: VMWARE SOLUTION "Enhanced message security mode to Enabled security mode (2110760)"
1. Start the ADSI Edit utility on your View Connection Server host.
2. In the Connection Settings dialog box, select or connect to DC=vdi,DC=vmware,DC=int.
3. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the View Connection Server host followed by port 389.
For example: localhost:389 or mycomputer.mydomain.com:389
4. On the object OU=Properties, OU=Global, CN=Common, set the pae-MsgSecMode attribute to ON.
5. Manually restart the VMware Horizon View Message Bus Component service on all View Connection Server hosts in the pod, or restart the View Connection Server instances.
6. After the services have restarted, use the View Administrator UI to check that the message security mode has changed. Go to View Configuration > Global Settings and verify that the setting has changed from Enhanced to Enabled.
UNDERSTANDING: Message Security Mode for View Components
Raul.
VMware VDI Administrator