PCoIP Secure Gateway FAQs

PCoIP Secure Gateway FAQs

1.      How can I get PCoIP Secure Gateway functionality

Install a View4.6 Security server or connection server instance on a 64bit windows 2008 R2 machine. It could be physical or Virtual machine.

2.      Is PCoIP Secure Gateway enabled by default once I install connection server or security server on a 2008 R2 machine?

No, PCoIP secure gateway feature is disabled by default in view 4.6. This feature should be enabled from Admin UI before you can start using it.

3.      How do I enable PCoIP Secure gateway feature

PCoIP Secure Gateway feature is Enabled/Disabled using Admin UI for both connection Server and associated security server. This is controlled by the check box “Use PCoIP secure Gateway for PCoIP connections to desktop” under ’PCoIP Secure gateway’ in General Tab when a View Connection Server entry is edited.

4.      How can I make sure PCoIP session is using PCoIP Secure Gateway?

Do a ‘netstat  –nob’ from client, you’ll see network connections made from vmware-remotemks.exe to connection server/security server. If you run the same command inside launched session you can see ‘pcoip_server_win32.exe ‘ has connections made to the same connection/security server. There won’t be any connections made between View Client and View Agent machines. If PCoIP Secure Gateway is not used then these connections will be between View Client and View Agent.

5.      I have my connection server installed on a Non- 2008 R2 machine but I have a security server on 2008 R2 can I enable PCoIP Secure Gateway feature for this configuration?

Yes, you can enable PCoIP Secure Gateway but PCoIP Secure Gateway will be only available in associated Security server installed on 2008 R2.

6.      I have two security servers, one installed on Windows Server 2008 R2 and one installed on Windows Server 2003, both paired with a connection server installed on Windows Server 2008 R2. Will I be able to use PCoIP Secure Gateway on all three instances?

No, you’ll have PCoIP Secure Gateway functionality only on your connection server and security server which are installed on 2008 R2 machine.

7.      How will I know if PCoIP Secure Gateway in installed in my machine.

You can make sure this by checking the PCoIP Secure Gateway service in windows services list.

8.      How can I restart PCoIP Secure Gateway service?

PCoIP Secure Gateway service will be listed under windows services. As with any Windows Services, PCoIP Secure Gateway service can also be restarted.

9.      Is it mandatory to have PCoIP Secure Gateway for PCoIP connections?

No, PCoIP Secure Gateway is not mandatory. PCoIP Secure Gateway is required in specific scenarios where PCoIP connection needs to be passed through a gateway or a NAT mechanism.

10. I get the following warning “PCoIP Gateway Functionality is not supported for this operating system, please upgrade to windows server 2008 r2 to get this functionality” while installing Connection server/Security server what does it mean?

This means the machine on which you are performing installation is not 2008 R2 and PCoIP Secure Gateway feature will not be present on that particular instance.

11. I get a warning when I enable PCoIP Secure Gateway “Warning: This connection server or one of its paired security servers does not have a PCoIP Secure Gateway installed. Ensure that this configuration is correct for your intended use of PCoIP.” What does it mean?

This warning indicates that the Connection Server you are editing or at least one of the security server associated with this connection server doesn’t have PCoIP Secure Gateway feature installed. You can ignore this warning if you have one of these instances installed with PCoIP Secure Gateway and all PCoIP connections requiring PCoIP Secure Gateway are going to be made through it.

12. Can I make use of PCoIP Secure Gateway with my old View client? Is it mandatory to update to View4.6 client?

View client or View agent doesn’t require an upgrade to use with PCoIP Secure Gateway. Any client/Agent which supports PCoIP will work with PCoIP Secure Gateway.

13. Can I make use of PCoIP Secure Gateway with my old View Agent? Is it mandatory to update to View4.6 client?

View client or View agent doesn’t require an upgrade to use with PCoIP Secure Gateway. Any client/Agent which supports PCoIP will work with PCoIP Secure Gateway.

14. What is PCoIP External URL? Can I give a host FQDN here?

PCoIP External URL is the IP:Port value provided to view clients by connection server during desktop launch. You cannot give FQDN for this URL, this should be always an IP address reachable from client machines.

15. Will PCoIP Secure Gateway tunnel my PCoIP connections from client to desktop? Does it use a secure tunnel?

PCoIP Secure Gateway doesn’t create any additional secure tunnel. What it does is to proxy PCOIP connections between agent and client. It is similar to an Application firewall.

16. If PCoIP Secure Gateway acts as a proxy, can I use my web proxy to act as PCoIP Secure Gateway or other way?

No, A normal web proxy cannot ‘proxy’ PCoIP sessions. PCoIP Secure Gateway can only be used for PCoIP protocol.

17. I changed Port numbers used for PCoIP Secure Gateway; Clients are unable to connect now!

Make sure the new port value is updated in External URL and required firewall exceptions are added.

18. Is it possible for a user to connect sometimes through a PCoIP Secure Gateway and sometimes not, without any change to the client?

View Client is unaware of PCoIP Secure Gateway and doesn’t require any change to use PCoIP Secure Gateway.

19. My connection server PCoIP external URL field is grayed out in Admin UI!

This field is enabled only if PCoIP Secure Gateway is installed on connection server machine. Make sure you are using a PCoIP Secure Gateway supported OS (Win-2008 R2).

20. My Security server PCoIP external URL field is grayed out in Admin UI!

This field is enabled only if PCoIP Secure Gateway is installed on security server machine. Make sure you are using a PCoIP Secure Gateway supported OS (Win-2008 R2).

21. Can I edit PCoIP External URL from Admin UI?

Yes, PCoIP External URL can be modified from Admin UI to make required changes.

22. Should I enable ‘Use Secure Tunnel Connection to Desktops’ to get PCoIP Secure Gateway functionality remotely?

Not always. With a Zero Client, only a PCoIP Secure Gateway is needed. With a View Client, this option controls whether USB and MMR connections are tunnelled. It should be enabled if either of these protocols are needed when using a View Client remotely

23. How can I monitor number of sessions going through PCoIP Secure Gateway?

PCoIP Gateway Sessions and PCoIP Gateway Sessions High are two counters added to Windows Performance Monitor (perfmon.exe). This can be used to find the number of ongoing sessions and max number of sessions ever present.

24. Can I have RDP connections through PCoIP Secure Gateway?

No. RDP connections are not handled by PCoIP Secure Gateway. But you can have same connection/security server handle both RDP and PCoIP traffic together.

25. External URL is an IP! Should I provide users with this IP for PCoIP Secure Gateway to work? Will PCoIP Secure Gateway work if users connect to Connection/Security server with FQDN?

Users can either use IP or FQDN to connect to connection/security server with PSG configured.

26. Which port should I open in my firewalls? Do I need to enable this for entire subnet?

Client to Security/Connection Server

HTTP(S) TCP 80 /443 from View Client to View Security Server.

TCP 4172 from View Client to View Security Server.

UDP 4172 in both directions

Security/Connection Server to Agents

TCP 4172 from View Security Server to View Agents.

UDP 4172 in both directions

27. I don’t want a set of users to connect using PCoIP Secure Gateway how can I do this?

Couple of Connection/Security servers can be PSG enabled while others can be PSG disabled. Provide users with appropriate URLs

28. Where is PCoIP Secure Gateway logs located?

Default log location is “C:\ProgramData\VMware\VDM\logs\PCoIP Secure Gateway”

29. How can I change PCoIP Secure Gateway log levels?

PCoIP Secure Gateway log levels can be changed using the same “Set View Connection Server Log Levels” tool used to set view log levels.

30. How can I change PCoIP Secure Gateway log file path?

This can be done by modifying “HKEY_LOCAL_MACHINE\SOFTWARE\Teradici\SecurityGateway\LogPath” value to new path.

31. Is it possible to have RDP sessions using same server where PCoIP Secure Gateway is enabled?

Yes

32. Will smartcard/RSA/SSO/Triple SSO work with PCoIP Secure Gateway?

Yes, there are no configuration changes required in other features to work with PCoIP Secure Gateway.

33. Is there any setting required while creating Pools? Should I mention use PCoIP Secure Gateway somewhere?

No, PCoIP Secure Gateway is controlled at broker level. There are no configurations required at pool level.

34. If I have a connection server with PCoIP Secure Gateway enabled, is it possible for a user to have a PCoIP session without a PCoIP Secure Gateway.

Yes. In that case, users should connect to another instance of connection server where PCoIP Secure Gateway is not enabled.

35. Users are getting the following error "Unable to connect to desktop: There is no available gateway for the display protocol. Try again, or contact your administrator if this problem persists." They are unable to launch desktops using PCoIP Secure Gateway enabled server.

This message indicates that PCoIP Secure Gateway feature is enabled but the related PSG (PCoIP Secure Gateway) service is not ready. Check windows services on your security/connection server depending on configuration to make sure ‘PCoIP Secure Gateway’ service is running and is in started state.

36. Can I have multiple PCoIP Secure Gateway?

Yes. You can have as many PCoIP Secure Gateway as you require.

37. Do I still require VPN connection to access my desktop from outside company network?

No. You can avoid the requirement of a VPN connection using PCoIP Secure Gateway which acts as a NAT device.

38. Can I checkout a desktop through PCoIP Secure Gateway?

When connecting remotely, desktops are checked out through the tunnel. Whether or not you have enabled 'Use Secure Tunnel Connection to Desktops’, you must enable 'Use Secure Tunnel Connection for Local Mode Operations' for this to work.

39. Can I use PCoIP Secure Gateway for my terminal services pool?

PCoIP protocol is not supported on terminal servers.

40. Where is the certificate used to secure communication is located

The certificates are located in C:\ProgramData\VMware\VDM\certificates folder.