VMware Workspace ONE Community
schmidtl
Enthusiast
Enthusiast

External Access, Reverse Proxy & strange redirects

Hi,

I'm a bit lost and need a hand, because since Upgrading my Horizon to 1.5 I'm unable to get access from the Internet.

The Hard Facts:

The System is setup with Split DNS, with 'horizon.mydom.com' being the FQDN of my Workspace and the Gateway-va, resolving to a rfc1918 LAn adress from the insife and to a public rechable Adress from the outside.

The System is accessed from the Internet via a reverse Proxy, that is also serving other https Intranet applications, so I assume this is working fine.

From within my LAN, everything is working fine, no Problems here.

External Access:

If I type https://horizon.mydom.com, I'm redirected to "https://horizon.mydom.com/:443/SAAS/auth/login?dest=https://horizon.mydom.com/web"

A Horizon Error Page is displayed, thelling me that the page i'm looking for is not available (See Screenshot)

Please note the "/:443" part: The Browser is forced to take the Port Number as a path ... this explains "the page not found" error.

If I Access "https://horizon.mydom.com/hc/login", I get no error, the login page is displayed, and I can log on.

Unfortunateley, my reverse proxy is not able to redirect  https://horizon.mydom.com to  https://horizon.mydom.com/hc/login, so I need to get it fixed on Horizon side.

Any Ideas?

2013-11-04_17h19_29.png

Reply
0 Kudos
6 Replies
Seb1180
Enthusiast
Enthusiast

This might not be the solution but just in case.

How many connector-va do you have ? if you have only one for both internal and external have you enabled windows authentication ? if yes go to the connector page and disable it.

Took me a while to figure this out as I was unable to connect from external and it makes sense ...

Now I have two connectors one for internal with Kerberos & SSO (that doesn't work yet :smileyconfused: ) and one for external.

Could it be also something with the idp hostname in identity provider ?

Seb

Reply
0 Kudos
schmidtl
Enthusiast
Enthusiast

Tried, with no effect.

If I disable the Reverse Proxy, and replace it with a NAT device, everything is smooth....

Reply
0 Kudos
Seb1180
Enthusiast
Enthusiast

What type of reverse proxy do you have ?

Reply
0 Kudos
schmidtl
Enthusiast
Enthusiast

Sophos UTM, basically it's Linux based.

Reply
0 Kudos
Seb1180
Enthusiast
Enthusiast

I won't be able to provide much help on this as I have an F5 LTM in front although I have been using a Linux haproxy before.

I ll do a bit of research on this and in case I can come up with an idea I ll reply back Smiley Wink

Reply
0 Kudos
admin
Immortal
Immortal

Hi,

Could you please try by changing the reverse proxy configuration by including port number in the url.

For example:

if the reverse proxy server forwards the request to https://fqdn, then change it to forward request to https://fqdn:443.

Reply
0 Kudos