VMware Workspace ONE Community
MarkSchwantje
Enthusiast
Enthusiast

Test HTTP/2 Connection button

In preparation for the retirement of the legacy APNS mechanism in November 2020, I tried using the Test HTTP/2 Connection button in my 19.07.52 console, and I'm getting an error message that the connection failed due to an invalid cert. I recently upgraded our UAT environment to 20.05 from 19.07, and before that, our UAT was also experiencing this error. Now that its on 20.05, that test is successful.

Support wants me to replace my APNS cert in production due to the error, but I don't believe that is necessary based on my experience with my UAT environment. However, I'm wondering if anyone else out there running 1907 (less than the .59 patch) can test this to see if you're experiencing the same issue, or if you have a successful test connection.

Thanks.

Reply
0 Kudos
10 Replies
chengtmskcc
Expert
Expert

While I'm no longer an on-premises customer, I did not have this issue either when I was at 19.07 and when I'm at 20.05.

Based on your experience in UAT, I would hold off replacing it manually until after upgrading your PROD to 20.05 and see. Unless of course if you are experiencing any issue related to this, then I recommend that you take necessary action to address it before your upgrade.

Reply
0 Kudos
Vikram86
Contributor
Contributor

Hi Mark,

did you try replacing the keys in the config file as specified in the article?

I tried doing those and found the keys missing in certain config files, raised a support case for this issue.

I am on onprem  version 20.1.0.10 and the cert error was there in my environment. Now its a different error after replacing the keys, its a timeout error.

Reply
0 Kudos
MarkSchwantje
Enthusiast
Enthusiast

Hi Vikram86,

I did not try replacing the keys, because that is only needed if you want to use the non-default port of 2197. We're using the default port of 443, which is allowed outbound on all our AirWatch servers.

Reply
0 Kudos
HimanshuMishra
Enthusiast
Enthusiast

I have seen a failed test connection few times even though the cert was fine. Then it gave me a "successful connection" after I refreshed the page. I can still replicate this behavior. I did not replace the cert as it worked each time after a page refresh. WS1 version - 1907

Reply
0 Kudos
MarkSchwantje
Enthusiast
Enthusiast

I replaced our cert this morning based on support's recommendation. When I ran the "Test Connection" a few times right afterwards, it was successful. However, I tried it again a short time later, and it started failing. A couple of times it has shown successful, but more often than not, the test usually fails with the same error about my cert being invalid.

Reply
0 Kudos
Stansfield
Enthusiast
Enthusiast

I am getting this as well (although mine never worked with http/2) and support has no clue what is going on.  One thing I kind of suspect there was an update back in 9.2 that disabled http/2 for compatibility and this server is old enough it might have been installed, is yours?  When I run a wireshark it never sends http/2 traffic just http1.1

Reply
0 Kudos
MarkSchwantje
Enthusiast
Enthusiast

The support person I was working with confirmed yesterday this is a known bug. If you're running Windows Server 2012 R2 (and I believe earlier) and WS1 UEM 1907, you'll encounter intermittent failures, which is what I was running into (although in my case it failed way more than it succeeded). The fix is definitely in UEM 2005; I don't recall if UEM 2001 contains the fix.

I'm upgrading to UEM 2005 in about 2 weeks. I upgraded my UAT environment a couple weeks ago, and it was experiencing this same issue. Since upgrading it to UEM 2005, I have not experienced the issue in UAT since.

Reply
0 Kudos
Stansfield
Enthusiast
Enthusiast

I am having the failure at version 2005 and server 2016 so there may be more than one issue

Reply
0 Kudos
MarkSchwantje
Enthusiast
Enthusiast

Well that's not encouraging! Is it failing every time or just intermittently?

Reply
0 Kudos
senglam1
Contributor
Contributor

Ran into this problem also during an on premise set up.

This was the solution:

https://kb.vmware.com/s/article/81286

Certain ciphers needed for HTTP/2 to happen.

Hope this helps.

Reply
0 Kudos