VMware Workspace ONE Community
erasor
Enthusiast
Enthusiast

Thousands of sessions (https) between Horizon Connectionserver and Identity Manager

Hi,

We have a PoC and a Lab Environment.

In both we have problems with HTTPS Sessions.

From day to day, there are more and more open HTTPS sessions from the Horizon Connection server to the Identity Manager in the DMZ.

After 10 days, we reached our 50'000 session limit from the firewall.

Is this a known issue?

For the Horizon Pool sync we use an internal Connector Appliance.

So, the HTTPS is only used for SAML.

Does anybody else had an issue like that?

Thousands of sessions are creating in one hour

Thanks for any advice!

Michael

Reply
0 Kudos
4 Replies
fastbee_34
Contributor
Contributor

I had the same issue and my issue turned out to be SAML authentication. Changing the SAML authenticators in the view connection server admin console from dynamic to static resolved the issue. The only kicker is having to find your SAML metadata within workspace once you change to type static. The address to find the saml metadata should be https://<workspacehostname>/SAAS/API/1.0/GET/metadata/idp.xml

Thx,

pchapman
Hot Shot
Hot Shot

I think this is the same issue I posted about here:

Which version of Horizon are you using?

ws_TomcatService ramps up to 100% cpu and memory after enabling SAML auth and crashes broker

Reply
0 Kudos
fastbee_34
Contributor
Contributor

Yes, pretty much the same issue I had. High CPU usage from Tomcat and tens of thousands of open TCP connections. We are on version 7.1

Reply
0 Kudos
Finikiez
Champion
Champion

VMware support told us that there is undocumented bug in Horizon 7.1 - connection servers doesn't close sessions to IDM properly. And this issue was fixed in Horizon 7.2

Try check opened sessions on connection servers and check their state.

Reply
0 Kudos