tryExplore
Enthusiast
Enthusiast

how to find my tenant FQDN at horizon cloud on Azure

Jump to solution

Hi,

I bulid horizon cloud on Azure and created connect.

now I want to add virtual app collection at workspaceone,

but my info can not pass and it return 404.

I wander if there if another tenant FQDN ?

Labels (1)
1 Solution

Accepted Solutions
yajimad
Enthusiast
Enthusiast

Hi,

Thank you for your swift reply.

   Currently, no. I applying it to my NW Team

   But, when I wrote down in hosts, the SSL error occur (I think is the following quesion2)

Great.

A SSL error is an expected behavior because you have not prepare tls/ssl certificate and imported to your Pod Manager.

IDM-C checks our internal applications and Horizon Connection servers/Pod Managers and sync them to WS1 Access.

When checking Pod Manager, IDM-C only uses https.

This is why we need to prepare internal FQDN and ssl/tls certificates for Pod Manager.

  No, I am check my certificates.

  I don't understand why is vIDM and pod Manager,

  can't they communicate by UAG ?

IDM-C had been able to sync VDIs by using UAG.

But that option was abolished last year to enhance security of Horizon Cloud.

  by far, I still don't know what is the tenant host FQDN,

  is it the pod manager FQDN?

Yes, it is FQDN that could be resolved internally.

And we should register it manually on our DNS systems.

I found 3 detailed guides.

  1. Overview of Configuring SSL Certificates on the Horizon Cloud Pod's Manager VMs
  2. Prerequisites for Running the Administration Console's Upload Certificate Workflow to Configure SSL ...
  3. Integrate a Horizon Cloud Pod in Microsoft Azure with Workspace ONE Access

Added: *Please note that your Pod Manager will immediately reboot after you upload a ssl/tls certificate*

Added link: Prerequisites for Running the Administration Console's Upload Certificate Workflow to Configure SSL Certificates on the Horizon Cloud Pod's Manager VMs as No.2.

Hope these helps.

Regards

View solution in original post

0 Kudos
6 Replies
yajimad
Enthusiast
Enthusiast

Hi,

To integrate VDIs as virtual app collection at Workspace ONE Access, I think that we should install VMware Identity Manager connector 19.03.

And Pod Manager should be resolvable from Identity Manager connector by using DNS.

Are you using that version of Identity Manager connector?

Thanks

0 Kudos
tryExplore
Enthusiast
Enthusiast

Hi, yajimad

Sure, I have installed vIDM 19.03 and successfully add it to my directory.

I think I don't know the prpperly tenant host and the service URL.

Every I try to add a horizon cloud virtual app collection,

it shows "Virtual apps validation failed - 404  " or "Virtual apps validation failed - 401  "

0 Kudos
yajimad
Enthusiast
Enthusiast

Hi tryExplore​,

Thank you for response.

I guess that Identity Manager connector(IDM-C) should reach by using Pod Manager's internal FQDN.

Probably the internal FQDN has been registered on your internal DNS system.

VMware Horizon Cloud Service on Microsoft Azure Requirements Checklist For New Pod Deployments - Upd...

DNS Record Requirements

Internal DNS record created for VMware Workspace ONE Access connections to the pod that matches the certificate that you will upload to the pod itself, pointing to the pod manager's Microsoft Azure internal load balancer. Required when you want to use VMware Workspace ONE Access with the pod.

  1. Have you set up above DNS record on your internal DNS system?
  2. Have you uploaded a ssl/tls certificate to your Pod Manager so that your IDM-C could connect to the Pod Manager by using HTTPS?

Regards

0 Kudos
tryExplore
Enthusiast
Enthusiast

Hi

1. Have you set up above DNS record on your internal DNS system?

   Currently, no. I applying it to my NW Team

   But, when I wrote down in hosts, the SSL error occur (I think is the following quesion2)

 

2.Have you uploaded a ssl/tls certificate to your Pod Manager so that your IDM-C could connect to the Pod Manager by using HTTPS?

  No, I am check my certificates.

  I don't understand why is vIDM and pod Manager,

  can't they communicate by UAG ?

by far, I still don't know what is the tenant host FQDN,

is it the pod manager FQDN?

0 Kudos
yajimad
Enthusiast
Enthusiast

Hi,

Thank you for your swift reply.

   Currently, no. I applying it to my NW Team

   But, when I wrote down in hosts, the SSL error occur (I think is the following quesion2)

Great.

A SSL error is an expected behavior because you have not prepare tls/ssl certificate and imported to your Pod Manager.

IDM-C checks our internal applications and Horizon Connection servers/Pod Managers and sync them to WS1 Access.

When checking Pod Manager, IDM-C only uses https.

This is why we need to prepare internal FQDN and ssl/tls certificates for Pod Manager.

  No, I am check my certificates.

  I don't understand why is vIDM and pod Manager,

  can't they communicate by UAG ?

IDM-C had been able to sync VDIs by using UAG.

But that option was abolished last year to enhance security of Horizon Cloud.

  by far, I still don't know what is the tenant host FQDN,

  is it the pod manager FQDN?

Yes, it is FQDN that could be resolved internally.

And we should register it manually on our DNS systems.

I found 3 detailed guides.

  1. Overview of Configuring SSL Certificates on the Horizon Cloud Pod's Manager VMs
  2. Prerequisites for Running the Administration Console's Upload Certificate Workflow to Configure SSL ...
  3. Integrate a Horizon Cloud Pod in Microsoft Azure with Workspace ONE Access

Added: *Please note that your Pod Manager will immediately reboot after you upload a ssl/tls certificate*

Added link: Prerequisites for Running the Administration Console's Upload Certificate Workflow to Configure SSL Certificates on the Horizon Cloud Pod's Manager VMs as No.2.

Hope these helps.

Regards

View solution in original post

0 Kudos
tryExplore
Enthusiast
Enthusiast

Hi, yajimad

Thank you

I have the FQDN of Pod manager created,

and upload SSL Certificate,

and finally add virtual app collection at workspace ONE.

Now I know that FQDN is that could be resolved internally,

and Serves URL is the access link of external UAG.