ec_bryant's Posts

Ok, latest update - It is the Load Balancer. I just created a new Enterprise Application and went direct to one of the UAGs. Uploaded the new metadata file and then add a new server in the Horizon Cl... See more...
Ok, latest update - It is the Load Balancer. I just created a new Enterprise Application and went direct to one of the UAGs. Uploaded the new metadata file and then add a new server in the Horizon Client that pointed directly to that UAG. It works every time in Chrome. So the Load Balancer must be doing something??? Ugh..... 
We have the same problem with Firefox but not Edge. MS just let us know that it is the way the SAML2 AuthRequest is being processed in Chrome. It is not being written in a way that Chrome can read it... See more...
We have the same problem with Firefox but not Edge. MS just let us know that it is the way the SAML2 AuthRequest is being processed in Chrome. It is not being written in a way that Chrome can read it. Which doesnt make much sense as it works once with Chrome then stops working. We used that guide you sent to setup our LB. I don't really think its the LB as it works all the time on MS Edge. But I dont get why our instance is different then anyone else using this configuration and Chrome browser? Very frustrating.
Tried testing with just one uag and one connection server and still have the same behavior. It almost seems like after you connect the first time it leaves something in Chrome so that when you try an... See more...
Tried testing with just one uag and one connection server and still have the same behavior. It almost seems like after you connect the first time it leaves something in Chrome so that when you try and connect the second time it gets hung up. I have a ticket open with both VMware and Microsoft but if no one else is experiencing this then I have to think it is something with my setup? Very frustrating as we want to deploy this by end of the month.
Hi, I am wondering if it is possible with Horizon (UAG, Connection Servers) to only have a subset of users login with MFA and allow the others to login without MFA. We can use Radius (using NPS Serv... See more...
Hi, I am wondering if it is possible with Horizon (UAG, Connection Servers) to only have a subset of users login with MFA and allow the others to login without MFA. We can use Radius (using NPS Server) but not sure if it is possible to do this.  
It is very strange. We deleted all Browsing history closed all Chrome Windows. Open it back up and it works. But after the first time it works it doesnt work again.
I am actually troubleshooting now with Microsoft and when doing a test via Azure portal to - https://horizon.test.com/portal/samlsso the page comes up with an HTTP 500 error.
That is just an example.
We are using a wildcard cert on the lb/uag. Everything works fine without adding this Azure Authentication piece. Here is my config: Basic SAML Configuration   Identifier (Entity ID) - https://h... See more...
We are using a wildcard cert on the lb/uag. Everything works fine without adding this Azure Authentication piece. Here is my config: Basic SAML Configuration   Identifier (Entity ID) - https://horizon.test.com/portal Reply URL (Assertion Consumer Service URL) - https://horizon.test.com/portal/samlsso Sign on URL - https://horizon.test.com/portal/samlsso Relay State - Optional Logout Url - Optional
Not sure where to check the UAG logs. But after letting this go for awhile the page finally responds with the attached message.
Hi thank you for this. I am pretty sure this is all setup and I have uploaded the metadata file into the UAGs. Couple questions. In your guide you have this - https://<public-FQDN-UAG>/portal/samlsso... See more...
Hi thank you for this. I am pretty sure this is all setup and I have uploaded the metadata file into the UAGs. Couple questions. In your guide you have this - https://<public-FQDN-UAG>/portal/samlsso for the URL. If our UAGs are Loadbalanced can I get away with putting the LB VIP so its just https://lb-vip-fqdn.test.com/portal/samlsso? Or in Azure would I need two entries for each UAG we have? Also what needs to be done or what can I look for on the LB that might show the issue is there? Thanks.
Hi, we have just setup a brand new Horizon Environment with the latest version. We have A 10 LB that goes to 2 UAGs that point to 2 Connection servers. We are trying to setup Microsoft Azure and have... See more...
Hi, we have just setup a brand new Horizon Environment with the latest version. We have A 10 LB that goes to 2 UAGs that point to 2 Connection servers. We are trying to setup Microsoft Azure and have gone though the guides to get it setup. We open the VMware client. Double click on the server and it goes to a MS login page. We login and get the 2FA prompt and then it just sits at a URL ending in https://lb-vip-fqdn/portal/samlsso and spins and spins but nothing. Anyone have any suggestion to what I might have missed or how to fix this issue?