caddo's Posts

Hi, thank you for your answer but this doesn't solve my problem. When you use default self-signed certificate every connection server or security server will generate a certificate and be i... See more...
Hi, thank you for your answer but this doesn't solve my problem. When you use default self-signed certificate every connection server or security server will generate a certificate and be its own ca, so in this case you don't end up with a chain of certificates (as with the tipical rootca > sub ca > certificate) but you get one cert that will work as both cert and ca. In the case of connection servers I just proceed as you described and the View Administrator Dashboard will be happy: But if I do the same with the security server it won't be enough to convince the dashboard it's a valid SSL Certificate: In this demo environment there is one connection server (which trusts its own certificate and the security server certificate) and one security server (which trusts its own certificate and the connection server certificate) So since I did already what you suggested, what else is left to try? Thank you.
Hi all, this is a very simple question as i want to "convince" Horizon View Dashboard to give me all green lights about SSL Certs using the self-signed certificates. I'm running Horizon Vie... See more...
Hi all, this is a very simple question as i want to "convince" Horizon View Dashboard to give me all green lights about SSL Certs using the self-signed certificates. I'm running Horizon View 6.0.1. The components that can be red are: - vCenter - Composer - Connection Servers - Security Servers For the first two it's pretty straightforward since you can just accept the thumbprint fro the View Administrationg Dashboard. For the Connection Servers all you have to do is to import the all Connection Servers certificates into the certificate stores of all Connection Servers under the trusted CA. I still can't find a way to make the security server green. Anyone managed to make it green using the self-signed certs? Thank you!
I would like to also point out that if the VMware Horizon View Script Host is not in automatic startup mode and started before the installation the Integration setup fails. The default for tha... See more...
I would like to also point out that if the VMware Horizon View Script Host is not in automatic startup mode and started before the installation the Integration setup fails. The default for that service is Manual and it fails every time.
That is definetely the case... sorry for missing that, but i have to admit it's not easy to evaluate a product if you have missing features. Thank you.
Logs indicate: Attempt to attached 2 appstacks for User <domain\user1> but only 0 more are allowed because 1 are already attached. Skipping attachment of the extraneous appstacks. Attempt to ... See more...
Logs indicate: Attempt to attached 2 appstacks for User <domain\user1> but only 0 more are allowed because 1 are already attached. Skipping attachment of the extraneous appstacks. Attempt to attached 2 appstacks for User <domain\user1> but only 1 are allowed. Skipping attachment of the extraneous appstacks.
If I use only AppStacks entitled by users, users get their apps. If I add a writable volume, users get only the writable volume. I can never assigno both at the same time... what am I doing... See more...
If I use only AppStacks entitled by users, users get their apps. If I add a writable volume, users get only the writable volume. I can never assigno both at the same time... what am I doing wrong?
I found the fix myself, .NET was missing. Maybe the error message could be more helping or the installer should install the component automatically. For the records since I'm running this i... See more...
I found the fix myself, .NET was missing. Maybe the error message could be more helping or the installer should install the component automatically. For the records since I'm running this in a Lab I admit I didn't look at the prereqs and I'm running an unsupported setup using 2012 R2 (I gave for granted it would work with the latest OS) but I can see the doc states 2008 R2 as the supported OS just as 2008 R2 as supported SQL. (I'm using 2012 SQL) The installer completed correctly after installing .NET.
Hi Gaurav_Baghla first of all thank you for your help. the connection broker version is 6.0.1 build-2088845 just downloaded from the VMware Website. The Broker Integration Services setup... See more...
Hi Gaurav_Baghla first of all thank you for your help. the connection broker version is 6.0.1 build-2088845 just downloaded from the VMware Website. The Broker Integration Services setup version is 2.5.1.1169. From the Event Viewer the only message i get is "Product: App Volumes Broker Integration Service -- Error 1920. Service VMware App Volumes Broker Integration Service (appvolbroker) failed to start.  Verify that you have sufficient privileges to start system services." which is exactly what pops out during the installation process. I also attached the installer log file but it doesn't seem to give much more info. If I look at the services, i can confirm that the dependancy on the service "VMware Horizon View Script Host" is respected since the service is up and running; if I try to manually start the service "VMware App Volumes Broker Integration Service" I get an immediate reply that "The service did not respond to the start or control request in a timely fashion. (Error 1053)".
Hi Jason, my test environment is affected by this problem but this installer is not fixing my problem, it still states that the service cannot start during the installation. Can you help me... See more...
Hi Jason, my test environment is affected by this problem but this installer is not fixing my problem, it still states that the service cannot start during the installation. Can you help me?
Thank you for sharing this to the community!
Given that the name resolution is correct and that the workspace FQDN is setup correctly in the product it should just work. Sometimes it's a bit tricky about it so i wrote a couple of article... See more...
Given that the name resolution is correct and that the workspace FQDN is setup correctly in the product it should just work. Sometimes it's a bit tricky about it so i wrote a couple of articles about how to do it exactly from an architectural point of view and practical as well, just to remind myself and help other to avoid loosing time for nothing. You can check it out at http://myvirtualife.net
In your case i can believe there could be something going on on your firewall since UAG is a layer7 firewall understanding protocols at the application layer, so maybe the facts that the gateway-... See more...
In your case i can believe there could be something going on on your firewall since UAG is a layer7 firewall understanding protocols at the application layer, so maybe the facts that the gateway-va is doing all those redirects could trigger some security feature that needs to be correctly addressed to make it work with Workspace. In the other case we are talking about a normal NAT/òayer4 firewall that should just forward packets and never messup with protocols at the application level. Unfortunately i have no experience with UAG and Horizon Workspace to give a specific help.
You didn't provide any details about your Workspace or networking deployment, it's difficult to help without knowing a bit of details.
There is no reason why it shouldn't work, even if i don't understand why you can't use a load balancer. You can build one for free: http://myvirtualife.net/2013/08/19/how-to-build-a-load-balance... See more...
There is no reason why it shouldn't work, even if i don't understand why you can't use a load balancer. You can build one for free: http://myvirtualife.net/2013/08/19/how-to-build-a-load-balancer-with-haproxy/ You need to provide more details.
I made a blog post about how i deal with Horizon Workspace 1.5 FQDN and certificates: How to deal with Horizon Workspace 1.5 FQDN and certificates | MyVirtuaLife.Net In my lab i use HAProxy a... See more...
I made a blog post about how i deal with Horizon Workspace 1.5 FQDN and certificates: How to deal with Horizon Workspace 1.5 FQDN and certificates | MyVirtuaLife.Net In my lab i use HAProxy as load balancer. I will write about how to install and configure it for Horizon Workspace. Subscribe if you want to be notified when i do it. Hope it helps.
I released the blog post, go check it out here: How to deal with Horizon Workspace 1.5 FQDN and certificates | MyVirtuaLife.Net
wismannh you have to make the fqdn point at the reverse proxy and change it accordingly in workspace so redirects resolve correctly. If FQDN points at gateway-va users from outside won't ... See more...
wismannh you have to make the fqdn point at the reverse proxy and change it accordingly in workspace so redirects resolve correctly. If FQDN points at gateway-va users from outside won't be able to access it.
robrie I can't tell with this info your setup looks correct. I would look at the load balancer config.
It is surely possible if you configure apache as reverse proxy. Just keep in mind that gateway-va will redirect all requests to your workspace fqdn so users from outside need to resolve that as y... See more...
It is surely possible if you configure apache as reverse proxy. Just keep in mind that gateway-va will redirect all requests to your workspace fqdn so users from outside need to resolve that as your reverse proxy.
I managed to both change certificates and external load balancer + FQDN. In my test i managed to do it in 2 ways. #1: Using the tip in this thread i used the fqdn i wanted as gateway-va nam... See more...
I managed to both change certificates and external load balancer + FQDN. In my test i managed to do it in 2 ways. #1: Using the tip in this thread i used the fqdn i wanted as gateway-va name, then i changed the certificates as described in the documentation with no load balancer option, then i moved the workspace fqdn in my dns to point at the load balancer, i created new records in the dns for the gateway-va (gateway01.something.local) then using yast i renamed the gateway-va VM and rebooted. I then found the load balancer option already configured with valid certificate. #2: From the start i pointed the workspace fqdn to the load balancer which was already configured with the cert i wanted to use; all workspace vm had their own entry in dns (gateway01, data01,.... etc). The load balancer redirects everything to the gateway-va. After completing the setup without changing anything regarding ssl and certs i went to change fqdn with load balancer and it all went good. The reason why these procedures work and other don't is that when you change fqdn there is a check that verifies that the new fqdn has a certificate that matches the URL in the common name of the certificate, so it means this has to be taken care BEFORE you perform the change: ERROR [tomcat-http--29] com.vmware.horizon.configurator.vm.remote.impl.ConnectorRemoteImpl - Error when updating Connector connector-15.vsphere.lab with new IDP Url. Response from server: "Hostname is invalid or not reachable". Could not connect to the URL. hostname in certificate didn't match: <gateway-15.vsphere.lab> != <workspace-15.myvirtualife.net> This will throw the infamous "Invalid IDP host/port". So, if you start with method #1 you already have it in place because it's generated during setup. With method #2 you point at something else where you already applied a certificate with correct requirements. Another way i tried was method #2 without load balancer where i would change the self-signed certificate with another sel-signed certificate with the new fqdn name i wanted before changing, just like i was describing in the 1.0 version in this blog post using the "wizardssl.hzn" command: http://myvirtualife.net/2013/07/27/how-to-install-horizon-workspace-using-an-external-database/ This doesn't work because even if the new cert gets generated correctly there are still some urls (at least one) that shows the old cert and this makes the fqdn change fail. In the coming days i will write an extensive tutorial about how to implement solution #1 and #2. If you are interested subscribe to my blog to be notified when i publish it: http://myvirtualife.net As load balancer i use haproxy with ssl offload, i will also post instruction about how to build that, just need some days since i'm still on holiday