KFM - you certainly need to fix your Horizon tunnel issue first. HTML Access (browser) doesn't use the tunnel, but native Horizon clients do. After authentication, Horizon clients establish the tunnel connection using the value of tunnelExternalUrl. e.g. https://daas.tenanta.com:443. This is one of the secondary connections and you MUST ensure that gets routed to the same UAG as used for the initial primary connection. If the tunnelExternalUrl is not usable by the client, the tunnel connection is blocked or misrouted to the wrong UAG appliance it will fail. You then won't get the list of entitled desktops. All secondary protocols (Tunnel, Blast, PCoIP) must be routed to the same UAG as the primary connection.
