VMware Horizon Community
krismcewan
Enthusiast
Enthusiast

Accessing Desktop from Internet

Hi all

I have set-up a desktop that needs to be accessed from outside the network.

I have the security server in place all with the right SSL certificates and firewall ports opened.

From the internet I can get to the security server, I can Authenticate get my entitled desktop pools and thats where the problem starts.

When I launch the desktop the client opens up and after about 10-30 seconds it closes.

Looking at the View Events I can see that the request comes through to the broker. Internally i can get a desktop using the Security servers internal network address no problems. Only accessing the external address gives me a problem.

The desktop is defaulted to RDP and tried both Direct connection on and off.

Any ideas?






A VMware Consultant in Scotland for Taupo Consulting

http://www.taupoconsulting.co.uk

If you think I'm right or helpful award me some points please

A VMware Consultant in Scotland for Taupo Consulting http://www.taupoconsulting.co.uk If you think I'm right or helpful award me some points please
Reply
0 Kudos
12 Replies
idle-jam
Immortal
Immortal

Is the below ports open on the firewall? i have the same issues before and it's due to the RDP ports.

http://www.tcpdump.com/kb/virtualization/virtual-desktop/deploying-vmware-view-manager-security-serv...


iDLE-jAM | VCP 2, VCP 3 & VCP 4

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Reply
0 Kudos
krismcewan
Enthusiast
Enthusiast

The network Guy has assured me he has opened up everything. (any any) untill we solve the problem.

I have no issue inside the enviroment so its not any firewalls on connection brokers or the Security server its self.

Is the below ports open on the firewall? i have the same issued before and it's due to the RDP ports.

http://www.tcpdump.com/kb/virtualization/virtual-desktop/deploying-vmware-view-manager-security-serv...

<br>iDLE-jAM | VCP 2, VCP 3 & VCP 4

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

A VMware Consultant in Scotland for Taupo Consulting

http://www.taupoconsulting.co.uk

If you think I'm right or helpful award me some points please

A VMware Consultant in Scotland for Taupo Consulting http://www.taupoconsulting.co.uk If you think I'm right or helpful award me some points please
Reply
0 Kudos
idle-jam
Immortal
Immortal

While waiting for the rest to help out, maybe you could upload the log files of the view agent on one of the desktops.

When the user connection get redirected from the security server to the desktop i believe there are some traces in the log files that can be useful.

In Windows XP – iDLE-jAM | VCP 2, VCP 3 & VCP 4

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Reply
0 Kudos
krismcewan
Enthusiast
Enthusiast

Ok update.

I have tested the remote access and checked the logs. Nothing is hitting the desktop logs at all. So the connection isnt getting a desktop session even though the Connection broker is sending the request.

I have to agree it has to be firewall related.

Chris

A VMware Consultant in Scotland for Taupo Consulting

http://www.taupoconsulting.co.uk

If you think I'm right or helpful award me some points please

A VMware Consultant in Scotland for Taupo Consulting http://www.taupoconsulting.co.uk If you think I'm right or helpful award me some points please
Reply
0 Kudos
mittim12
Immortal
Immortal

In your scenerio you wouldn't want to utilize the direct method of connection as that would require that 3389 be open to the outside client. In the tunneled mode only the security server needs to be able to access the VDI machine on 3389. If your getting everything up until the loading of the desktop it sounds like all ports except 3389 have been definied. If your on the security server you can RDP into the VDI machines without any issues?

I saw you mention a certificate is on the security server. There was a thread awhile back about an issue with using self signed security certificates on the security server. Here is the link in case it helps you out any, http://communities.vmware.com/message/1636745






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

Reply
0 Kudos
krismcewan
Enthusiast
Enthusiast

MITTIM12

first thing i tested was the RDP from the SS to the desktop.

resolves and works no problem, can also RDP and nslookup all the components of the view enviroment from the SS.

I was going to have direct connection off on one connection broker and point the SS directly to that. Trying to figure out how i do that just now.

the SSL isnt self signed ist from Geotrust

A VMware Consultant in Scotland for Taupo Consulting

http://www.taupoconsulting.co.uk

If you think I'm right or helpful award me some points please

A VMware Consultant in Scotland for Taupo Consulting http://www.taupoconsulting.co.uk If you think I'm right or helpful award me some points please
Reply
0 Kudos
mittim12
Immortal
Immortal

If you moave to 4.5 you can pair your security server with a particular connection broker through the Admin screen. In previous versions you had to simply do it from within the Security server configuration files at least that's how I did mine way back in VDM 2.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

Reply
0 Kudos
krismcewan
Enthusiast
Enthusiast

4.5 is not an option. And the setup already is paired with a connection broker.

I am however rebuilding the whole security server and cb today just in case it was a problem with the windows 2008






A VMware Consultant in Scotland for Taupo Consulting

http://www.taupoconsulting.co.uk

If you think I'm right or helpful award me some points please

A VMware Consultant in Scotland for Taupo Consulting http://www.taupoconsulting.co.uk If you think I'm right or helpful award me some points please
Reply
0 Kudos
mittim12
Immortal
Immortal

Oh, in your previous post you said you were looking for a way to point a SS to a connection broker which is what I mean by pairing the SS to connection broker. Our environment is set with a dedicated connection broker for the security sever utilizing tunneling and then two internal connection brokers that utilize direct connect.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

Reply
0 Kudos
krismcewan
Enthusiast
Enthusiast

FInally fixed it.

Rebuilt the SS and there was a DNS error with the External URL. (url was set to domain.com forwarding not sub.domain.com which it needed to be)

All working swimingly now.

Thanks all

A VMware Consultant in Scotland for Taupo Consulting

http://www.taupoconsulting.co.uk

If you think I'm right or helpful award me some points please

A VMware Consultant in Scotland for Taupo Consulting http://www.taupoconsulting.co.uk If you think I'm right or helpful award me some points please
Reply
0 Kudos
mittim12
Immortal
Immortal

Great news. Thanks for sharing the resolution.






If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Twitter: http://twitter.com/mittim12

Reply
0 Kudos
acraiger
Contributor
Contributor

I read you post, and I think I am having the exact same issue.

Would you mind explaining exactly what the dns issue was?

Did you have to change the dns setting in your domain, or Public dns setting?

I have everything working internally, but not externally from the internet.

I have a security server, connection server all running on server 2008 r2.

Using vmware 4.5.

I can connect to the security server inside our network and it works.

from the internet using the vmware view client, it authenticates and lets me choose the pool.

It acts like it is going to start up the client, then disconnects with the error: "The connection to the remote computer ended."

Thanks,

Craig

Reply
0 Kudos