Im not sure what you mean - i've installed the HTML access component on the View Connection server - but not on the Security Server.

Yes, that is the one. You also need to configure it on the connection broker to enable HTML access and set the port.

Does it work if you connect directly to the connection-broker?

// Linjo

Hi!

Same here, any solutions??

The ports are correct, also the exportable key.

Very frustrating...

Thanks, Jo!

I actually got my lab to work with HTML access from outside (through DMZ security server).

I needed two thinks to make it work:

1)      Enabled the windows firewall on the security server

2)      Opened port TCP 22443 from Security server to the desktops on my LAN.

I have now checked this.

1) uninstalled SS

2) uninstalled CS

3) enabled Windows Firewall on both servers

4) reinstalled CS with firewall config

5) reinstalled SS with firewall config

6) reinstalled Feature Pack

not working. no blocks between servers. checked the firewall log.

tested the port 8443 and 22443 with netcat between SS, CS, Clients. Working!!

have you checked 8443tcp from outside? does normal View client work (is it only HTML access that doesnt?)

Hi!

I have tried the last action plan without success (from VMware Support).

BUT: I have found the problem!!

The problem was my RADIUS configuration for external connections.

We are using a OneTimePassword System to enable 2-way auth for external connections.

The user must enter his username (without the domain), and his password.
This will be crosschecked with our domain controllers.

We have also enabled the option " Use the same user name and password for RADIUS and Windows authentication".
This is perfect working with the VMware Horizon View Client for Windows or Mac. The user needs only his user and password, and the passcode (will be sent via SMS).

But if this option is enabled and you try connect via the new HTML Access to a desktop after 2 way authentication, it will fail!
I think, the user redirection on the HTML Portal is not working like in the default client!!

Workaround: disable this option. Users must now authenticate at first with the username, password, get a passcode, then second with the domain credentials (not so user friendly).

Solution: is needed, I think it´s a bug! (informed VMware Support).

Thanks, Johannes!

Thanks so much for the update and bug report!  I'll work to see if we can make can have our tech support handle other customers with similar environments more easily in the future.

- Chris

jansson81,

My apologies for your trouble!

So far, the reported instances of this error message has been due to one of the following causes:

• Windows firewall was disabled on the security server.  It needs to be enabled.
• Some of the following traffic was blocked by a firewall:
  • TCP 22443 from the Security Server to the VM pools
  • TCP 8443 from the internet to the Security Server
  • (if blocked by a 3rd-party firewall) TCP traffic from the Security Server to itself over its loopback interface
• The SSL certificate on the security server was not marked at "exportable"

It would be good to know if any of these things help resolve what you're seeing, or if it is something else.

- Chris

Thanks for your update!  I'm glad to hear that you got it working.

- Chris

Nikonau,

Did you have to manually create any entries within the Windows Firewall on the Security Server to allow your security server to communicate to the desktop pools over port 22443?

Mooge

Hi Mooge,

No, I'm not using windows firewall it's set to manual tho when I installed the security server - this will allow the installer to add any prerequisite rules if you use it.

Windows firewall is not required to get this all to work. It is required for the IPSec security server to connection server pairing connection.

In the end it was our ASA I had to open up the security server/s to the view desktop pool subnet on tcp 22443 - obv make sure the horizon experience agent is installed in the desktop pool.

Sent from my iPhone