Hello,
I wanted to change my server connection server configuration, but unfortunately I have difficulties and I can't understand where the problem is.
Currently the configuration is: Use Blast Secure Gateway for all Blast connections, and I wanted to change it to Donot use Blast secure Gateway.
Unfortunately, if I change this setting, two things I can't understand: either from the pc zero client or from the client on windows, as soon as I enter the login credentials, the vm machine assigned to the user goes into error (blue screen). This happens on all of us on numerous vm.
Can you help me understand how I can understand what's going on?
Thanks Alessandro
Enabling or disabling the BSG (Blast Secure Gateway) on your connection servers should not cause your VMs to BSOD.
With BSG enabled all connections from the endpoints are tunneled through the connection servers. This can greatly simplify and control the communication in your environment. With it disabled the endpoints need to communicate directly with the virtual desktops running the Horizon Agent. I could see the user logging in and then receiving a black screen before being disconnected if the required firewall rules are not in place. I don't like to use any of the tunnels on my connections servers and instead like the use of load-balanced UAG both externally and if necessary internally.
Thanks BenFB
you got it right !!!!
I'm looking for using UAG (into dmz) and i followed this link "https://www.carlstalhood.com/vmware-unified-access-gateway/"
I have read that I must disable all the "internal" gateways to the connection servers (are in my Lan) . I followed the mapping of the ports for UAG 443-8443-4172 for the UAG server, but unfortunately I always get black screen. As connetion server inside uag I entered https: //contoso.local and as Blast External URL I entered https://contoso.com:443, but unfortunately I always get black screen.
I state that inside I have everything in client tunnel connection and everything works well
can ypu help me for search problem
Thanks Alessandro
The desktop your connecting to, are you selecting blast or the default blast, if not you may be using pcoip and if you don't have that tunnel setup it may not work either.Can you post screenshots of settings in the connection server and the uag, feel free to block out the ssl thumbprint and dns names, I'm just curious to see what the rest looks like.Also what does horizon settings look like in the uag are they all green like this
The black screen is a connection issue (firewall, routing, configuration, etc...). Are you currently load balancing the UAG? Persistence needs to be maintained during the primary and secondary horizon protocols from the endpoint to the UAG.
The UAG implement the HTTP(S) Secure Tunnel, BSG (Blast Secure Gateway) and PSG (PCoIP Secure Gateway). You must disable the HTTP(S)/BSG/PSG on the connection servers.
Hello Sjesse
this is my UAG
Hi BenFB
My settings are these, I left the gateways otherwise internal users cannot connect .I left this way, because users inside my network (LAN) connect directly to the connection server, without going through DMZ
In the connection server uncheck all of them, you don't want them to be checked, the only place you want the gatway settings are in the uag.
Uncheck ONLY https and PCoIP ?
thanks Alessandro
Hi sjesse
i read this guide but if i uncheck all " Gateway " , my zero-pc don't connect with vm , somtimes i see that vm enter in error with blue scrrem
In this moment i uncheck first and second , but when i try to connect from external with PCoIP , i don't try nothing
Thansk Alessandro
That sounds like a firewall or possibly routing issue. When you uncheck the tunnels/secure gateways your endpoints need to be able to communicate with the Horizon Agent in addition to the connection servers.
You need to do one of the following.
Thanks BenFB
I wanted to ask you something please. Checking with the VMWARE schema port I saw that UAG (DMZ) must connect with Horizon agent on port 222443.
i try wiith this comand un pc into LAN , but i haven'u respond ? It's right ?^
curl -v telnet://VIRTUAL-DESKTOP:22443
Thanks Alessandro
I'm not sure it responds to curl, but you need to make sure 22443 is open between the uag and any virtual desktop. Look at this if you haven't
Network Ports in VMware Horizon 7: VMware Horizon 7 version 7.2
As it has all the required firewall ports needed, I'd review more than just the uag though, and make sure all components can talk to each other.
also do you have your desktops joined to ad and do they have valid dns records?
Hello BenFB
unfortunately I followed all your instructions, but I still couldn't get a result. Even disabling all the gateways in the connection server, I always get a black screen both from the outside and from the inside through the VMware Client.
I checked the ports on the firewall and always everything ok.
There is no log that can put me on the right way ?
Thanks Alessandro
Have you tried setting up a UAG in the same network to make sure the configuration is correct, you abosuletly cannot have the secure gateway options checked on the connection servers when your using a UAG.
Hello, thank you for your help.
i wnat to summarize my situazion:
1) I have 80 users who connect to their Vm
2) At the moment the 80 users have a zero-client in the office
3) The possibility arose that some of these users must connect from home.
4) so I will have a mixed situation
At the moment, all zero client PCs connect to the server via SRV-HORIZON.CONTOSO.LOCAL (connection server)
On the connection server I have all the gateways activated.
Zero client, vm, and server connection are on the same network
I tried disabling the gatewaws on the connection server but after the zero clients didn't connect.
First question, when I disable gateways from zero-client computers, where do these computers have to connect to the UAG server or to a connection server?
Fyi my UAG is into DMZ
Thanks Alessandro
First I want to make sure it's understood what the gateway does for your endpoints (in this case your zero clients).
When you disable the gateways on the connection servers what error are you receiving on the endpoints? We need to get that working first before introducing the UAG. Alternatively you can leave these connection servers as is and deploy new connection servers just for use with the UAG.
Can you provide the following (obfuscate as needed)?
Number of connection servers and version:
Any load-balancers in use:
Horizon agent version:
Subnets that your endpoints, connection servers, VDI (horizon agents) and UAG are on.
Hi BenFB
Number of connection servers and version: 1 server (SRV-HORIZON.contoso.local) + 1 replica server (SRV-RHORIZON.contoso.local)
Any load-balancers in use: NO
Horizon agent version: 4.8
Subnets that your endpoints, connection servers, VDI (horizon agents) : all same subet 10.10.0.0/23 vlan 1
I followed your advice, I turned off UAG and disabled all the gateways both on the connection server and on the replication server
In this situation with the PCoIP protocol both zero client clients, both with the client installed on a windowns 10 machine, and through the web, I can connect without any problem.
this happens both on the client zero PC and on the client view
When I try with the BLAST protocol, I can't connect, because after login, blue screen with error and then the machine restarts , this happens both on the client zero PC and on the client view
I'm trying to understand why the BLAST protocol doesn't work, what advice can you give me?
Thanks Alessandro