VMware Horizon Community
epa80
Hot Shot
Hot Shot
‎09-13-2019 09:41 AM

UAGs Red in Horizon Console

We recently upgraded to Horizon 7.8, as well as upgraded our UAGs to 3.6. We never tried register the Gaetways in the console until now. Upon doing so, they initially stayed as "Unknown" in the console. No stats, under the question mark section in the admin console. After some review, we realized you have to use the exact name of the UAG itself, the local name, not actually the FQDN. We did that, but, same result. They sat for hours and, with no change, suddenly switched to Red, with some data available, but, with a status of "Unreachable".

From documentation I don't find any pre-reqs. Anyone seen this before?

0 Kudos
4 Replies
sjesse
Leadership
Leadership
‎09-13-2019 09:44 AM

I haven't done it yet, but I'm pretty sure port 9443 is required, I added the UAGs to the horizon adapter for vrops and 9443 is required.

0 Kudos
epa80
Hot Shot
Hot Shot
‎09-13-2019 10:40 AM

Thanks. I also hooked them into my vROPs adapter, indeed on 9443, and it went fine. I also confirmed with my Firewall admin that 9443 is open between the UAGs in the DMZ, and our secure network (where the brokers live).

Still searching.

0 Kudos
epa80
Hot Shot
Hot Shot
‎09-13-2019 01:09 PM

Trying to clarify with my firewall guy if 9443 is open between the UAGS and ALL the brokers in our pod (we use CPA), or just the 2 externally defined connection brokers. When we stood up the UAGs, we kind of went with the old design of linking them to brokers classified as external. Kind of lik what used to go down with Security Servers. Later we realized this was kind of moot, that you didn't need the 1 to 1 linking, but, it was put in place. Essentially the UAGs are pointed at a load balancer to talk to the 2 brokers. I'm wondering if it can't talk to other brokers in the pod, if that's why it kind of breaks.

Just a theory for now. Waiting on the firewall clarification.

0 Kudos
epa80
Hot Shot
Hot Shot
‎09-15-2019 10:43 AM

Couple little updates, but no resolution:

  1. I verified that from all 7 brokers in the Pod, both the ones identified as Internal as well as External, I could get to the UAGs admin page (which uses 9443). This should rule out that if 9443 is the important port, that connectivity between them SHOULD be fine.
  2. The 2 external brokers by mistake had the Windows firewall enabled. Just to rule out something silly like Windows firewall blocking data, I disabled the service. This didn't seem to matter, the UAGs are still red in the Horizon admin console.

Have a call with support scheduled for Monday afternoon. We'll see where it goes.

0 Kudos