Do you have port 22443 open between your UAGs and the virtual desktops?
yes it is open. didn't change and fw rules.
I see you have a UAG in play. You should not be doing any sort of tunneling / BSG when connecting via UAG. Otherwise both the CS and UAG will attempt to proxy your connection to the agent and your connection will fail. You have PCoIP disabled which is why it is working.
Try turning it off on the Connection Server and report back your results.
That’s one of the beauties of UAG - you do not need any special configuration on your Connection Servers.
I disabled blast on the connection server but did not do any difference.
I can connect , system authenticates me. After i click on the desktop pool it starts loading and turns black screen.
And i can see my session on the horizon console. protocol blast.
How many connection servers do you have? Is the UAG pointed to a specific Connection Server or load balancer? Only one UAG in play?
That configuration is specific to each CS. If load balanced, you'll need to go through each one and select "Do not use Blast Secure Gateway."
If they're all set that way, you are likely denying port 22443 somewhere between UAG - > VDA. You should be able to run "curl -v telnet://VDA:22443" from UAG and get an established connection. You can also run tcpdump 'port 22443' from UAG to see if you see the VDA responding back to the UAG's 22443 traffic when you try to establish the connection.
If you haven't already, run /etc/vmware/gss-support/install.sh on the UAG to enable tcpdump.
Ah - I just realized your Connection server name and Blast external URL on the UAG are configured the same. The Blast External URL, Tunnel URL, and PCoIP External URL should be the UAG name/IP (or load balanced name/IP if behind a VIP). This will tell the client to proxy the Blast/PCoIP connection via the UAG.
Upon connection, the connection is attempting to be proxied via the Connection Server URL, which is likely why it's breaking.
2 connection servers. Now UAG point to 1 connection server and i have changed the connection server on UAG with the connection servers ip address.
Got it - see my previous post to see if that fixes your issue. Use the UAG name for your Blast/Tunnel URLs.
changed the urls with the uag's ip address. client works over blast but browsers dont.
I am getting content security policy error message.
CSP14312: Resource violated directive 'default-src 'self'' in Content-Security-Policy: wss://a.a.com:8443 ..................................... Resource will be blocked.
I was getting this message when i first deployed the system so i created locked.properties file and added the lines (below) in it.After that it started to work from EDGE with Blast.
It is the same file and the values but i still get the error. I deleted and re created the file.
content-security-policy=font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';img-src 'self' blob: data:
Remove everything in locked.properties except for checkOrigin=false and reboot the CS. See if the problem persists.
removed everything except checkOrigin=false. still the same.
By the way, i am doing my test only with EDGE.
Chrome or firefox works okay.
Ah, I thought you were referring to Edge from a network perspective, not a browser. Does Edge work internally (not going through UAG)?