I'm hoping someone has come across this problem before and is able to help me
I have a connection server paired with a security server.
From the internal network I can connect using
PCoIP using vmware client to vm desktop
RPD using windows Remote Connection Client for XP SP3
If I try to connection on RDP using vmware client I get the error
"This dekstop is currently not available"
and this event is logged in view administrator
(SESSION:B6760D957D5365727BBD26F638CA455C;FB8E5E90C87594F9E5D7676455C0C770) Failed to launch desktop CN=LabName,OU=Applications,DC=vdi,DC=vmware,DC=int for user Username: Error raising port: Unable to connect to IPAddress:3389, reason: Connection timed out: connect
I've disabled the firewall on the desktop but still get the error
Firewall Configuration for Connection Server----
Profile = Domain
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open on network interface:
Port Protocol Version Program
-
1024 TCP IPv4 (null)
21 TCP IPv4 (null)
20 TCP IPv4 (null)
80 TCP IPv4 Path to\ws_TunnelService.exe
123 TCP IPv4 (null)
123 UDP IPv4 Path to\svchost.exe
3389 TCP IPv4 (null)
39263 TCP IPv4 (null)
4500 UDP IPv4 Path to\lsass.exe
443 TCP IPv4 Path to\ws_TunnelService.exe
500 UDP IPv4 Path to\lsass.exe
2847 TCP IPv4 (null)
8009 TCP IPv4 Path to\ws_TomcatService.exe
8080 TCP IPv4 (null)
2967 TCP IPv4 (null)
2967 UDP IPv4 (null)
4001 TCP IPv4 Path to\ws_MessageBusService.exe
Can someone tell me what service (if any) should be listening to port 3389 as its NULL for both my connection and security server?
Is there a way to increase the time before the connection times out?
I tried re-installing the view agent in the vm but that didn't solve it
My network admins tell me port 3389 is alllowed between my connection server & my security server
Try allowing 3389 from the Security server to the virtual desktop
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Security Server Firewall
Firewall status:
-
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open
Port Protocol Version Program
-
80 TCP IPv4 PathTo\ws_TunnelService.exe
3389 TCP IPv4 (null)
443 TCP IPv4 PathTo\ws_TunnelService.exe
Network Dept confirmed that RDP port not permitted between the security server and the individual vm's which is probably why its not working using the view client
I started down this track of research because I had "Error Raising Port" error message in my View Connection Server. The View Connection Server is dedicated to the traffic from the Security Server and is NOT configured for Direct Connect.
Adding a rule to the firewall, such that my Security Server can connected to the Virtual Desktops using RDP 3389/TCP solved my problem.
Yet, why the Security Server needs to contact the VMs, while the View Connection server is configured for non-Direct Connect, and all the RDP 3389/TCP flow should be passing from the View Connection Server to the VMs.
Does the Security Server just retrieve some information from the VM, before tunneling the RDP session thru the View Connection Server ?
Regards,
Erik (very puzzled...)
Erik,
The security server, if in use, is the tunnel termination point rather than the connection server. Users tunneling via the security server will need firewall rules permitting communication from security server to desktop VMs. I had a quick look at the 4.0 admin guide and couldn't see an obvious explanation of this, but equally I couldn't see anything that states the connection server is the tunnel termination point in this scenario.
Update: Found the document that you want to take a look at - http://www.vmware.com/pdf/view40_architecture_planning.pdf.
Mike