Page tree
Skip to end of metadata
Go to start of metadata

Disclaimer

My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions.

Client is unable to connect to Tunnel Server

  • Check Network connection

  • Check DNS

  • Check Configuration of Tunnel Server

  • Check Firewall configuration - rules denying outbound session

  • Check Tunnel Server port with telnet/curl

No applications configured 

  • Add the application to the UEM Console 
    • Configure the Tunnel.
    • Add application details (Example: add chrome and Firefox ) and DTR rules from that added application to Block, Tunnel ,By Pass or Proxy and provide destinations ( like *company-site.com)
    • Set default rule action to the Tunnel.
    • Create a user VPN profile and publish it to the device.
  • Check for application to be whitelisted in DTR, if not then add it with proper spelling/format
  • Check the logs for registration status of application

No Traffic Rules configured

  • Check for addition of application in Device Traffic Rule configuration in Windows Registry
    • Open \HKLM\SOFTWARE\VMware, Inc.\VMware Tunnel
    • Open the DeviceTrafficRules file
    • Check for the application to be whitelisted

Mutli-Auth. failure or compliance failures

  • Device must be whitelisted in Tunnel Configuration in Registry
  • Check for Device to be compliant
  • Check for validation of certificates
    Go to Manage Compute Certificate → Trusted Root Certificate Authorities → Certificate → Check for Tunnel Server Authorized certificate


Whitelisted App's traffic is not getting tunneled

The app's executable may not be the one which is creating the connection.
Turn off the tunnel service, open the app in question and browse to an end-point. Run command netstat -aonb  to check what executable is connecting to the end point. If this executable is different than the whitelisted exe then use this exe instead.  

DO NOT whitelist svchost.exe. This is the common service used for many functions in windows. This may lead to BSOD.

Unable to open internal website (in configured domain) from whitelisted application

NRPT may be corrupted. Stop the vmware tunnel service. This should ideally clear all NRPT entries. Now open NRPT- Edit Group Policy → Windows Settings → Name Resolution Policy.

Check if there any entries left, if there are, then delete them.

Browsing experience via whitelisted app seems to be staggered. And unable to access configured domain websites

Turn on Debug logs for tunnel client. It is possible there is an issue with tunnel connectivity. Either tunnel client cannot reach tunnel server (there is an SSL error while trying to connect to server) or there is Multi-Auth Failure/ Whitelist failure for the device in server.