My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions.
Client is unable to connect to Tunnel Server
Check Network connection
Check Configuration of Tunnel Server
Check Firewall configuration - rules denying outbound session
- Check Tunnel Server port with telnet/curl
No applications configured
- Add the application to the UEM Console
- Configure the Tunnel.
- Add application details (Example: add chrome and Firefox ) and DTR rules from that added application to Block, Tunnel ,By Pass or Proxy and provide destinations ( like *company-site.com)
- Set default rule action to the Tunnel.
- Create a user VPN profile and publish it to the device.
- Check for application to be whitelisted in DTR, if not then add it with proper spelling/format
- Check the logs for registration status of application
No Traffic Rules configured
- Check for addition of application in Device Traffic Rule configuration in Windows Registry
- Open \HKLM\SOFTWARE\VMware, Inc.\VMware Tunnel
- Open the DeviceTrafficRules file
- Check for the application to be whitelisted
Mutli-Auth. failure or compliance failures
- Device must be whitelisted in Tunnel Configuration in Registry
- Check for Device to be compliant
- Check for validation of certificates
Go to Manage Compute Certificate → Trusted Root Certificate Authorities → Certificate → Check for Tunnel Server Authorized certificate
Whitelisted App's traffic is not getting tunneled
The app's executable may not be the one which is creating the connection.
Turn off the tunnel service, open the app in question and browse to an end-point. Run command netstat -aonb to check what executable is connecting to the end point. If this executable is different than the whitelisted exe then use this exe instead.
Unable to open internal website (in configured domain) from whitelisted application
NRPT may be corrupted. Stop the vmware tunnel service. This should ideally clear all NRPT entries. Now open NRPT- Edit Group Policy → Windows Settings → Name Resolution Policy.
Check if there any entries left, if there are, then delete them.
Browsing experience via whitelisted app seems to be staggered. And unable to access configured domain websites
Turn on Debug logs for tunnel client. It is possible there is an issue with tunnel connectivity. Either tunnel client cannot reach tunnel server (there is an SSL error while trying to connect to server) or there is Multi-Auth Failure/ Whitelist failure for the device in server.