Page tree
Skip to end of metadata
Go to start of metadata

Disclaimer

My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions.

Network settings and interfaces

Settings are stored in /etc/systemd/network/ folder, 10-eth0-network.config,  10-eth1-network.config, 10-eth2-network.config files.

Network Troubleshooting in UAG

External links on UAG:

Invoke special command to activate troubleshooting tools:

/etc/vmware/gss-support/install.sh # activate tcpdump and ethtool

/etc/vmware/gss-support/uninstall.sh # deactivate for production usage

Also a packet sniffer can be made with Python, see page on my sniffer for vIDM/Access.

External links on tcpdump:

External links on ethtool:

Admin password

There are two passwords to configure when deploying.

  • root account password
  • admin account password

The root account is the console login account, the admin account is what you need for e.g. the web-based GUI. When you deploy the Access Point/ Unified Access Gateway with the PowerShell script it will mention if the passwords are usable. The admin password is the tricky one, it needs special characters. When you deploy GUI-based it will not tell you if the password is usable, it will deploy.

When you try to logon to the web-based GUI you will not be able to do so. It will say 'Invalid credentials', leaving you wondering. If you deployed GUI-based and you face this issue, open the console, logon with root and reset the password according to the lines below.

echo 'adminPassword=<Password>' > /opt/vmware/gateway/conf/firstboot.properties
chown gateway /opt/vmware/gateway/conf/firstboot.properties
supervisorctl restart admin

After the restart which the last command orders, the page is available again and you can log on instantly.

HTML BLAST

HTML Access won’t work through Unified Access Gateway unless you disable Origin Check or configure the Connection Server’s locked.properties with the Access Point addresses.

Also see 2144768 Accessing the Horizon View Administrator page displays a blank error window in Horizon 7.

Create a file called install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties.

Enter 1 of 2 lines:

checkOrigin=false

# or a line

balancedHost=load-balancer-name

where load-balancer-name is the hostname used in the URL by the remote access user. e.g. myvdi.myco.com.

Disable Secure Tunnel

By default, internal Horizon Clients connect using Blast or PCoIP to virtual desktops by tunneling through a Horizon Connection Server. It would be more efficient for the internal Horizon Clients to connect directly to the virtual desktops.

  • In View Administrator, on the left, expand View Configuration, and click Servers.
  • On the right, switch to the Connection Servers tab.
  • Click the Connection Server to highlight it, and click Edit.
  • On the General tab, uncheck the boxes next to HTTP(S) Secure Tunnel and the Blast Gateway. Do NOT disable PCoIP Gateway, because PCoIP UDP apparently need to be tunneled in order to get to the destination Horizon Client.

Where PCoIP Secure Gateway address is local Connection Server address.

  • Click OK. Note: if you are using HTML5 Blast internally, then disabling the Blast Secure Gateway will cause HTML5 Blast connections to go directly to the Horizon Agent, and the Agent certificate is probably not trusted.

Load Balancing

Articles: