Page tree
Skip to end of metadata
Go to start of metadata


My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions.

Network settings and interfaces

Settings are stored in /etc/systemd/network/ folder, 10-eth0-network.config,  10-eth1-network.config, 10-eth2-network.config files.

UAG Ports

(a little outdated, no SEG component shown, to be renewed)

In UAG 3.7.1 the SEG admin console port is TCP44444 and is only available from localhost itself!

Temporary solutions for troubleshooting:

  • Write a FORWARDING rule using iptables;
  • Open SSH port and use SSH Tunneling:
ssh -L44444: sshuser@<IP address of UAG>

Then use the browser to access to access the console.

Network Troubleshooting in UAG

External links on UAG:

Invoke special command to activate troubleshooting tools:

/etc/vmware/gss-support/ # activate tcpdump and ethtool

/etc/vmware/gss-support/ # deactivate for production usage

Also a packet sniffer can be made with Python, see page on my sniffer for vIDM/Access.

Tcpdump usage for UAG:
tcpdump -i eth0 -n -v tcp port 8443 # scan incoming auth session
tcpdump -i any -n -v port 22443 # scan outgoing Blast session to VDI desktop

External links on tcpdump:

External links on ethtool:


It appears that the new systemd-resolved method in UAG 3.8+ uses .local for multicast DNS exclusively. Fortunately there is a way to fix this issue. Edit /etc/systemd/resolved.conf and uncomment the Domains line and adding in your .local domain there.

See for details.

Admin password

There are two passwords to configure when deploying.

  • root account password
  • admin account password

The root account is the console login account, the admin account is what you need for e.g. the web-based GUI. When you deploy the Access Point/ Unified Access Gateway with the PowerShell script it will mention if the passwords are usable. The admin password is the tricky one, it needs special characters. When you deploy GUI-based it will not tell you if the password is usable, it will deploy.

When you try to logon to the web-based GUI you will not be able to do so. It will say 'Invalid credentials', leaving you wondering. If you deployed GUI-based and you face this issue, open the console, logon with root and reset the password according to the lines below.

echo 'adminPassword=<Password>' > /opt/vmware/gateway/conf/
chown gateway /opt/vmware/gateway/conf/
supervisorctl restart admin

After the restart which the last command orders, the page is available again and you can log on instantly.


HTML Access won’t work through Unified Access Gateway unless you disable Origin Check or configure the Connection Server’s with the Access Point addresses.

Also see 2144768 Accessing the Horizon View Administrator page displays a blank error window in Horizon 7.

Create a file called install_directory\VMware\VMware View\Server\sslgateway\conf\

Enter 1 of 2 lines:


# or a line


where load-balancer-name is the hostname used in the URL by the remote access user. e.g.

Disable Secure Tunnel

By default, internal Horizon Clients connect using Blast or PCoIP to virtual desktops by tunneling through a Horizon Connection Server. It would be more efficient for the internal Horizon Clients to connect directly to the virtual desktops.

  • In View Administrator, on the left, expand View Configuration, and click Servers.
  • On the right, switch to the Connection Servers tab.
  • Click the Connection Server to highlight it, and click Edit.
  • On the General tab, uncheck the boxes next to HTTP(S) Secure Tunnel and the Blast Gateway. Do NOT disable PCoIP Gateway, because PCoIP UDP apparently need to be tunneled in order to get to the destination Horizon Client.

Where PCoIP Secure Gateway address is local Connection Server address.

  • Click OK. Note: if you are using HTML5 Blast internally, then disabling the Blast Secure Gateway will cause HTML5 Blast connections to go directly to the Horizon Agent, and the Agent certificate is probably not trusted.

Load Balancing