Horizon internet connection error

VMware: Failed to connect to the Horizon Connection Server

I have been seeing this a lot when deploying the Horizon at clients lately. Failed to connect to the Connection Server. This is just straight hitting the VMware broker directly. No UAG or any other items in place. WHAT GIVES?

Please enable JavaScript

Thankfully, this is a pretty simple issue to fix. It’s a well documented fix but does have a variety of symptoms. I end up searching for it all the time so this is my chance to document the one I run into the most.

The scenario I run into the most is when there is a load balancer involved or weird domain networking. Different URLs and other HOST file chicanery.

I always end up on this locked.properties KB article.

The easy fix for all this is to create a locked.properties file with the single line checkOrigin=false place on each broker under:

If you are running Horizon 8 version 2106 or later, check out the post below

In Timeline By Carlo Costanzo

Here’s an OLD error message with an entirely new fix! “Failed to connect to the Connection Server” I have been running into this issue for the past few years and always go to the locked.properties file on the VMware Horizon connection server for the fix. The fix involved adding in a checkOrigin=false line into the […]

Restart all Horizon services and you should be good to go.

Источник

VMware Horizon Client Error Couldn’t Connect to Server

Many organizations are making use of VMware Horizon as the solution to enable a successful, effective, and efficient remote work environment. VMware Horizon is able to connect remote workers to VDI environments and even physical machines. With that being said, issues may arise from time to time where your end-users may not be able to connect to the target machine in their desktop pool, whether virtual or physical. Let’s take a look at VMware Horizon Client Error couldn’t connect to server and see some common troubleshooting steps you may need to take to resolve your connectivity issue.

Know your architecture

In order to troubleshoot Horizon effectively, you need to know your architecture in the Horizon environment. How does traffic flow from the outside to your Horizon desktop? Are UAGs in play, Load Balancers, VIPs, multiple Horizon connection servers? Also, what is the state of the agent on the endpoint machine.

Also, just basic troubleshooting methodologies here, but was the target machine working and then stopped? What has changed, anything? Note the architecture of the below diagrams. In the first image, we have a Horizon Client connecting directly to Horizon Connection Servers.

Below, the Horizon Client first connects to the Unified Access Gateway servers which then connect to Horizon Connection Servers and the Horizon Agent Virtual Desktop. One tip here, if you have UAGs in play, you can still test a connection from the Horizon Client directly to the Horizon Connection Server. This connection should be successful. If you can successfully launch a session when directly connected to your Horizon Connection Server from the Horizon Client, you know the issue is somewhere above the Horizon Connection Server – the UAGs, firewall rules, load balancer, VIPs, etc.

Using that trick can help to shortcut troubleshooting to narrow in on where the connectivity issue exists. If you can’t connect to one Horizon Connection server, try the other Connection Server if you have multiples. If you can connect using one and not the other, this narrows in on a potential issue with a particular Connection Server.

VMware Horizon Client Error Couldn’t Connect to Server

There are a few obvious things to check when users have VMware Horizon Client error couldn’t connect to server. If you have already ruled out the obvious reasons for connectivity issues, such as changing a firewall rule and other clients are connected just fine, you most likely do not have a global issue with the environment. Next, look at the specific Desktop pool > Machines. Note what the status is for the Desktop machine configured for the desktop pool.

If the agent is unreachable, the client will never be able to connect. At that point, you need to figure out why the Horizon Connection server cannot “see” the agent. Is the agent service running? Is the machine down? If the machine exists on a separate network, do you have network level connectivity to the machine in question? Is NAT in play?

Check the status of an agent in the Horizon console

VMware Horizon Agent physical machines

With physical machines, I have had to implement a registry key in some environments for connecting successfully to remote physical workstations. ***Note***. This has been tested with Horizon 7 only and may not be needed with Horizon 8. However, it is worth trying if you are having weird issues not being able to connect to physical workstations with the Horizon agent installed.

Physical machines also do not like to have a user logged into the console and then a connection attempt from Horizon. It will either error or give a message that there are no sessions available.

VMware Horizon Agent Endpoints with NAT translation

The VMware Horizon Agent reports the actual IP address back to the Horizon Connection server that is local to the machine itself. However, what if your connection server does not have a route to that internal network represented by the local IP address? It can cause issues as the Horizon Connection Server attempts to make connection with the private IP reported by the Horizon Agent.

The Horizon Agent reports the discovered IP address of the machine on which it is running to the Connection Server instance. In secure configurations where the Connection Server instance cannot trust the value that Horizon Agent reports, you can override the value provided by Horizon Agent and specify the IP address that the managed machine should be using. If the address of a machine that Horizon Agent reports does not match the defined address, you cannot use Horizon Client to access the machine.

In this case, the vdmadmin command can be a lifesaver. You can use the vdmadmin command with the -A option to override the IP address reported by Horizon Agent. Note the examples given by VMware:

Override the IP address for the machine machine2 in the desktop pool dtpool2.

Display the IP addresses that are defined for the machine machine2 in the desktop pool dtpool2.

Remove the IP addresses that is defined for the machine machine2 in the desktop pool dtpool2.

Remove the IP addresses that are defined for the desktops in the desktop pool dtpool3.

VMware Horizon Agent machine with multiple IP addresses

What about a VMware Horizon Agent machine running multiple IP addresses? The Horizon Agent can report the wrong IP to the Horizon Connection Server. There is a special registry key for this case. Note the VMware KB here:

On the virtual machine on which Horizon Agent is installed, open a command prompt, type regedit.exe and create a registry entry to configure the subnet.For example, in an IPv4 network:

Wrapping Up

If you get VMware Horizon Client Error Couldn’t Connect to Server or another similar error, methodical troubleshooting can help to narrow in on where the issue exists. VMware Horizon relies on many different components to the infrastructure that need to be verified. However, there are a few configuration areas as mentioned that can lead to difficulty connecting to the VMware Horizon Agent virtual or physical machine. Hopefully, these few notes can help any struggling with connectivity issues.

Subscribe to the channel: https://www.youtube.com/channel/UCrxcWtpd1IGHG9RbD_9380A?sub_confirmation=1

My blog:
https://www.virtualizationhowto.com
_____________________________________________________

Social Media:
https://twitter.com/vspinmaster

Introduction — 0:00
How I received the Intel Optane drives — 0:45
What about the end of life of Intel Optane storage? — 1:24
Notice of end of life driving price down — 2:05
Introducing information about Intel Optane — 2:23
NAND uses transistors where Intel Optane doesn’t — 2:46
NAND changes data inefficiently compared to Intel Optane — 3:02
No backend processes needed with Intel Optane data changes — 3:40
Looking at the form factors of the Intel Optane drives — 4:07
Looking at the cable I am using to connect the U.2 drive to the motherboard — 4:42
Other ways to connect M.2 to U.2 — 5:04
Looking at the calbe after installation and U.2 Intel Optane drive mounted — 5:41
Introducing VMware HCIBench benchmarking utility — 6:28
Looking at deploying the HCIGBench OVA appliance — 7:15
Configuring the HCIBench benchmarking parameters — 7:29
Looking at the Easy Run — 8:10
Choosing the benchmarking tool to use — 8:45
Looking at the results of the Intel Optane tests! — 9:30
Talking about my Supermicro Xeon-D vSAN hosts — 9:40
Numbers before Intel Optane — 9:57
With Intel Optane numbers — 10:30
95th percentile write latency — 11:16
Concluding thoughts on Intel Optane and the use case for home lab — 12:20

Is Intel Optane worth it?
https://www.virtualizationhowto.com/2022/12/is-intel-optane-worth-it-awesome-vexpert-opportunity/

NVMe server for vSAN virtual machines:
https://www.virtualizationhowto.com/2022/08/nvme-server-for-vsan-virtual-machines/

My Supermicro home lab:
https://www.virtualizationhowto.com/2020/06/supermicro-vmware-home-lab/» data-video-title=»Best Home Server Storage for virtualization — Intel Optane in VMware vSAN»>

My blog:
https://www.virtualizationhowto.com
_____________________________________________________

Social Media:
https://twitter.com/vspinmaster

Introduction — 0:00
Describing creating virtual machines and tools used — 0:56
Creating Linux virtual machines and running like Docker containers — 1:49
Installing Multipass — 2:23
Downloading Multipass for Windows — 3:02
Describing the virtualization platforms supported with Multipass on Windows — 3:26
Running the Multipass installer — 3:58
Describing the command line options for pulling down VM images and creating new virtual machines — 4:33
Looking at the Multipass command line options — 4:54
Running Multipass list — 5:36
Multipass launch command — 6:15
Launching Hyper-V Manager — 7:09
Connecting to the virtual machine for management and Bash Shell access — 7:44
Running commands inside the Linux virtual machine — 8:10
Talking about tearing down virtual machine environments — 8:23
Stopping and deleting Multipass virtual machine instances — 8:58
Describing how to create custom virtual machine images and configurations — 10:16
Talking about cloud init and cloud config — 10:44
Looking at an example of customizing a virtual machine with Multipass — 10:55
Executing the configuration command — 12:40
Looking at the syntax for using cloud-init — 13:05
Looking at the available appliances in the Multipass catalog and interesting options — 14:01
Concluding thoughts on Multipass and how it can be used — 15:13

Use Terraform to spin up a vSphere Kubernetes automated lab build in 8 minutes:
https://www.virtualizationhowto.com/2021/12/terraform-vsphere-kubernetes-automated-lab-build-in-8-minutes/

Use the Terraform vault provider:
https://www.virtualizationhowto.com/2021/03/using-terraform-vault-provider-with-vmware-vsphere/

Sysprep and VMware Guest Customization with Terraform:
https://www.virtualizationhowto.com/2018/06/sysprep-and-vmware-guest-customization-with-terraform/» data-video-title=»Best Virtual Machine Creation tool to create and run Linux VMs like containers»>

My blog:
https://www.virtualizationhowto.com

Social Media:
https://twitter.com/vspinmaster

Introduction — 0:00
Describing traditional workflow and problem with email — 0:48
Introducing Apprise and Mailrise — 2:03
Overview of the Apprise service and how it works — 2:39
Thinking about the advantages of Apprise — 3:42
What about legacy applications and hardware that only supports SMTP? 4:15
Introducing Mailrise SMTP gateway — 4:42
Legacy devices can SMTP to Mailrise and it translates to modern notification services — 5:30
Simple config for modern notifications in Mailrise — 6:11
Example files for Mailrise notifications — 6:25
Exciting possibilities for home labs — 6:37
Installing Mailrise — 7:30
Copying the mailrise installation command — 7:55
Prerequisite to the install — 8:08
Executing the installation of Mailrise — 8:20
Creating a service file for Mailrise — 8:38
Pasting in service file configuration for Mailrise — 8:54
Creating the Mailrise configuration file — 9:28
Looking at the config file for Mailrise and example config — 9:45
Looking at the configuration for Pushover notifications — 10:22
Discussing the user and application tokens — 10:53
Starting the Mailrise service configuration — 11:37
Talking about testing Mailrise notifications using PowerShell — 11:50
Using send-mailmessage cmdlet to test — 12:20
Talking through the command — 12:35
Added notifications to desktop — 13:38
Running the test of Mailrise notifications to Pushover — 13:56
Wrapping up the testing workflow — 14:20

Apprise Github page:
https://github.com/caronc/apprise

Mailrise Github page:
https://github.com/YoRyan/mailrise

IoT Notification System Push Notifications for Home Lab no SMTP required:
https://www.virtualizationhowto.com/2022/12/iot-notification-system-push-notifications-for-home-lab-no-smtp-required/

My home lab environment:
https://www.virtualizationhowto.com/home-lab/

Supermicro VMware Home Lab:
https://www.virtualizationhowto.com/2020/06/supermicro-vmware-home-lab/» data-video-title=»Best Notification System for Home Servers with Apprise Push Alerts»>

My blog:
https://www.virtualizationhowto.com

Social Media:
https://twitter.com/vspinmaster

Introduction to Docker monitoring — 0:00
Introducing Docker stats command — 0:49
Running the Docker stats command — 1:08
Looking at the Docker stats help and additional parameters — 1:52
Introducing Glances Docker monitoring commandline tool — 3:16
Pulling down the Glances container — 4:08
Looking at the Glances dashboard — 4:45
Looking at Glances container host information for monitoring — 5:02
Information about the running containers — 5:31
Sorting information in Glances — 5:58
Introducing Portainer for Docker monitoring — 6:35
Looking at the Portainer dashboard — 7:15
Containers view in Portainer — 7:49
Portainer Quick Actions and what they do — 8:12
Adding additional Docker hosts in Portainer — 10:12
Introducing Zabbix for monitoring Docker containers — 10:32
Looking at Zabbix dashboards for a Docker host — 11:15
Graphs view in Zabbix — 11:50
Viewing historical data for Docker containers — 12:22
Looking at Zabbix container host monitoring via Linux agent — 12:56
Introducing CheckMK — 13:58
Viewing the CheckMK dashboard — 14:37
Viewing container host performance metrics in CheckMK — 15:01
Viewing the Docker containers information in CheckMK — 16:02
Concluding thoughts and wrapping up monitoring Docker containers — 16:49

Free Docker monitoring solutions that are free and open source:

Install and configure the Portainer remote agent:

Yacht vs. Portainer:

https://www.virtualizationhowto.com/2022/12/yacht-vs-portainer-docker-dashboard-comparison/» data-video-title=»Best Docker Container Monitoring Tools — Free and open source»>

My blog:
https://www.virtualizationhowto.com
_____________________________________________________

Social Media:
https://twitter.com/vspinmaster

Introduction to Windows Subsystem for Linux — 0:00
New Windows Subsystem for Linux WSL2 install process from Microsoft Store — 1:10
Looking at installing it from Microsoft Store 2:09
How can you tell if you have the latest version installed? 2:40
Overwriting installed version with the Store version — 3:14
Supressing the sudo password prompt — 3:54
Adding the command to suppress the sudo prompt — 4:35
Enabling systemd functionality in WSL 2 — 5:10
Editing the file to add systemd to WSL 2 — 5:45
Shutting down WSL after adding systemd — 6:15
Verifying systemd is installed — 6:30
Introducing Ansible — 6:47
Viewing the commands to install Ansible in WSL 2 — 7:10
Entering Kerberos realm — 8:07
Viewing Ansible version command — 8:18
Adding persistent aliases and why you want to do this — 8:32
Creating the file needed for persistent alias in WSL 2 — 8:53
Pasting in the command needed for the alias — 9:20
Testing the alias created — 10:14
Introducing PowerShell and why you can use it — 10:38
Looking at the commands in WSL for installing PowerShell — 11:02
Executing PowerShell in WSL — 12:08
Adding the VMware PowerCLI module — 12:35
Verifying the VMware PowerCLI installation — 13:13
Working with files between WSL and your Windows WSL host — 13:30
Looking at file navigation, browsing, copying, editing between WSL and Windows host — 14:20
Looking at changing to a mounted Windows host directory in WSL — 14:49
Opening a location in WSL 2 in Windows Explorer — 15:27
Installing Kubernetes inside Windows Subsystem for Linux — 16:23
Viewing the command to install Microk8s — 17:05
Issuing microk8s status command — 17:22
Issuing microk8s kubectl commands — 17:38
Installing Minikube in WSL 2 — 18:02
After prerequisites, beginning Minkube installatio — 18:54
Starting the Minkube cluster — 19:36
Viewing Minkube cluster with kubectl — 19:51
Conclueding thoughts on Windows Subsystem for Linux tweaks — 20:00

Windows Subsystem for Linux now GA and how to install it:

Windows Server 2022 WSL 2 support with KB5014021 Windows Update:

https://www.virtualizationhowto.com/2022/05/windows-2022-wsl2-support-with-new-windows-update-kb5014021/» data-video-title=»Windows Subsystem for Linux setup WSL2 Systemd, Ansible, and Kubernetes»>

Источник

Last night I updated my VMware VDI envionrment to VMware Horizon 7.4.0. For the most part the upgrade went smooth, however I discovered an issue (probably unrelated to the upgrade itself, and more so just previously overlooked). When connecting with Google Chrome to  VMware Horizon HTML Access via the UAG (Unified Access Gateway), an error pops up after pressing the button saying “Failed to connected to the connection server”.

The Problem:

This error pops up ONLY when using Chrome, and ONLY when connecting through the UAG. If you use a different browser (Firefox, IE), this issue will not occur. If you connect using Chrome to the connection server itself, this issue will not occur. It took me hours to find out what was causing this as virtually nothing popped up when searching for a solution.

Finally I stumbled across a VMware document that mentions on View Connection Server instances and security servers that reside behind a gateway (such as a UAG, or Access Point), the instance must be aware of the address in which browsers will connect to the gateway for HTML access.

The VMware document is here: https://docs.vmware.com/en/VMware-Horizon-7/7.0/com.vmware.horizon-view.installation.doc/GUID-FE26A9DE-E344-42EC-A1EE-E1389299B793.html

To resolve this:

On the view connection server, create a file called “locked.properties” in “install_directoryVMwareVMware ViewServersslgatewayconf”.

If you have a single UAG/Access Point, populate this file with:

portalHost=view-gateway.example.com

If you have multiple UAG/Access Points, populate the file with:

portalHost.1=view-gateway-1.example.com
portalHost.2=view-gateway-2.example.com

Restart the server

The issue should now be resolved!

On a side note, I also deleted my VMware Unified Access Gateways VMs and deployed the updated version that ship with Horizon 7.4.0. This means I deployed VMware Unified Access Gateway 3.2.0. There was an issue importing the configuration from the export backup I took from the previous version, so I had to configure from scratch (installing certificates, configuring URLs, etc…), be aware of this issue importing configuration.