Hi All,
I am new to VDI and this is my first Horizon Deployment.
My setup is that I have two Unified Access Gateways in the DMZ pointing to a back-end Load Balancer in my internal network and then two View Connection Servers behind my back-end Load Balancer. When I connect to a load balanced FQDN sometimes it shows me the thumbprint of my View Connection Server #1 and sometimes it will shows me the thumbprint of my View Connection Server #2. All of them have SSL certificates issued using my internal CA. So my question is which Connection Server URL Thumbprint should I use?
Thanks in advance for any help.
Hi chrischay
You'll need to put both thumbrints of your connection servers in the field "Connection server URL Thumbprint" on the UAG Horizon settings.
Seperate them by comma.
Regards,
Michiel.
Hi Mickeybyte,
I actually did put both thumbprints of my View Connection Serves but the Horizon Destination Server is still showing down (red). I put like sha1=xxxxxxxxxxxxxx,sha1=xxxxxxxxxxxxx.
I know that the load balanced FQDN is working because if I type it on a browser it will just work no problem.
Regards
chrischay
Could you provide a screenshot, cause I don't know what you mean by "the horizon destionation server is still showing down". Where do you see that?
Regards
Try the sha256 one, if there isn't, try sha256= but put the sha1 in. The was an issue at one point that I solved by doing that.
You might want to review Carl Stalhood blog on UAG setup. He goes into detail on the UAG configuration.
Hi Mickebyte,
It is in Unified Access Gateway setting
chrischay
What versions of UAG and Horizon are you using?
The connection serves work fine when connecting to via the LoadBalancer?
What loadbalancer are you using?
What happens if you put one of the connection server addresses in the UAG in stead of the LB address?
Regards.
Hi Mickeybyte,
UAG v3.10, Horizon 7.12
Yes, the connection servers just works fine when connecting via load balancer.
I am using Palo Alto for load balancing.
Everything works fine If I put one of the connection server addresses in the UAG instead of the LB address.
chrischay
So it must be something with the load balancer then. I don't have any experience with the Palo Alto LB I'm afraid.
Did you try both connection server addresses in the UAG and they both work seperately?
Regards.
also, check this site: Troubleshooting Unified Access Gateway Deployment
maybe you can find more info in the logs somewhere.
Regards.
Hi Mickeybyte,
Both connection servers work separately in UAG.
The load balanced address/FQDN just works fine in a browser. Only in UAG it won't work.
If that is the case, is the VIP accessible from the UAG? Run ‘curl -v https://LBvip:443‘ from the UAG.