Knowledge Base

Client-Server Issues

• Failure in one branch: You must isolate which step is failing. The location of the problem is usually clear from the error messages on the client side. For example, the client would display VDM Server connection failed or A secure connection to the VDM Server cannot be established if the client-connection server connectivity leg fails. Another possibility is after the connection server was contacted and list of desktops displayed, but opening a desktop fails. The server-desktop-virtual machine connectivity should be investigated.
  
  
• Incorrect Internet setting on the client computer: If you cannot connect to the server with a Microsoft Windows Client, try to access this server with Microsoft Internet Explorer, using HTTP or HTTPS. If you do not see the login page, apply general troubleshooting techniques to resolve the issue.
  
  
• Inability to resolve DNS name of the connection server: If the login page is shown, and after you enter the valid credentials, you receive an error message about the secure connection unable to start. The most common reason is the client or proxy server is unable to resolve the DNS name of the connection server. When the client successfully authenticates to the connection server, the server directs the client to open a secure connection, If it cannot be resolved by the IP address of the broker computer, the secure connection setup fails. If the browser is configured with an HTTP proxy Web access, the proxy server has to resolve the fully qualified domain name (FQDN). Configure the VDM server to report its externally visible  DNS name or IP address in the external URL setting.
  
  When there are external and internal users who access VDM, and there is no common IP address or domain name, set up two or more identical connection servers and use one group for internal users and the second one for external users. If DMZ deployment with a connection server is used, and external users need to resolve the server's FQDN rather than the server's, so the external URL user interface has no effect.
  
  To override the external URL, do the following:
  
  1. Create the file C:\Program Files\VMware\VMware VDM\Server\sslgateway\conf\locked.properties .
  2. Add the line clientHost=<desired FQDN or IP address> .
     
     If a load balanced setup is used, the initial connection is made to the LB address and a secure connection is made directly to the server.
     
     
• Unknown error generated from client: This message may be generated by many errors caused by the use of non-ASCII characters in various database fields. For more information, see Troubleshooting errors resulting from non-ASCII names (1003866).

Server-Desktop Issues

• Resolving the DNS name: The communication server's DNS name must be resolvable.
  
  
• Agent establishes JMS communication with connection server: The Agent must establish JMS communication with the connection server using FQDN and TCP port 4001. This port can be checked by issuing the command telnet <connection server DNS name> 4001 from the command prompt at the desktop virtual machine. If the connection is established, network connectivity is working. The connection  to port 4001 may have failed because of firewalls on the desktop, connection server, the network infrastructure, DNS address resolution issues, or JMS router not working on the server
  
  
• Connection server and security server establish an RDP connection: The connection server and security server must establish an RDP connection to the desktop virtual machine using its last reported IP address and port 3389. If the security server is deployed in the DMZ, exception rules should be created in the inner firewall to allow RDP connectivity between the security server and all desktop virtual machines. If you bypass the secure connection, the client must establish a direct RDP communication to the desktop virtual machine over RDP (port 3389).
  
  
• Security server establishes a JMS communication with its connection server: The security server must establish a JMS communication with the connection server with which it is associated.. The FQDN of the connection server should be added to the local host's file to support this connection. The security server has to establish a connection over the AJP13 protocol with the connection server using port 8009.

Infrastructure Issues

• Exceeding the maximum number of ports on a virtual network switch in VMware ESX Server: When cloning multiple desktop virtual machines, you could exceed the maximum number of ports on virtual network switch in VMware ESX Server. To increase the number of ports in the Configuration/Networking page for the appropriate ESX Server in the VMware Infrastructure client.
  
  
• Configuration specification for the VC template: In pooled desktops, you need to configure the configuration specification for the VC template using DHCP. In the VMware Infrastructure client, clone one virtual machine manually, make sure it starts and gets the DCHP address correctly.
  
  
• Customizing during the virtual machine cloning: During the cloning of a virtual machine, the customization process can get stuck during the domain join phase. If you see the Windows mini-setup display a message about being unable to set up the network, reboot the virtual machine. It will join the domain without additional errors. If this virtual machine is not correctly joined to the domain, single sign-on will not work, and the user has to authenticate again once the RDP session is established. This issue and the associated recommendation only apply if you are using VC 2.0; VC 2.5 uses a different customization mechanism so this does not apply.