The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Troubleshooting User Connection issues in Virtual Desktop Manager (1003642)
There are different paths or legs of connection between the client and the desktop virtual machine, and connectivity issues may be caused by failure of any of the connection legs.
- Failure in one branch
Incorrect internet settings on the client computer
Inability to resolve the DNS name of the connection server
Unknown error generated from client
Failure to resolve the DNS name.
Agent cannot establish JMS communication with connection server
Connection server and security server cannot establish an RDP connection
Security server cannot establishe a JMS communication with its connection server
Exceeding the maximum number of ports on a virtual network switch in VMware ESX Server
Configuration specification for the VC template
Customization during the virtual machine cloning
Note: This article is for Virtual Desktop Manager 2.x. For similar issues with View 3.x and later, refer to Cannot connect to a VMware View virtual desktop (1026774).
- Failure in one branch
You must isolate which step is failing. The location of the problem is usually clear from the error messages on the client side. For example, the client may display
VDM Server connection failedor
A secure connection to the VDM Server cannot be establishedif the client-connection server connectivity leg fails. Another possibility is after the connection server was contacted and list of desktops displayed, but opening a desktop fails. The server-desktop-virtual machine connectivity should be investigated.
- Incorrect internet settings on the client computer
If you cannot connect to the server with a Microsoft Windows Client, try to access this server with Microsoft Internet Explorer, using HTTP or HTTPS. If you do not see the login page, apply general troubleshooting techniques to resolve the issue.
- Inability to resolve the DNS name of the connection server
After you enter valid credentials on the login page, you may receive an error message:
The secure connection is unable to start. The most common reason is that the client or proxy server is unable to resolve the DNS name of the connection server. When the client successfully authenticates to the connection server, the server directs the client to open a secure connection. If it cannot be resolved by the IP address of the broker computer, the secure connection setup fails. If the browser is configured with an HTTP proxy Web access, the proxy server has to resolve the fully qualified domain name (FQDN). Configure the VDM server to report its externally visible DNS name or IP address in the external URL setting.
When there are external and internal users who access VDM, and there is no common IP address or domain name, set up two or more identical connection servers and use one group for internal users and the second one for external users. If DMZ deployment with a connection server is used, external users need to be able resolve the server's FQDN.
To override the external URL, do the following
- Create the file
C:\Program Files\VMware\VMware VDM\Server\sslgateway\conf\locked.properties.
- Add the line
clientHost=<desired FQDN or IP address>.
If a load balanced setup is used, the initial connection is made to the load balancing address and a secure connection is made directly to the server.
- Create the file
- Unknown error generated from client
This message may be generated by many errors caused by the use of non-ASCII characters in various database fields. For more information, see Troubleshooting errors resulting from non-ASCII names (1003866).
Server-Desktop IssuesFor successful communication between the server and the desktop virtual machine, the following issues must be avoided:
- Failure to resolve the DNS name
The communication server's DNS name must be resolvable.
- Agent cannot establish JMS communication with connection server
The Agent must establish JMS communication with the connection server using the FQDN and TCP port 4001. This port can be checked by issuing the command
telnet <connection server DNS name> 4001from the command prompt on the desktop virtual machine. If a connection is established, then network connectivity is working. The connection to port 4001 may fail because of firewalls on the desktop or the connection server, the network infrastructure, DNS address resolution issues, or the JMS router not working on the server.
- Connection server and security server cannot establish an RDP connection
The connection server and security server must establish an RDP connection to the desktop virtual machine using its last reported IP address and port 3389. If the security server is deployed in the DMZ, exception rules should be created in the inner firewall to allow RDP connectivity between the security server and all desktop virtual machines. If you bypass the secure connection, the client must establish a direct RDP communication to the desktop virtual machine over RDP (port 3389).
- Security server cannot establish a JMS communication with its connection server
The security server must establish a JMS communication with the connection server with which it is associated.. The FQDN of the connection server should be added to the local hosts file to support this connection. The security server has to establish a connection with the connection server over the AJP13 protocol using port 8009.
- Exceeding the maximum number of ports on a virtual network switch in VMware ESX Server
When cloning multiple desktop virtual machines, you can exceed the maximum number of ports on the virtual network switch in VMware ESX Server. To increase the number of ports, go to the Configuration/Networking page for the ESX Server in the VMware Infrastructure client.
- Configuration specification for the VC template
In pooled desktops, you need to configure the configuration specification for the VC template using DHCP. In the VMware Infrastructure client, clone one virtual machine manually and then make sure it is able to start and get a DCHP address.
- Customization during the virtual machine cloning
During the cloning of a virtual machine, the customization process can get stuck during the domain join phase. If you see the Windows mini-setup display a message about being unable to set up the network, reboot the virtual machine. It will join the domain without additional errors. If this virtual machine is not correctly joined to the domain, single sign-on will not work, and the user must authenticate again once the RDP session is established. This issue and the associated recommendation only apply if you are using VC 2.0. VC 2.5 uses a different customization mechanism so this does not apply.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.