Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Troubleshooting User Connection issues in Virtual Desktop Manager (1003642)

Details

There are different paths or legs of connection between the client and the desktop virtual machine, and connectivity issues may be caused by failure of any of the connection legs.
 
Client-Server Issues
  • Failure in one branch
  • Incorrect internet settings on the client computer
  • Inability to resolve the DNS name of the connection server
  • Unknown error generated from client
Server-Desktop Issues
  • Failure to resolve the DNS name.
  • Agent cannot establish JMS communication with connection server
  • Connection server and security server cannot establish an RDP connection
  • Security server cannot establishe a JMS communication with its connection server
Infrastructure Issues
  • Exceeding the maximum number of ports on a virtual network switch in VMware ESX Server
  • Configuration specification for the VC template
  • Customization during the virtual machine cloning

Note: This article is for Virtual Desktop Manager 2.x. For similar issues with View 3.x and later, refer to Cannot connect to a VMware View virtual desktop (1026774).

Solution

Client-Server Issues

  • Failure in one branch
    You must isolate which step is failing. The location of the problem is usually clear from the error messages on the client side. For example, the client may display VDM Server connection failed or A secure connection to the VDM Server cannot be established if the client-connection server connectivity leg fails. Another possibility is after the connection server was contacted and list of desktops displayed, but opening a desktop fails. The server-desktop-virtual machine connectivity should be investigated.

  • Incorrect internet settings on the client computer
    If you cannot connect to the server with a Microsoft Windows Client, try to access this server with Microsoft Internet Explorer, using HTTP or HTTPS. If you do not see the login page, apply general troubleshooting techniques to resolve the issue.

  • Inability to resolve the DNS name of the connection server
    After you enter valid credentials on the login page, you may receive an error message: The secure connection is unable to start. The most common reason is that the client or proxy server is unable to resolve the DNS name of the connection server. When the client successfully authenticates to the connection server, the server directs the client to open a secure connection. If it cannot be resolved by the IP address of the broker computer, the secure connection setup fails. If the browser is configured with an HTTP proxy Web access, the proxy server has to resolve the fully qualified domain name (FQDN). Configure the VDM server to report its externally visible DNS name or IP address in the external URL setting.

    When there are external and internal users who access VDM, and there is no common IP address or domain name, set up two or more identical connection servers and use one group for internal users and the second one for external users. If DMZ deployment with a connection server is used, external users need to be able resolve the server's FQDN.

    To override the external URL, do the following

     
    1. Create the file C:\Program Files\VMware\VMware VDM\Server\sslgateway\conf\locked.properties .
    2. Add the line clientHost=<desired FQDN or IP address>.

      If a load balanced setup is used, the initial connection is made to the load balancing address and a secure connection is made directly to the server.

  • Unknown error generated from client
    This message may be generated by many errors caused by the use of non-ASCII characters in various database fields. For more information, see Troubleshooting errors resulting from non-ASCII names (1003866).

Server-Desktop Issues

For successful communication between the server and the desktop virtual machine, the following issues must be avoided:
 
  • Failure to resolve the DNS name
    The communication server's DNS name must be resolvable.

  • Agent cannot establish JMS communication with connection server
    The Agent must establish JMS communication with the connection server using the FQDN and TCP port 4001. This port can be checked by issuing the command telnet <connection server DNS name> 4001 from the command prompt on the desktop virtual machine. If a connection is established, then network connectivity is working. The connection to port 4001 may fail because of firewalls on the desktop or the connection server, the network infrastructure, DNS address resolution issues, or the JMS router not working on the server.

  • Connection server and security server cannot establish an RDP connection
    The connection server and security server must establish an RDP connection to the desktop virtual machine using its last reported IP address and port 3389. If the security server is deployed in the DMZ, exception rules should be created in the inner firewall to allow RDP connectivity between the security server and all desktop virtual machines. If you bypass the secure connection, the client must establish a direct RDP communication to the desktop virtual machine over RDP (port 3389).

  • Security server cannot establish a JMS communication with its connection server
    The security server must establish a JMS communication with the connection server with which it is associated.. The FQDN of the connection server should be added to the local hosts file to support this connection. The security server has to establish a connection with the connection server over the AJP13 protocol using port 8009.

Infrastructure Issues

  • Exceeding the maximum number of ports on a virtual network switch in VMware ESX Server
    When cloning multiple desktop virtual machines, you can exceed the maximum number of ports on the virtual network switch in VMware ESX Server. To increase the number of ports, go to the Configuration/Networking page for the ESX Server in the VMware Infrastructure client.

  • Configuration specification for the VC template
    In pooled desktops, you need to configure the configuration specification for the VC template using DHCP. In the VMware Infrastructure client, clone one virtual machine manually and then make sure it is able to start and get a DCHP address.

  • Customization during the virtual machine cloning
    During the cloning of a virtual machine, the customization process can get stuck during the domain join phase. If you see the Windows mini-setup display a message about being unable to set up the network, reboot the virtual machine. It will join the domain without additional errors. If this virtual machine is not correctly joined to the domain, single sign-on will not work, and the user must authenticate again once the RDP session is established. This issue and the associated recommendation only apply if you are using VC 2.0. VC 2.5 uses a different customization mechanism so this does not apply.

Tags

cannot-connect  cannot-connect-vm  client-connection  connection-failure  connect-vm  failed-to-connect  host-connection  network-connection  network-connection-fails  network-connectivity-issues  no-connectivity  view-security-server  test-port-connectivity  view-agent  view-connection-server  view-client  view-networking  unable-to-connect  view-connection-server-unavailable  view-client-connection-issues  verify-connectivity  view-connection-server-configuration

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 12 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 12 Ratings
Actions
KB: